InCommon Federation Discussions About Online Student Services

["Mark Scheible" <>]

Rodney,

 

As a followup from the InC-Student meeting where we discussed this survey, are you aware of any practices the federal government uses to identity-proof users remotely (prior to issuing a credential)?  Are there examples of practices that would be acceptable for LoA 2 and 3?  (I believe 4 and above do not allow Remote identity proofing). 

 

Based on my interpretation of NIST SP800-63 the requirements/recommendations for remote ID-Proofing (for LOA 2 and 3) are a Government issued ID AND a financial account.  LOA "2" requires both accounts and vetting data against "either".  LOA "3" requires vetting against BOTH.

 

InC-Student group,

 

At some point over the last year I believe we suggested the InC-Student team review M04-04 and NIST SP800-63 again (I think most of us have read both documents more than once, but not necessarily recently).  Based on my most recent re-read, it's the government's requirement for a financial account for identity proofing/vetting that seems to be the key.  I know we've discussed this previously (that financial accounts seem to be used), but it may be that this becomes a requirement if we want to successfully ID-proof students remotely.

 

The distance ed community might be able to adopt this more easily, as they frequently couple registration with a credit card payment for their services.  Something to discuss further.

 

Thanks so much!

Mark

 

__________________________________

Mark A. Scheible
Manager, Identity and Access Management

OIT - Security & Compliance

North Carolina State University

Campus Box 7209

Raleigh, NC 27695-7209

(919) 513-1650

(919) 604-4013

>>>

From:	Ann West <>
To:	<>
Date:	12/20/2010 9:03 AM
Subject:	[IDM-SC] Remote Proofing Survey: Quest for Good Practice

Good afternoon,

This Fall, InCommon (incommon.org) and AACRAO (aacrao.org) community members conducted a survey of remote proofing practices with the goal of developing a snapshot of current approaches and recommendations for good practice.

This survey was sent to registrar and admissions officers of institutions offering degree programs at a distance. Our reasoning was that awarding academic credentials to the right remote individuals would persuade an institution to ensure their practices were sound and informed.

We're now doing an informal sweep of the IT community, looking for additional thoughts and case studies. In particular, we're searching for institutions that have a good approach to verifying identity and communicating login credentials to prospective, admitted, and registered students at a distance.

If you believe your institution has implemented a good approach to remote identity proofing, please reply to me offline. Once our report is finished, we will of course share this with you.

Many Thanks and Happy Holidays,

Ann

P.S. For more information on the survey, visit https://spaces.internet2.edu/display/InCCollaborate/Establishing+Remote+Student+Identity+-+Survey+Home


--
Ann West, Sr. Program Manager
Internet2/InCommon/Michigan Tech


office: +1.906.487.1726