...
Attendees
- Benn Oshrin, The Oshrinium LLC
- Bryan Wooten, University of Utah
- David Bantz, University of Alaska, Fairbanks
- Chuck Hedrick, Rutgers
- John Kamminga, UC Merced
- Celeste Copeland, UNC Chapel Hill
- Jim Vales, Unicon
Minutes or notes
- What are the use cases? Still need drivers for assurance. Lack of SPs still an issues
- Guidance for auditors would be helpful
- Complaints about password lifetime expiration when changing passwords makes it harder for people to remember it
- Issues about passwords having to be applied at LDAP server which forces policy to be applied to everyone, not just silver people, which increases support overhead
- U of Arizona dynamically sets password expiration based on entropy of password selected
- Barrier to agencies accepting university IAQs in that individual universities still need to negotiate to be added to SP DSs
- SSL Termination at the network appears to be unacceptable, but clearly it's an OK pattern. Could there be guidance for auditors from InCommon on this?
- CIFER password management tools could facilitate IAQ compliance
- Can school ID card #s be used for reset? What if it's a state (ie: government) school?
- Charging $5 for password reset via credit card might be half compliant for remote proofing and also a "good" idea (in discouraging lost credentials)
- If you certify to silver, can you assert bronze too, or do you need to certify to bronze as well?
- Is CIC is still actively pushing forward on silver compliance?
- Potential need for (eg) commercial solution providers to help with audit
...