Wednesday 13th of July 2016 at 14-15 (UTC), 16-17 (CEST), 9-10 (CDT)

Adobe Connect, https://connect.sunet.se/edugain

Chris W
David G
David L
Jim B
Thomas L
Paul C
Wolfgang P
Mikael L

Notes

  • Introductions
    • David G, Wolfgng P and Mikael L can use AARC funding for the work 
  • Working group terms
    • agreed on the terms 
  • discussion on the approach
    • AARC – minimal LoA requirements for low-risk research
      • comments received indicated more detail needed for an assurance profile
    • InCommon – Baseline expectations for trust
      • evolution based on InCommon POP (more structure, more specific on contents, possibilities to enforce)
      • keep still basic, simple and self-asserted
      • currently in community consultation 
    • IGTF – BIRCH

      • cleaned from technology bits (X.509)

      • splits off various elements of assurance: vetting, credential management, etc 

      • in terms of 'old' NIST level inbetween 1 and 2, with less emphasis on external audits

      • meets the requirements from some of the larger cross-national e-Infras (EGI, PRACE, WLCG, OSG & XSEDE)

      • Jim proposes to have the community (OSG) help evaluate IdPs against this level [Jim to add here ...], including at least the DoE natl. labs.

    • NIST 800-63 approach

  • deliverables – what, when
    • minimal and differentiated assurance profiles 
    • REFEDS WG timeframe is 12 months, AARC needs to deliver in March/April
  • Next steps
    • Mikael to create and others to contribute to a Google doc with vectors:
      1. identity – re-assign of Identifiers (yes/no)
      2. identity proofing – (self-asserted/.../BIRCH)
      3. authentication (password/password with certain entrophy/2FA/HSM...)
      4. ePAaffiliation freshness on departure (no quarantee/x months latancy/...)
  • next vc 
    • Mikael to prepare doodle for Aug/Sep  
    • current timeslot was found best compromise for people in Europe/US
  • No labels