FICAM Accreditation

DATE and TIME: Friday May 27, 2011, 10AM

CONVENER: Jeff Krug / Bob Morgan

SCRIBE: Jeff Krug

# of ATTENDEES: 5

FICAM grew out of E-Auth and NIST 800-63.

Campuses evaluated against LoA2 in 2005-2006.

Did not really scale up and E-Auth shutdown around 2008/9.

FICAM established out of the ashes of this work.

Trust Framework Provider concept evolved to try and achieve scalability.

- Based on InCommon, Kanterra (evolved from Liberty)

- InCommon submitted documentation about 1 year ago (Aug/Sep 2010), and negotiating acceptance.

- Privacy requirements added to TFP to handle some of the concerns about Facebook/Google IDs.

- User must see all info being sent, and agree to sending all of that info.

- Changed to a set of privacy guidelines to help with issues of scaling to a Federation.

- Provisional Approval soon (based on 1.0 material), once that approval proceeds the 1.1 package will be submitted.

- Does FICAM approval help with interoperability with various government departments (Dept. of Education)?

- Does it have value? Could it be pure bureaucracy or does it have value?

- Incentives to do the right thing.

- Trying to qualify the value. More grants? Easier to submit grants?

- NIH and NSF may at some point have requirements for FICAM approval and IDP certification.

OIX (Open Identity Exchange)

- LoA1 Providers.

- Industry federation modeled after InCommon

- Commercial Providers may support LoA3, but this will have costs.

- Example NIH programs that require LoA3 (Professional Doctors).

Identity Scheme Adoption Process

- SAML, OpenID, PKI, etc...

NSTIC

- NxN connectivity of Identities.

- Good vision.

- Public meeting hosted by Dept. of Commerce.

- How does it fit in with FICAM and will it lead to National Identity system.

- Commercial value in federating to Identity Providers that do much more sophisticated account protection/monitoring.

- None Identified.

Page tree