FICAM Accreditation
DATE and TIME: Friday May 27, 2011, 10AM
CONVENER: Jeff Krug / Bob Morgan
SCRIBE: Jeff Krug
# of ATTENDEES: 5
MAIN ISSUES DISCUSSED
FICAM grew out of E-Auth and NIST 800-63.
Campuses evaluated against LoA2 in 2005-2006.
Did not really scale up and E-Auth shutdown around 2008/9.
FICAM established out of the ashes of this work.
Trust Framework Provider concept evolved to try and achieve scalability.
- Based on InCommon, Kanterra (evolved from Liberty)
- InCommon submitted documentation about 1 year ago (Aug/Sep 2010), and negotiating acceptance.
- Privacy requirements added to TFP to handle some of the concerns about Facebook/Google IDs.
- User must see all info being sent, and agree to sending all of that info.
- Changed to a set of privacy guidelines to help with issues of scaling to a Federation.
- Provisional Approval soon (based on 1.0 material), once that approval proceeds the 1.1 package will be submitted.
- Does FICAM approval help with interoperability with various government departments (Dept. of Education)?
- Does it have value? Could it be pure bureaucracy or does it have value?
- Incentives to do the right thing.
- Trying to qualify the value. More grants? Easier to submit grants?
- NIH and NSF may at some point have requirements for FICAM approval and IDP certification.
OIX (Open Identity Exchange)
- LoA1 Providers.
- Industry federation modeled after InCommon
- Commercial Providers may support LoA3, but this will have costs.
- Example NIH programs that require LoA3 (Professional Doctors).
Identity Scheme Adoption Process
- SAML, OpenID, PKI, etc...
NSTIC
- NxN connectivity of Identities.
- Good vision.
- Public meeting hosted by Dept. of Commerce.
- How does it fit in with FICAM and will it lead to National Identity system.
- Commercial value in federating to Identity Providers that do much more sophisticated account protection/monitoring.
ACTIVITIES GOING FORWARD / NEXT STEPS
- None Identified.