Assurance

[Emily Eisbruch <>]

Assurance Call of July 8, 2015

Attending

Jacob Farmer, Indiana University

Mohammed Haroun, Columbia

John Leonard, UW Madison

Brett Bieber, University of  Nebraska

Jared Ross, University of Illinois

Eric Goodman, University of California Office of the President

Ann West, Internet2

Nick Roy, Internet2

Paul Caskey, Internet2

David Walker, Internet2

Emily Eisbruch, Internet2, scribe

Discussion

Introductions and Q&A with Paul Caskey and Nick Roy 

 new Internet2 staff members (see the blog) 

Nick Roy, Internet2 Director of Technology and Strategy at InCommon

• Role includes:

  • Maintains integrity of InCommon Identity Federation Service

  • Ensure we can support edugain for interfederation

  • Support Assurance from the Technology sides

  • in the future, supporting the Privacy Lens/Attribute Release/Consent work from the Technology side

• Nick was previously with University of Iowa and then Penn State.

• A few years back, Nick worked with other community  members on the AD Silver Assurance Cookbook.

Paul Caskey, Internet2 Program Manager of Community Trust and Practices

• Paul was previously with University of Texas System

• Helped develop and manage the University of Texas System Identity Federation

• Identity Assurance has been important to Paul for many years

• Paul now  located at the Internet2 / Unizen office in Austin

• Looks forward to working with the community to  help spin up new working groups, including work on interfederation.

• Also responsible for the  InCommon Certificate Service

Ann West comments:

• Internet2/InCommon is fortunate to have Nick and Paul
• Working on global interfederation will bring many opportunities
• Paul, as Trust Manager, will help us connect and access higher value services.

• Ideas: Trust Elevation Gateway, Multi Factor Authentication Gateway, help SPs offer high value services

• The InCommon Federation Participant Operating Practices (POP) needs to be evolved. InCommon TAC Workgroup will look at that issue.

Comment: Great to have people of this caliber joining the InCommon team

MFA Interoperabiity Profile Working Group

wiki space and charter

Ann: Context Setting:

Ann and Paul had a recent discussion with LaChelle LeVan, an architect, replacing Anil John at FICAM.  

FICAM does not have a federation, they are interested in leveraging the InCommon Federation.

The InCommon position is that we need a business driver.

InCommon is looking beyond the Bronze and Silver profiles in term of assurance.

FICAM is interested in the MFA work InCommon is doing.  

Jacob:

• The call for participation in the MFA Interoperability Profile Working Group got an excellent response from the community. Forty people expressed interest in participating.
• Jacob will be adding people who have contacted him to the email list
• Jacob will be developing sub-groups to help chunk the work. Leaders will be needed for the subgroups.  
• Hope for an organizational call for the working group the week of July 20.

Subgroups might roughly follow the deliverables as defined by the working group charter, which are:

1.   Assemble use cases that will motivate the deliverables of this working group
2.   Develop short list of widely deployed MFA technologies that will be in scope for the profile
3.   Define requirements for and draft MFA Interoperability Profile
4.   Develop and recommend scope and plan for adoption

===========

Paul:  At an upcoming call with FICAM, we will work to ensure their input/representation on the MFA Interop Profile working group.

David Walker: Offer to present to the new MFA Interop WG the underlying technical infrastructure used for the Multi Context Broker. 

Jacob: Agreed, that would be very helpful.

Round Robin

Mohammed, Columbia

• Columbia appreciates the answers to questions that they posed on the Assurance list.  In the future, Columbia may have additional questions related to auditing for Silver Assurance. Potential to talk with Virginia Tech on that.
  

Eric, UCOP:

• Wondering about definition of privacy for assurance. What does it mean to be privacy preserving?

• Excited about the MFA work.  UCOP is rolling out an application that needs MFA. Need ways to communicate whether MFA was done and when it was done.  

• Use case where MFA is desired but not required, where another approach is permitted

• David: Time limits for authentication are an interesting use case

[AI] (Jacob) will bring the issue of ForceAuthn to the MFA Interop Profile Working Group.

Ann: Would be helpful to have a conduit/liaison back to the CIC. Perhaps Brett, Jared, John can fill this role. 

***********
For Reference:
InCommon Assurance Wiki: https://spaces.internet2.edu/display/InCAssurance/InCommon+Assurance+Program
InCommon Assurance Website: https://www.incommon.org/assurance/

***********



Emily Eisbruch, Work Group Lead, Trust and Identity
Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749