...
The EWTI event is totally organised by Identinetics GmbH, led by Rainer Horbe. GÉANT main contribution is in the promotion of the event to bring our community there; in return GÉANT community should benefit of some contacts with the government that Rainer has gained during his work as consultant. The MoU is for a one year support; an evolution A one year MoU has been signed between the Amsterdam Office and Identinetics GmbH, with the aim of supporting the EWTI and event and to co-locate relevant events . An evaluation will follow to decide on how to continue in the future.
Technology Exchange I2 – There will be a main REFEDS events event on Sunday before the Technology Exchange meeting starts. Furthermore LF has submitted a request for a WG session to discuss about Sirtfi and assurance. AS has also submit a request for a session to discuss about community requirements as input for the current AARC project as well as consultation for the preparation of the next one.
...
JD showed the service matrix (https://compendium.terena.org/reports/nrens_services) , developed as part of the Compendium. This was extremely well received by the TTC. Thanks for Christian Gijtenbeek (developed it) and Jessica Willis for this result.ACTION
Recommendation: The TTC recommends promoting service matrix widely and to make it easily accessible via the GÉANT website.
...
Recommendation: The TTC recommends
...
GÉANT management to expose any other relevant results coming from GÉANT activities at GA level to ensure
...
they are known (and hopefully supported) by the decision makers.
Davig Groep – DG noted the high expectation in AARC on what it can achieve. We should manage this expectation so that communities will not be disappointed. DG noted that AARC should look at a mechanism to address some general questions coming from the user communities. As an example he referred to a question asked on the RFEDS lists from CERN, which triggered long and convoluted answers, whereas a simple question could have been provided.
Valter Nordth– Supporting GÉANT in updating the terms of reference for the technical programme. Plans are to present a draft for the next GA in September. Some TTC members’ terms have expired; Valter proposed to prolong the expired mandate until the end of 2015. No objections were raised.
Peter Schober– IDM Issues in the R&E community
As part of the more in depth area presentation each TTC member offers, PSc gave an overview of the authentication and authorisation practices in the R&E community.
PSc, as part of the more in depth area presentation each TTC member offers, gave an overview of overview of the authentication and authorisation practices in the R&E community.
There is still a lot of phising and asking subjects phising despite users being asked to use more and more more complex passwords obviously won't help there. Mitigation . Mitigation for this are strong authentication, 2-factor authentication, multi-factor authentication, which in practice means a combination of independent authentication methods or technologiespractices.
Yubikey Ubikey and Google joined the FIDO alliance promoting have championed 2-factor authentication (U2F: "Universal 2nd Factor") specs that use established technologies (RSA public key cryptography) , that basically uses established technologies and protocols that are now being integrated into in the browser.
Most of the requirements for 2-factor authentication come from the users in the attempt to protect their passwords rather from the resources.
Despite what many believe, the second factor authentication is not really a way to increase the assurance that the credentials are used by the right good people. To elevate the insurance other means are needed, i.e. verified process etc. which normally bring up the authentication costs.
A problem institutions still face is the request for password reset, which is still a time consuming operation and affects identity assurance. To date there is no fully automated way to do that as the new passwords have to propagated into the different databases.
PSc touched upon authorisation, which usually presupposes the user has been previously authenticated.
...