Refining Silver CSG January 2011, Duke University Renee Shuey, RL "Bob" Morgan, Tom Barton
How did we get here? USG defines 4 Levels of Assurance (2004) USG defines Assurance Framework, Profiles (2005) as part of E-Authentication Program 3 campuses' IAM assessed by GSA (2006) InCommon publishes its IA docs, aka Silver (2008) E-Auth phased out, ICAM starts up (2009) HE Community provides feedback (2010)
The refining process Identify need, urgency for change based on feedback Establish a Subset of InCommon TAC, InCommon Operations, and Consultant to gather information, analyze, discuss, and change existing IAP requirements as appropriate Build on CIC work, engage with university auditors Identify small group of individuals to review first draft and provide feedback - Scheduled for January 24 - ~ February 7 Make IAP and IAAF publicly available for comment Submit new documents to ICAM for acceptance
The refining method Guiding principles this must succeed for everyone: HE campuses, USG, RP community be normative vs didactic address Pain Points submitted by CIC clarify, streamline, make consistent Remove most requirements not referenced by ICAM TFPAP exception is those requirements identified by other potential Silver consumers such as TeraGrid/IGTF remove external references unless strictly needed
Metallurgical Precedents Cupellation MethodSilver ore and scrap silver have to go through a refining process in order for the pure silver to be separated from the dross. Cupellation is when it is heated to 1,200 degrees Celsius in a special furnace. First though, the silver scrap or ore is placed in a solution of 30 percent to 35 percent nitric acid. It takes an ounce and a half of nitric acid to dissolve one ounce of silver. The solution produces a white powder, silver chloride. When sodium carbonate is mixed with the silver chloride and placed in a cupellation furnace, the heat causes a chemical reaction and makes table salt and silver. The process works without the addition of sodium carbonate as well but then the heat releases poisonous chlorine gas as it produces the pure silver.Amalgamation MethodAnother method of refining silver is called the Patio Process and was used in Latin America by the Spaniards during the 16th century. Silver ore was ground to a powder and mixed with salt, powdered roast copper and liquid mercury. Then tethered mules walked around and around a small circle of earth on which the powdered mixture had been poured. The pressure of their feet crushed the powder into even smaller granules. Eventually the mixture dissolved in the liquid mercury. Like making liquor, the mixture was distilled and then placed in a cupellation furnace. The refined silver that emerged from the furnace was pure.
What does this all mean Breaking it Down, Burning it Off
Business, Policy, and Operational Factors Primary section where elements have been removed Established Legal Entity Covered by InCommon Participants Agreement Removed from IAP Disclosures, Documentation of policies & practices, Adequate Staffing, Help Desk, Risk Management
Audits and Auditors Recognize need for shared risk between InCommon and campuses Propose InCommon Assurance Review Board to review the comparable methods in a report Role of IT Auditors: confirm management assertions, not guarantee IA conformance Reduce number and frequency of audits
IAM Functional Model flesh out enterprise scenario, vs dedicated IdP eg, multiple apps, RAs, password stores streamline terms (Subject, Applicant, Claimant) define terms in context draw a picture ...
Registration and Proofing clarify use of "existing relationship" vs in-person vs remote proofing clarify identity information required, meaning of "address of record" fix record retention problem (7.5 years?)
Logging and retention Distinguish between logged events registration, credential issuance, authn; not all are equal 7.5 years retention for cred issuance required by USG Retention of 3 years required for I-9/RA No reqs for authn, have to support SP problem res
Technical environment Applies to IdMS operations, not everything Software Maintenance (not Change Mgt) Network Security Physical Security Ensure failures don't create false positives
Various & Sundry remove "suggested evidence" stuff distinguish requirements from assessment "industry-standard crypto" vs Approved/FIPS clarify requirements for password protection clarify use of identifiers
USG, ICAM, TFPAP InCommon IA 1.0 almost approved as TFP still negotiating around privacy items, have to introduce 1.1 carefully ... ICAM currently "focused" on privacy opt in, minimalism, activity tracking, adequate notice, non compulsory, and termination dealing with commercial IdP issues (e.g. Google) unclear how this will affect InCommon IA
Incommon Identity Assurance Program Proper service offering pricing, review board, info about SP/IdP adopters, contributions re how to comply, privacy matters new position(s) being hired to support program Current estimate of production service is Summer 2011
Feedback from all of you Please do look for the new InCommon IAP and IAAF 1.1 to be available for comment in February Feedback from campus auditors especially of interest