InC-Student: Notes from 12/12/2008
------------------------------------------------
Andrea Beesing, Cornell
Karen Hanson, UW-Madison
Scotty Logan, Stanford
RL Bob Morgan, Washington
Ken Servis, USC
Bruce Vincent, Stanford
Ann West, Internet/EDUCAUSE (scribe)
Action Items
-----------------
- Charlie will talk to NSC CIO Doug Falk and Meteor Project Manager Tim Cameron as well as independent contractor Tim Bornholtz who's working on the NSC/Stanford Project, will find out more about their plans and report back to the group.
- Jim will work with Tom to develop the requirements (estimated number of attendees, facility needs etc.) for the Registrar/IT Architect meeting at AACRAO Annual or Technology Conferences. If you're interested in participating in the planning or attending the meeting, contact Jim or Tom.
Notes
-------
Updates
National Student Clearinghouse (NSC)/Stanford pilot - Stanford has their test Shibboleth identity provider software running with the temporary attributes needed by NSC. In a separate but related project, Stanford is starting to develop a gap analysis comparing their current practices and NIST level of assurance 2/InCommon Silver Attribute Assertion Profile.
Bob reported that GSA will be creating an umbrella agreement with InCommon that would cover all federal agencies. The result would be that any agency could start offering InC apps without having to go through the contractual process.
Ann presented earlier in the day on the InC Student work at the Federal & Higher Education PKI Coordination Meeting and mentioned our interest in working with PESC on defining the new attributes needed for the NSC pilot. Michael Sessa, Executive Director of PESC, was at the meeting and was very supportive and offered to contact Ann about how we could work together. Later in the meeting, Michael presented on PESC activities and mentioned that a number of financial institutions have dropped their memberships and, because of this, the Board was now underscoring core values in their mission and rehoning their prioirities in these troubled times.
Upcoming Meetings
- AACRAO meetings - tabled until the next call
- Educause session proposals due Feb 17 and Preconference sessions are due Jan 12. Ken S. will be again leading the Registrar CG. The group talked about submitting proposals on outsourcing of services and will continue this conversation on the next call.
Round Robin
- Cornell is reconsidering the outsourcing of student messaging to google/microsoft because of the issues with single sign-on across the web and non-web clients. Shibboleth, for instance, works in the web environment, but not with an IMAP email client like Thunderbird or an iPhone. And IT is unwilling to say that they will only use web-based federated services, given the need for a consistent experience. There has been an interesting discussion on the EDUCAUSE IdM Constituent Group about this very issue. David Bantz from Alaska sent out a rough methodology matrix summarizing the architecture choices on the IdM list.
Bruce asked about the possibility that both OpenID and Federated IdM will be supported by InCommon. Bob mentioned that the UK released a report on OpenID's benefits and risks and were fairly reserve about it. The UK interest isn't around OpenID per se, but the notion that one needs a flexible/integrated identity solution that can span social networking/consumer sites and more formal requirements. In the industry, it's viewed as a user centric/controllable id to which you can attach affiliations for work, personal use, etc. It's a hard problem to solve.
- UWashington/MACE - Bob recently attended a presentation by a number of security professionals regarding the ease to which one can compromise social networking authentication/identity and services. There are lots of security holes that can be exploited, both technically and socially. A cited example entailed an individual setting up a fake ID of a well-known person (with the real person's permission) and having lots of people link and offer services to their fake persona. This isn't new, but it was interesting to note that social networking sites see a lot of these exploit opportunities as features that users can use to tie things together or do unusual things. But what about integrating our enterprise with these sites, given these concerns? There is a growing interest in linking the enterprise with the sites where students hang out electronically.
CAMP - The speakers have almost all been identified and you can review the program at the website. Please send any questions or comments to Ann.
Next Call
------------
January 9, 2009 at 3:00 pm Eastern