Team

Ismael Alaoui(tick), Phil Benchoff(tick), Susan Brooker-Gross(tick), Al Cooper(tick), Mary Dunker(tick), Frank Galligan(error), Karen Herrington(error) (Kevin Rooney substituted), Greg Kroll(tick), Randy Marchany(tick)
((tick) present, (error) absent)

Agenda

  1. Announcements
    1. Sharon Kurek will be attending our August 19th meeting. Please review the Agenda to be prepared.
  2. Discuss InCommon Silver profile
    1. Review "Meeting Notes" #2 from June 24th meeting for previous discussion.
    2. Link to InCommon standards

Meeting Notes

  1. Announcements
    1. Frank is out so Ismael will do the overview.
  2. Discuss InCommon Silver profile
    1. Mary & Karen regularly teleconference to discuss the InCommon Silver profile (Mary calls this the CIC Silver Call).
    2. Mary reports that the requirements for recording the identity documents someone uses for identity proofing have changed.
    3. The auditors for this group Mary teleconferences with were asked (by universities) if someone's drivers license number needs to be recorded for the InCommon Silver profile. Mary believes the answer is yes.
    4. Mary commented that most likely universities will not get out of recording the driver's license or government identification number presented for identity proofing. Universities do not want to record this PII (personally identifying information).
    5. Mary did a comparison of IC-Silver, NIST, and I-9
      1. In question is whether we can use I-9 information for employees?
    6. If a user wants a silver certificate they could optionally go through the extra in person identity proofing steps to get it.
    7. The question remains on whether we want to record PII for silver? What about data security?
    8. Perhaps a "layered approach" to issuing soft PDCs could be employed. With the first layer being easily obtained "regular" certs perhaps without in-person identity proofing and the next layer being a "silver" cert with all the required identity proofing.
      1. Ismael commented that this is "technically" possible but would caution against "closing the door" on those that get regular certs.
      2. Ismael also commented that technically it would not be a problem to issue both types of certs to the same user so they would have a mixture of "regular" and "silver" certs, however, this may be a usability issue for the user.
      3. If a user's role changes they may need to change the type of cert they have. They could either have a mixture or certs or revoke the old cert and get a new one.
      4. What roles would benefit form a silver cert?
      5. Kevin commented that making InCommon Silver a goal for this project would make these certificates less desirable because they would be more difficult to get.
      6. Al commented that the goal should be to get as many certs, into as many users hands as possible, i.e., easy dissemination.
      7. Identity proofing is a barrier to wide dissemination of soft certs.
      8. Perhaps we could issue different "level of assurance" (LOA) certs???
      9. If we issue different LOA certs, different workflows would be required. Also, we would need an upgrade path from LOA 2 to LOA 3 certs.
  • No labels

1 Comment

  1. Mary Dunker

    Aug 06, 2010

    Reminder: If we record the ID number of a drivers license or passport, we'll need to encrypt the field at rest.