Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Incommon Baseline Expectations Program: Ongoing processes to improve metadata quality and other aspects of Federation Operations. 75% of Incommon Members fully meet the baseline expectations on metadata quality. The deadline to meet the requirements is December 14th.
  • REFEDS: Completed a the work on Assurance framework, including single-factor authentication (SFA) and multifactor authentication (MFA) profiles. Also, they have defined two assurance profiles called Cappuccino and Espresso. Cappuccino applied together with the SFA authentication profile match the AARC project’s requirements for low-risk research and Espresso together with the third specification, REFEDS MFA, are aimed to serve research use cases with stronger assurance needs. The specification make use of existing frameworks, such as NIST 800-63b, Kantara Identity assurance framework and eIDAS.
  • SIRTIFI  is still active.
  • Trusted CI, National Science Foundation Cybersecurity Centre of Excellence.  Workshop : Another area of collaboration. In a recent workshop it was discussed the increasing amount of secured data which researchers need to do the work. Meet The security requirements in the field meet NIST 800-171, which is a good baseline what kind of security obligations for research and education in the US. It Also. it Profiles 800-63 at a certain level.

...

 


Kantara IAWG report Report provided by Scott Shorter and Colin Wallis

 

...


  • IAWG has updated the Service Assessment Criteria in response to the memos that were issued in the summer

...

  • . The memos included a recommendation that when the CSP

...

  • is approved there be some way in addition to the LoA to  share

...

  • information about the specific mode of identity proofing that is used

...

 

Jim Jeere, OMB GSA is awating as well.

Perhaps try to bing together a industry day, like we did in WDC in 2015. Trying to find an opportunity to get infudtry discussing. F2f TFS Sync that we did 3 years ago.

 

  • Colin commented that Jim Sheire said is trying to coordinate an Industry Day like it was held in WDC in January 2015. 


SAFE-BioPharma report Report provided by Matt King

 


  • During the Policy Authority Meeting for

...

  • Federal PKI it was commented that they adopted some minor changes around

...

  • 800-63

...

  • -3 requirements and it was clarified that

...

  • unsupervised remote identity proofing

...

  • is not allowed. There were no comments on OMB

...

  • .

...

  •  

...

  • During the discussions about the Federal PKI Program Matt had with LaChelle

...

  • , it was stressed that they need clear use

...

  • and business cases

...

  • to show the value to the government of using commercially available federated credentials to access government applications.

...

  •  

...

  • Matt encouraged to consider situations and government agencies that are actively using certified credential from a credential provider

...

  • and that it would be beneficial to explore that further and present

...

  • it as use case

...

  • so we can build a value proposition.

...

 

...

  • He added that it would be good to coordinate this effort in order to have better impact on the

...

  • message to the government.

...

  •  
  • Andrew

...

  • suggested to create a

...

  • User Work Group or social group for the customers of our providers, offer them a forum to meet once a quarter to discuss issues and find common cause that may show industry adoption.

...

 

  • Matt

...

  • supported the concept

...

  • and suggested to define that further.

...

  •  
  • Matt commented that we should show to the federal government that insurance banking

...

  • and state governments are looking at

...

  • our certification as requirements

...

 

...

  • .
  • Andrew said that if State and/or industries have made TFS Approval a procurement minimum requirement

...

  • they will be not pleased if this approval is eliminated

...

  • .

 

 

 

  • Matt suggested to develop the justification based on the feedback we can get

...

  • from our CSPs. Therefore,

...

  • he recommended that TFPs reach out the issuers (approved providers) and ID proofers that have been certified and ask them

...

  • if the RFPs to which

...

  • they responded include 800-63-3 as a requirement

...

  • , and if so, ask them if we can we get a copy of that RFP

...

  • .


Action items

  • Build together a value proposition.
  • Discuss and define the scope of the potential User Work Group.
  • Reach out the CSPs to confirm 800-63-3 is included as a requirement on the RFPs.