Minutes: Nat'l K-12 Federated IAM Task Force Call of 19-Feb-2014
Attending
Steve Olshansky, Internet Society
Jim Siegl, Fairfax County Schools
Lee Cummings, retired from Rockingham County Schools, NC
Violeta Curlic, DC Government
Stephan Papadopulos, DC Government
Mark Scheible, MCNC
Mike Danahy, Educational Service Unit 2, Fremont, Nebraska
Gary Needham, NOC Director at Educational Service Unit #9 in Nebraska
Scott Isaacson, Educational Service Unit Coordinating Council, Nebraska
Emily Eisbruch Internet2, scribe
Action Items
[AI] (Jim) will share graphic that illustrates issues around identity and data exchange with Google
DISCUSSION
Data protection FAQ development
https://spaces.at.internet2.edu/display/K12FedIAMTF/Home
Jim discussed the CoSN initiative to develop a student data privacy toolkit. This work is being done in connection with the Berkman Institute for Internet and Society at Harvard. Bob Moore and Jim Siegl are co-chairs and there is a representative from SIIA on the advisory group. Jim stated that the CoSN student data privacy toolkit will most likely include some annotated contracts. There is a law student from the Harvard Law Clinic who is helping with this.
Keith Krueger had also talked about the CoSN student data privacy toolkit on last month's call and how that effort and the Data protection FAQ effort of this working group might complement each other.
Q: SteveO: the COSN student data privacy toolkit will be of interest beyond K12, correct?
A: Jim: yes, other than parental permission and some of the COPPA matters, the advice will have relevance to K20 and beyond
Issues around Cloud Computing
A lot of schools use Google as IDP and as a way to connect to multiple apps. Issues include lack of centralized control over attribute release (such as is available with SAML).
Jim: One approach is to invest in a product from CloudLock. CloudLock has an application firewall that lets you choose for what applications it is permitted to use the Google credentials to connect to an SP.http://www.cloudlock.com/about/press-releases/cloudlock-celebrates-one-year-securing-google-apps/
Jim: there has been a known bug in Google from a federated standpoint for using it as an OpenID provider. The checkbox for turning it off does not always work depending on the way OpenID is implemented.
SteveO: do students control attribute release with Google?
Jim: yes, if you add an app, there is some attribute release process via OAuth 2. It is overreaching beyond traditional federated identity. A student can say yes and not understand what private info is being released. It is take it or leave it, there is not a granular choice of what to release.
[AI] (Jim) will share his graphic that illustrates issues around identity and data exchange with Google
In Virginia, there are new laws being proposed about cloud computing in schools. Further, there are issues around SIPA compliance and filtering. Certificate sites are moving to mandatory SSL. School districts must implement SSL interception to be compliant with requirements to filter. Nebraska and Virginia are grappling with this
There is complexity as districts are pushing BYOD. What are the legal implications of pushing a certificate onto a student's own device?
Jim noted that Microsoft is piloting domain level IP Range masking that could be helpful. This is in Beta testing. Jim also noted that for Chromebooks, there are some good cloud based filtering tools.
Quilt InCommon Federation Workshop Meeting of Feb. 2014
Quilt InCommon Federation Workshop, notes and presentations are available: https://spaces.at.internet2.edu/display/InCQuiltFed/2014+Quilt+InCommon+Federation+Workshop
MarkS reported that the Quilt InCommon Federation Workshop was very positive.
The presentations of the existing pilots provided good info to the regionals thinking of moving forward and spinning up a pilot.
The work that MCNC did with InCommon on federation business models was well received. See http://tinyurl.com/ky2r5wl
Scott commented: It was our first time attending the workshop. It was a great experience; there was much value to being able to meet everyone in person.
Good to engage in some side conversations in more depth than on conference calls.
Internet 2 Global Summit, April 2014 in Denver
There will be an Quilt InCommon Pilots BOF at the Internet2 Global Summit on
Thursday April 10 at 7:30am.
Also, there will be a program session on "Federation and Cloud Services for the K12 Community" on Tues. April 8.
See http://events.internet2.edu/2014/global-summit/program.cfm?go=session&id=10003220&event=1241
CoSN Conference
At the COSN Conference in DC March 19-22, 2014http://cosnconference.org/
Jim Siegl, Bernie A'cs and Mike Danahy will be presenting on "Federated Identity and Access Management for Cloud Services" ,
Thursday March 20
9:15 AM - 9:45 AM
Next call: 3:00 PM EDT Wed. 19-March (3rd Wed.)