Building Identity Trust Federations Conference Call
May 19, 2010
Michael Hodges, U of HI
Denise Atkinson, COSN
Keith Kruger, COSN
Joseph Giroux, California Community Colleges
Keith Hazelton, University of Wisconsin-Milwaukee
Todd Piket, University of Minnesota State Colleges & Universities
Brad Schwoerer, University of Wisconsin-Madison
Garret Sern, EDUCAUSE
Craig Stevenson, WiscNet
David Walker, UC Davis
Dean Woodbeck, Internet2/InCommon
George Laskaris, NJEDGE.Net (Co-Chair)
Rodney Petersen, EDUCAUSE (Presenter)
Sujay Daniel, NJEDGE.Net
Renee Frost, Internet2
Mark Rank, U of Wisconsin-Milwaukee
Mark Scheible, North Carolina State University
Garret Sern, EDUCAUSE
Steve Thorpe, MCNC
John Toomey, North Carolina
Ann West, Internet2
Rodney Petersen Presentation
EDUCAUSE Identity and Access Management (IAM) Working Group (formerly PKI and Net@EDU PKI/IDM steering committee)
- While having similar goals, the IAM group is seeking to avoid overlap with InCommon and Internet2 middleware initiatives.
- Notes technology has evolved; for instance, while there is still a role for PKI, EDUCAUSE won't be focusing on such a narrow band of technology, nor doing HEBCA, either.
- Instead, IAM will focus on EDUCAUSE's strength of bringing together the right people and focusing on policies and processes.
- EDUCAUSE will not replicate I2's research and development. However, we will focus on policy and outreach due to our broad reach.
- IAM Ecosystem - some overlap okay; coordination and communication is the key; duplication is to be avoided,
Campus and Higher Ed Stakeholders the IAM will engage:
- University systems
- Boards and campus exec's
- IT Departments
- Student affairs/student services
- Administrative affairs/risk managers
- Alumni & development
- Academic and research affairs
- Audit and general counsel
- Partner audiences
- Federal government
- Technology industry
- Service and resource providers
- Open source projects international partners
Functions~Strategic Goals of EDUCAUSE IAM WG
- Ensure close alignment with EDUCAUSE-I2 Higher Education Security Council.
- Awareness and advocacy - in-reach: IT people (CIO, database administrators,); conference presentations, publications, monthly webinars.
- Outreach and coordination - other campus stakeholders, especially those that don't attend I2 and EDUCAUSE events. (university systems, student affairs, alumni development, general counsel)
- Partnerships and collaboration - professional associations; e.g., NACUBO, ACUA, and URMIA
- Implementation and training - crafting "how to" resources and case studies.
- Convening seminars and workshops; for instance we convened a seminar at last fall's EDUCAUSE conference & looking at regional conferences as well.
- Looking at crafting on-line material as well (e.g. How to Do IDM Roadmap)
Questions/Comments from Call Participants
Q1. Has the InCommon certificate service starting?
A. Hasn't been released yet, but goal is for a flat fee associated with Carnegie class. Initial stage focused on SSL Cert. Once you have the domain, you can designate how they are distributed.
- Check www.incommon.edu/cert
- Need to be part of Incommon in order to participate.
- Heavy volunteer involvement
IAM Coordination with Federal Initiatives
Rodney provided some background on the White House's National Strategy for Secure Online Transactions:
National Strategy for Secure Online Transactions
Source of this effort called in White House Cyberspace Policy Review (May 2009), requested by President Obama in his first six months in office.
"The Federal government-in collaboration with industry and the civil liberties and privacy communities- should build a cyber security-based identity management vision and strategy for the Nation that considers and Array of approaches, including privacy-enhancing technologies. The Federal government must interact with citizens through a myriad of information, services, and benefit programs and thus has an interest in the protection of the public's private information as well." 3
Next goal will be a public document in response, which will include NPRMs. Final strategy expected by September.
What are the essential characteristics of Secure Online Transactions?
- Solutions will be secure and resilient
- Solutions will be interoperable
- Solutions will be voluntary and privacy enhancing for the general public
- Solutions will be cost-effective and easy to use
Vision Statement - Individuals and organizations experience simple, convenient, and secure access to online services in a manner that provides privacy, confidence, and choice.
- Identity Provider
- Credential Provider
- Attribute Provider
- Relying Party
- Private Sector
Over thirty recommendations!!!
Goal 1: Enhance the security of online transactions through development of a common, comprehensive trust framework.
Goal 2: Build and implement interoperable infrastructure aligned with the common trust framework.
Goal 3: Enhance confidence and willingness to participate in online services.
Goal 4: Coordinate and lead national and efforts to drive innovation, interoperability, and trust.
