Action Items:

 1. By July 31, Tom get someone from InCommon to submit proposal to REFEDS for security contact in metadata.

 2. Sometime fairly soon after that, Leif prepare proposal to REFEDS for an entity attribute that signifies adoption of the Sirtfi trust framework.

3. By July 3rd, get security leads at "test orgs" on board to help us bake several things (further below):

        • Leif get >= 1 SUnet IdP org

        • Tom ditto InCommon

        • DavidG ditto SurfNet

        • Romain: CERN from both SP and IdP perspectives

        • Jim: CILogon and LIGO from SP perspective

        • Tom check with Steve Carmody about Library vendor contacts, maybe get one of the

4. By early July, Tom prepare materials for the test orgs identified in #3, to include:

        • the Sirtfi trust framework doc

        • some brief version of our approach to work

        • ask feedback on framework doc and approach, especially when it comes to IdPs proactively notifying interested SPs of pertinent account compromises

        • brief description of potential Confyrm pilot, would they participate.

5. Licia will consult with Romain to determine which of them will present on the Sirtfi work at Research Data Alliance conference Sep 23-25 in Paris.

6. (uncertain date) Leif to build a tool to parse IdP logs to determine which accounts have accessed which SPs, and while we're wishing for stuff, also filter by SPs that have registered interest in being notified about account compromises. Using AARC funding and any others. Could be we'd tackle this in conjunction with a Confyrm pilot, but would be needed regardless of the mechanism to convey notifications related to account compromise, or to register to receive them.