Building Identity Trust Federations Conference Call
October 17, 2012
1) In Attendance
- Suresh Balakrishnan (University System of Maryland)
- Oleg Chaikovsky (Aegis)
- Mike Grady (UIUC)
- Michael Hodges (University of Hawaii)
- Ken Klingenstein (Internet2)
- George Laskaris (NJEDge.Net)
- Greg Monaco (Kansas State University)
- John Moore (MCNC)
- Benn Oshrin (Internet2)
- Mark Rank (UW Milwaukee)
- Mark Scheible (MCNC)
- Craig Stephenson (WiscNet)
- Jack Suess (UMBC)
- Bill Thompson (Unicon/Jasig)
- Valerie Vogel (EDUCAUSE)
2) Scalable Privacy: An NSTIC Grant for the Identity Ecosystem (Ken Klingenstein)
- Ken and Jack's NSTIC Presentation (PPT)
- Set of pilot programs (solicited in Feb/Mar and concluded recently – about 180 applications). Solicitation is still available on the website: http://nist.gov/nstic.
- 2 submitted by Internet2 were accepted – multi-factor authentication deployment at several institutions and scalable privacy (building an infrastructure for the identity ecosystem). Asked to combine the two proposals.
- In the end, 5 proposals were accepted. 1 was awarded to Internet2. A second awarded to Criterion Systems (Beltway Defense contractor) around monetization of attributes, but involves Internet2.
- NIST is trying to keep a distinction between the two efforts (pilots and governance).
- Two year grant for $3.4M (second year pending). Emphasis on major infrastructure elements for privacy.
- Key deliverables
- Promotion of two factor authentication
- Schema for common use
- Privacy managers
- Implementing anonymous credentials at scale
- Metadata strategies to support the above
- Significant pilots and testbeds
- Several policy thickets (e.g., adoption of attributes and bundles, anonymous credentials, privacy, and application privacy assessment "marketplace")
- Promotion of multi-factor authentication through wide-scale deployments of different technologies at 3 institutions (MIT, Utah, Texas). Facilitation will also support a cohort of additional schools with their deployments, leveraging the lead school activities.
- "Big Picture" – Working with a graphic artist to tie these pieces together and should have this ready to share later this month. What flows within the big picture – attributes (may be externally asserted, self-asserted, third party asserted) and management of attributes (trust, vetted application info, user consent flows).
- IdP's
- SP's
- Attribute authorities
- Third parties, portals, etc.
- Application auditors
- Federation operators
- The user
- The User and Contexts
- A person operates in one of several contexts when online: as a citizen, as a worker-employee, as a consumer, as a physical entity, and possibly others.
- In managing their privacy, what parts of the user experience should be consistent between contexts and what may be different?
- Primarily "citizen" oriented, but with significant value to many other contexts, including consumer and business.
3) NSTIC Strategy; Current and Future Efforts (Jack Suess)
- Ken and Jack's NSTIC Presentation (PPT)
- NSTIC Strategy Document – General principles
- Privacy enhancing and voluntary
- Secure and resilient
- Solutions must be interoperable
- Cost-effective and easy to use
- August plenary – about 900 participants (some virtually) representing 320 organizations (approx. 1/3 made up of Higher Ed institutions).
- Since August – bylaws must be approved by Nov. 13. Next plenary is Oct. 29-30. Governance TF has met on average 8 hours per week.
- Discussion webinar on Oct. 22 (2-4 pm) that highlights the upcoming bylaws.
- Future efforts – Oct. 29 to Jan. 1, 2013
- Emphasis on creating and approving workgroup charters
- Management committee wants to establish liaisons and communication channels between related workgroups.
- Communication and outreach efforts to the broader community.
- Next election for management council will be February 2013.
- The group does not want to create standards unless that's absolutely necessary.