...
Shannon Roddy reported that he is developing a plan for a security assessment of InCommon and determining what would be in scope. He sees a four-part process: 1) initial assessment, 2) initial remediation, 3) develop cybersecurity framework, 4) implement the framework. All of this is still in early stages. Kim Milford volunteered the REN-ISAC technical advisory group (TAG) for consultation and guidance, if desired.
...
Nick will be going to the GEANT trust and identity meeting in December. New ideas can be submitted/+1’ed at: https://wiki.geant.org/display/gn43tip/New+Idea+Submission
MFA proof of concept with the certificate manager is complete and planning is in process for production.
The first TIER Campus Success Program call took place this week, including campus reports on their status followed by a demonstration of midPoint. Looking to plan a F2F in late January or early February
SIRTFI will show up in the Federation Manager soon for entities to self-assert. Tom Barton and Ann West are working on rollout plan. SIRTFI, R&S and Baseline all in scope.
GDPR assessment from GEANT is complete. Tom Barton posted a link to the report on the participants list
The recent NSF Cyberinfrastructure grant call for proposal includes InCommon participation and R&S as is recommended as part of proposals
David Shafer shared the Baseline Expectations technical implementation document with TAC
Working Group Updates
Attributes for Collaboration and Federation WG - first call following the TechEx F2F meeting, with Brad Christ as new Chair of the Working Group.
Streamlining SP Onboarding WG making progress. Narrowed the scope at TechEx and now on their way
...
Mark Scheible and Janemarie Duh shared a summarysummary of the nominees and thoughts on how to organize the process. The summary sheet includes a tab for criteria, and a table that shows the terms of current TAC members and recommendations for terms for the new members.
...
Recommendation: Consider diversity in a number of ways, including size of organization, diversity of organizations (not all IdP operators), gender, and connections to the research community.
...