May 19, 2010
In attendance:
Michael Hodges, U of HI
Denise Atkinson, COSN
Keith Kruger, COSN
Joseph Giroux, California Community Colleges
Keith Hazelton, University of Wisconsin-Milwaukee
Todd Piket, University of Minnesota State Colleges & Universities
Brad Schwoerer, University of Wisconsin-Madison
Garret Sern, EDUCAUSE
Craig Stevenson, WiscNet
David Walker, UC Davis
Dean Woodbeck, Internet2/InCommon
George Laskaris, NJEDGE.Net (Co-Chair)
Rodney Petersen, EDUCAUSE (Presenter)
Sujay Daniel, NJEDGE.Net
Renee Frost, Internet2
Mark Rank, U of Wisconsin-Milwaukee
Mark Scheible, North Carolina State University
Garret Sern, EDUCAUSE
Steve Thorpe, MCNC
John Toomey, North Carolina
Ann West, Internet2
Rodney Petersen Presentation
EDUCAUSE Identity and Access Management (IAM) Working Group (formerly PKI and Net@EDU PKI/IDM steering committee)
Campus and Higher Ed Stakeholders the IAM will engage:
Functions~Strategic Goals of EDUCAUSE IAM WG
Questions/Comments from Call Participants
Q1. Has the InCommon certificate service starting?
A. Hasn't been released yet, but goal is for a flat fee associated with Carnegie class. Initial stage focused on SSL Cert. Once you have the domain, you can designate how they are distributed.
IAM Coordination with Federal Initiatives
Rodney provided some background on the White House's National Strategy for Secure Online Transactions:
National Strategy for Secure Online Transactions
Source of this effort called in White House Cyberspace Policy Review (May 2009), requested by President Obama in his first six months in office.
"The Federal government-in collaboration with industry and the civil liberties and privacy communities- should build a cyber security-based identity management vision and strategy for the Nation that considers and Array of approaches, including privacy-enhancing technologies. The Federal government must interact with citizens through a myriad of information, services, and benefit programs and thus has an interest in the protection of the public's private information as well." 3
Next goal will be a public document in response, which will include NPRMs. Final strategy expected by September.
What are the essential characteristics of Secure Online Transactions?
Guiding Principles:
Vision Statement - Individuals and organizations experience simple, convenient, and secure access to online services in a manner that provides privacy, confidence, and choice.
Identity Ecosystem
Value Proposition
Over thirty recommendations!!!
Goals
Goal 1: Enhance the security of online transactions through development of a common, comprehensive trust framework.
Goal 2: Build and implement interoperable infrastructure aligned with the common trust framework.
Goal 3: Enhance confidence and willingness to participate in online services.
Goal 4: Coordinate and lead national and efforts to drive innovation, interoperability, and trust.
Recommendations:
State CIOs had a workshop on this issue a couple weeks ago.
There may be a grant opportunity for pilot projects.
We notice there is a gap here on K-12, while expanding in higher ed. Will this initiative help address that gap on other populations?
Issue of who will be identity providers in the future is an issue that needs to be addressed. Some are looking at state governments; some countries are looking at their banks.
Extend commercial integration with the Federal Bridge
Develop support materials to facilitate implementation of the identity ecosystem
Develop legislative proposals to implement the FIPPs[1|#_ftn1], formalizing privacy protection in the identity ecosystem
Develop privacy best practices
Building Identity Trust Federations Develop and execute awareness campaign
Develop a transaction security and privacy curriculum
Promote identity ecosystem trustmark scheme to enable individual informed decisions
Provide education and training materials to all levels of government
Create extension offices that support organizations in aligning with the identity ecosystem
Develop relying party integration toolkits
Build, implement, and adopt a professional certification program
Set Federal budget priorities accelerated through revised Presidential Directives
Establish National Program Office charged with the mission of achieving the vision
Designate or create a public/private advisory group to support shared responsibilities in the deployment of the identity ecosystem
Transparently report public/private sector progress in achieving each goal and objective
Build a focused strategy to support the development of international identity ecosystem standards
Dedicate Federal resources to participate in national and international forums related to identity ecosystem
Provide test and evaluation capabilities to identity ecosystem participants
Appoint a single R&D focal point in the Federal Government to lead the identity ecosystem R&D agenda
Establish readily available licensing vehicles of R&D outputs to the public/private sector
Align identity ecosystem R&D Activities to 'Game Changing' strategy
Establish standards conformance assessment process
Establish standards conformance assessment process
Next Steps
The draft for public comment is expected in early June, with the final strategy document expected in September.
Questions/Comments from Call Participants
1. Are there any other areas where this group can assist with these endeavors?
A. Collaborative efforts - outreach to colleagues and comparing notes.
Expect that there is a lot of education and awareness needed on the state level.
2. Has this moved up in the NC state hierarchy?
A. There has been some on and off interest, but right now there appears not to be enough resources to dedicate.
- Rodney recommends checking out the Post-Elementary Standards Council. (www.pesc.org)
COSN Insights
InCommon Insights
Upcoming US Feds Meeting at CAMP
Respectfully Submitted,
Garret Sern
EDUCAUSE
[1|#_ftnref] See Appendix C for additional information on the Fair Information Practice Principles.