Attendees

Phil Benchoff
Susan Brooker-Gross
Al Cooper
Mary Dunker
Frank Galligan
Karen Herrington
Greg Kroll
Randy Marchany
Ismael Alaoui

Agenda

  1. New developments
    1. The Self-Service Password Reset project has a future dependency on this project
    2. May be necessary to shorten the timeline for this project
  2. Begin Scope development
    1. Continue review of these Background Questions
    2. What else is needed to define the scope of the entire project?
  3. Next steps?
  4. Next meeting June 3, 2010

Meeting Notes

  1. New developments
    1. It was recommended that we narrow the scope of this project and concentrate specifically on issuance of Soft PDC's to anyone with a PID. So having a PID is a requirement.
    2. The self-service password reset project has a completion deadline of June 2011. This soft pdc project has the same relative timeline, however, in order to be of use to the self-service project this soft pdc project needs to be complete well before June 2011.
    3. Frank said they have a requirements/specifications document drafted and will narrow the scope of this project but will include in the design the ability to include different profiles.
    4. InCommon & NIST standards
      1. Mary told us that based on the criteria for the InCommon silver identity proofing it would be very difficult for us to implement their solution (e.g., we would need credit card numbers).
      2. The InCommon silver and NIST level 2 requirements for in-person registration requires the person to present several different forms of photo identification. There is no specification of the issuer/operator role (we use 2 operators for eToken issuance).
      3. The user profile records the identification number from the identification used, e.g., records the actual drivers license number from a drivers license.
    5. Mary's recommendation is to use face-to-face registration (as opposed to remote enrollment).
    6. Frank asked whether we could use/rely on the Hokie Passport (photo id card)?
    7. Susan is working on documenting the institutional needs for identification credentials.
    8. Current plans are for users to pre-enroll (online) and create a secure password before coming for face-to-face verification and issuance.
    9. Can we use the current process for eToken registration? That uses 2 photo id's and is defined in the user CPS.
    10. There was some discussion about using the VT ID # as the "key" that identifies or links a person to their certificate and is used to look them up when they come for face-to-face enrollment. A better choice may be the UID from ED.
    11. Discussion continued on what might be the best "key" to use to look up information about the person.
      1. Because non-affiliates with sponsored accounts do not have a VT ID #, that is a poor choice.
      2. Everyone in ED has a UID.
      3. When designing this software be sure to leave open other ways than VT ID # to look up someone's information.
      4. Everyone should have a VT PID in order to login to this application (interface) for pre-enrollment purposes.
      5. For future use and to accommodate those without a VT ID # we could use the eToken for enrollment and issuance and in that case there would be no face-to-face registration. (This is considered a nice but not required feature.)
    12. The Soft cert is one level of assurance below the eToken (for certificate LOA not identity LOA)
      1. LOA order is: test --> rudimentary --> basic --> medium --> high
      2. Soft cert = basic
      3. eToken = medium
    13. Discussions on the strategies and hardware required for face-to-face registration is deferred for now.
    14. To save time and effort eProv is in favor is using the native EJBCA interface for the operator enrollment process. It is doable but will require training and support.
  2. Action item: By our next meeting lets document on the wiki all questions concerning key retrieval.
  • No labels