Attendees

Phil Benchoff
Susan Brooker-Gross
Al Cooper
Mary Dunker
Frank Galligan
Kevin Rooney
Greg Kroll
Randy Marchany
Ismael Alaoui

Agenda

  1. Continue viewing the eProv presentation, answering questions where possible.
  2. Discuss invitations to users to participate in focus group meetings.
  3. Background Questions 6, 12, 17, 20, 24 are pending or unanswered.

Meeting Notes

  1. Continue viewing the eProv presentation, answering questions where possible.
    1. key pair = key set
    2. will have one key pair but may have multiple certificates associated with that key pair
    3. Renewal: we may want to consider a time limit beyond which you cannot renew an expired certificate unless:
      • renewal is done using face-to-face registration
      • if remote renewal is used the user will need a new key pair
    4. Recover: e.g., forgot password; private key was lost because erased from computer
    5. Revoke: e.g., compromised key pair; user revoking their own key pair
    6. Out of Band: we need policy & procedures to handle
    7. Departmental key pairs & certificates are out of scope form this project. This project is for personal digital certificates.
    8. Someone gets hit by a bus scenario & discussion
      1. This is handled out of band.
      2. Basically the process would be (1) recover keys, (2) decrypt, (3) issue new key pair to someone if necessary.
      3. Ish explained that this would be a manual process and would probably play out like this. Recover the key pair. The new user submits a CSR via another process to generate a new certificate in their name with their personal information. The result is a new certificate using the old key pair.
      4. We need to get Internal Audit opinion on this.
      5. From a departmental standpoint they want to keep their business processes going without major disruption.
    9. How will someone get the recipients public key in order to send them an encrypted e-mail or file?
      • Can/Should we publish the public key to the Enterprise Directory? Registry? We could publish the keys to the Enterprise Directory as a future enhancement, as that functionality adds complexity to the project, and it is possible to encrypt e-mail by asking the recipient to send their certificate (containing public key) to the sender.
    10. InCommon Silver Profile
      1. See Mary's comment on the home page.
      2. Also see Mary's comment below on this page.
      3. Very desirable.
      4. If we go for this it will influence application design and implementation.
      5. We may not be able to use EJBCA for the end-user interface because of the requirements for InCommon Silver.
    11. We need to begin discussing requirements for face-to-face registration.
      1. Need usage scenarios.
    12. Other stakeholders that need to be brought in soon are (1) Internal Audit, and (2) Jerry Palmer from Records Retention.
  • No labels

1 Comment

  1. Mary Dunker

    Jun 10, 2010

    The following sections from the InCommon Identity Assurane Profiles Bronze and Silver  are particularaly relevant to current soft PDC project discussions:

    4.2.2.2 Retention of registration recordsInCommon Bronze & Silver Identity Assurance Profiles Vers 1.0.1

    1. A record of the facts of registration shall be maintained by the IdP operator or its

    representative (e.g., Registration Authority). This information should help reestablish

    the Subject's correct association with his or her IdMS entry if necessary at

    some future time.

    2. The record of the facts of registration, shall, as a minimum, include:

    • Identity proofing document numbers;

    • Full name as shown on the documents;

    • Date of birth;

    • Current address of record (see IAAF glossary).

    3. Records also must include revocation or termination of registration.

    4. The minimum record retention period for registration data is seven years and six

    months beyond the expiration or revocation (whichever is later).

    5. IdP operators also must conform with any corporate records retention policies,

    whatever laws apply to the corporate entity, and any state or Federal records

    retention requirements.

    6. At a minimum, credentials shall include identifying information that permits

    recovery of the records of the registration associated with the credentials and a

    personal name that is associated with the identity Subject. In every case, given the

    issuer and the identifying information in the credential, it must be possible to recover

    the registration records upon which the credentials are based.

    Suggested Evidence of ComplianceThe records and logs obtained and kept

     

    4.2.2.3 Identity proofingFor each identity proofing mechanism employed by the IdP operator or its Registration

    Authority, one or more of the following three criteria must be met:

     

    4.2.2.3.1 Existing RelationshipEmployers and educational institutions which verify the identity of their employees,

    students or other affiliates by means comparable to those stated for In-person

    Proofing or Remote Proofing may be designated an RA by the IdP operator. The IdP

    operator shall confirm that the applicant is a person with a current relationship to the

    organization, record the nature of that relationship and verify that the relationship is

    in good standing. If the IdP operator's IdMS directory or database is separate from

    the institution's or RA's database, the IdP operator shall confirm that the applicant's

    name and address are consistent in both places.Suggested Evidence of ComplianceThe records of identity proofing.

     

    4.2.2.3.2 In Person Proofing1. The IdP operator's Registration Authority (RA) shall establish the applicant's IdMS

    registration identity based on possession of a valid current Government Picture ID

    that contains applicant's picture, and either an address or nationality (e.g., driver's

    license or passport)2. RA inspects photo-ID, compares picture to applicant, records ID number, date of

    issuance and expiration, address if available, and date of birth. If ID appears valid

    and photo matches applicant then:

    a. If ID confirms the address of record, authorize or issue credentials and send

    notice to the address of record; or

    b. If ID does not confirm the address of record,issue credentials in a manner that

    confirms the address of record.

    Suggested Evidence of ComplianceThe existence of a standard documented process done by competent trained

    individuals.