InC-Student: Notes from 1/15/2010
-------------------
Attending
Andrea Beesing, Cornell University
Karen Hanson, University of Wisconsin-Madison
Keith Hazelton, University of Wisconsin-Madison
Mark McConahay, Indiana University
Mark Scheible, North Carolina State University
Renee Shuey, Penn State University
Ann West, Internet2/EDUCAUSE
Dean Woodbeck, Internet2 (scribe)
-------------------
Action Items
Mark M. and Mark S. will develop a first draft of a scoping document for the process of developing a grid or table (perhaps similar to the password entropy spreadsheet) that would help users navigate a list of categories. These categories are part of the draft LoA spreadsheet and related to the level of assurance for offering various services to students at different places in the student lifecycle.
-------------------
EDUCAUSE
A proposal for the EDUCAUSE annual meeting is pending.
-------------------
Level of Assurance Grid
Mark revised the grid, based on the notes from last time, mainly clarifying items that belong under the columns "vetting" and "identity proofing." He also looked at the Student Services Grid spreadsheet that Renee used for her work at Penn State.
The latest revision of the LoA grid is here:https://spaces.at.internet2.edu/download/attachments/5259/LoA-Grid+-+Draft-1-15-10.xlsx?version=1
There was a general discussion about the next step for the grid to make it useful, particularly in terms of combining the student lifecycle information with the vetting and identity proofing information and associated credential delivery requirements.
The consensus was to try to develop filters for the spreadsheet, or some other method, to help people easily navigate the grid and come up with an answer. This might be similar to NIST/InCommon password entropy spreadsheet:https://spaces.at.internet2.edu/download/attachments/2379/InCommon_NIST_Password_Entropy.xls
Or it may take the form of some method for having users answer a series of questions that become more and more specific, until they arrive at an answer. This method could also deliver the appropriate level of assurance for the user's particular query.
This will mean further developing the spreadsheet with, perhaps, additional rows with more specific information and accounting for various combinations or permutations of the columns. It may help to think of this as a multi-dimensional table, as opposed to a grid.
The next step would be to further develop the content of the grid, based on the current version and on the Penn State student lifecycle information, and also to add information about common credential delivery systems, authentication mechanisms and the like.
It would also be useful if this table could take into account the risk tolerance of the institution. So, your answer might include not just a level of assurance, for example, but also an assessment of whether the risk is low, medium or high. Or, you might come at it from the opposite direction and specify the minimum identity proofing practice, for example, that is required for an institution to enable a service.
There was also a suggestion that each column in the table might have a drop-down menu - the items chosen from the drop-downs would help the user determine the thresholds needed to provide various services. So, the user specifies their authentication mechanism, their credential delivery mechanism, the identity proofing method, etc., to see where they stand now and where they need to go to get to a specific LoA. The weakest link in this chain of responses will determine the existing LoA.
The suggestion was to put aside the spreadsheet for now and develop a scoping document for this suggested plan of action. This scoping document would help to communicate this proposed process to a larger group. Mark M. and Mark S. will develop a first draft of such a document. There will be a short call on January 22 to see where things are, review the categories that are important to develop, and to provide feedback to the Marks.
Next Call - Friday, January 22, 2010 - 4 p.m. EST / 3 p.m. CST / 1 p.m. PST