- Define risk model and risk assessment procedures to identify required security controls
- Develop suite of standards to provide policy, technical, and semantic interoperability across implementations
- Establish standards conformance assessment process
- Establish legislation to enact identity ecosystem governance
- Enact contract models that define trust and participant roles
- Establish identity ecosystem insurance models
- Develop an identity ecosystem trustmark scheme to inform individuals and organizations of provider viability
- Leverage Federal acquisition and grant programs to implement the trustmark scheme across the public and private sector
- Fund and participate in public/private pilots that facilitate the development of the identity ecosystem
- Extend existing Federal pilots to higher levels of assurance and broaden adoption of existing trust relationships
- Deploy Federal services that align with the identity ecosystem
- Expedite deployment of high value security technologies and processes
- Develop legislative proposals to incentivize development and adoption of identity ecosystem infrastructure
- Update federal acquisition language to require adoption of identity ecosystem
- Establish an identity ecosystem grant program
A new grant program office will be established within the Department of Homeland Security (DHS). This grant program office will provide funding to State governments to develop interoperable, robust, and privacy-enhancing state-issued credentials that citizens can utilize to authenticate themselves during online transactions. These state-issued credentials will be voluntary, based on open standards, and will be made available for use by various relying parties, including the Federal government.
State CIOs had a workshop on this issue a couple weeks ago.
There may be a grant opportunity for pilot projects.
We notice there is a gap here on K-12, while expanding in higher ed. Will this initiative help address that gap on other populations?
Issue of who will be identity providers in the future is an issue that needs to be addressed. Some are looking at state governments; some countries are looking at their banks.
Extend commercial integration with the Federal Bridge
Develop support materials to facilitate implementation of the identity ecosystem
Develop legislative proposals to implement the FIPPs[1|#_ftn1], formalizing privacy protection in the identity ecosystem
Develop privacy best practices
Building Identity Trust Federations Develop and execute awareness campaign
Develop a transaction security and privacy curriculum
Promote identity ecosystem trustmark scheme to enable individual informed decisions
Provide education and training materials to all levels of government
Create extension offices that support organizations in aligning with the identity ecosystem
Develop relying party integration toolkits
Build, implement, and adopt a professional certification program
Set Federal budget priorities accelerated through revised Presidential Directives
Establish National Program Office charged with the mission of achieving the vision
Designate or create a public/private advisory group to support shared responsibilities in the deployment of the identity ecosystem
Transparently report public/private sector progress in achieving each goal and objective
Build a focused strategy to support the development of international identity ecosystem standards
Dedicate Federal resources to participate in national and international forums related to identity ecosystem
Provide test and evaluation capabilities to identity ecosystem participants
Appoint a single R&D focal point in the Federal Government to lead the identity ecosystem R&D agenda
Establish readily available licensing vehicles of R&D outputs to the public/private sector
Align identity ecosystem R&D Activities to 'Game Changing' strategy
Establish standards conformance assessment process
Establish standards conformance assessment process
The draft for public comment is expected in early June, with the final strategy document expected in September.
Questions/Comments from Call Participants
1. Are there any other areas where this group can assist with these endeavors?
A. Collaborative efforts - outreach to colleagues and comparing notes.
Expect that there is a lot of education and awareness needed on the state level.
2. Has this moved up in the NC state hierarchy?
A. There has been some on and off interest, but right now there appears not to be enough resources to dedicate.
- Colorado has begun this discussion, but we will follow-up once we have info. State CIO is the chair for this group.
- In regards to Student Unit Records this activity was squashed under the Bush administration. However, under the new administration, this issue has moved down into the K-12 arena. This raises questions about credentials and on-line access.
- This has come up in discussions in this group before and is one of the applications we're looking at NC Trust for the Office of Public Instructions.
- Rodney recommends checking out the Post-Elementary Standards Council. (www.pesc.org)
- Another good resource is the Schools Interoperability Framework (www.sifinfo.org), a consortium of k-20 stakeholders to coordinate on longitudinal data systems which is being funded also by the Melinda and Bill Gates Foundation.
- As part of the working group's agenda we try to use it as a sounding board for input on policy issues.
- Conceptually, we're interested in working with EDUCAUSE and StateNets on this issue
- Noted collaborative compendium article from three years ago, crafted by Shaun Abshere of WiscNet.
- We're talking more and more about managed/shared services and this is essential to make this work. We're seeing new legislation in CO, prompted by "Race to the Top".
- Interested in educational deliverables. Also, we need a vision where we want to be in 3-5 years. Would like something to share with our membership.
- Can provide a convening place for these discussions.
- Once the value proposition in the various communities are ready to address some of the technical requirements, a variety of experts would be happy to help out.
- Working in partnership with the K-12 community essential to make sense on what is the value proposition for that community. We're here as a "consultant" role.
- The meeting will highlight the advances in North Carolina.
[1|#_ftnref] See Appendix C for additional information on the Fair Information Practice Principles.