Refining Silver

CSGJanuary 2011, Duke University

Renee Shuey, RL "Bob" Morgan, Tom Barton

Removing the Lead from Silver

How did we get here?

• USG defines 4 Levels of Assurance (2004)

• USG defines Assurance Framework, Profiles (2005) as part of E-Authentication Program

• 3 campuses' IAM assessed by GSA (2006)

• InCommon publishes its IA docs, aka Silver (2008)

• E-Auth phased out, ICAM starts up (2009)

• HE Community provides feedback (2010)

The refining process

• Identify need, urgency for change based on feedback

• Establish a Subset of InCommon TAC, InCommon Operations, and Consultant to gather information, analyze, discuss, and change existing IAP requirements as appropriate

• Build on CIC work, engage with university auditors

• Identify small group of individuals to review first draft and provide feedback - Scheduled for January 24 - ~ February 7

• Make IAP and IAAF publicly available for comment

• Submit new documents to ICAM for acceptance

The refining method

• Guiding principles

• this must succeed for everyone: HE campuses, USG, RP community

• be normative vs didactic

• address Pain Points submitted by CIC

• clarify, streamline, make consistent

• Remove most requirements not referenced by ICAM TFPAP

• exception is those requirements identified by other potential Silver consumers such as TeraGrid/IGTF

• remove external references unless strictly needed

Metallurgical Precedents

Cupellation MethodSilver ore and scrap silver have to go through a refining process in order for the pure silver to be separated from the dross. Cupellation is when it is heated to 1,200 degrees Celsius in a special furnace. First though, the silver scrap or ore is placed in a solution of 30 percent to 35 percent nitric acid. It takes an ounce and a half of nitric acid to dissolve one ounce of silver. The solution produces a white powder, silver chloride. When sodium carbonate is mixed with the silver chloride and placed in a cupellation furnace, the heat causes a chemical reaction and makes table salt and silver. The process works without the addition of sodium carbonate as well but then the heat releases poisonous chlorine gas as it produces the pure silver.

Amalgamation MethodAnother method of refining silver is called the Patio Process and was used in Latin America by the Spaniards during the 16th century. Silver ore was ground to a powder and mixed with salt, powdered roast copper and liquid mercury. Then tethered mules walked around and around a small circle of earth on which the powdered mixture had been poured. The pressure of their feet crushed the powder into even smaller granules. Eventually the mixture dissolved in the liquid mercury. Like making liquor, the mixture was distilled and then placed in a cupellation furnace. The refined silver that emerged from the furnace was pure.

What does this all meanBreaking it Down, Burning it Off

Business, Policy, and Operational Factors

• Primary section where elements have been removed

• Established Legal Entity

• Covered by InCommon Participants Agreement

• Removed from IAP

• Disclosures, Documentation of policies & practices, Adequate Staffing, Help Desk, Risk Management

Audits and Auditors

• Recognize need for shared risk between InCommon and campuses

• Propose InCommon Assurance Review Board to review the comparable methods in a report

• Role of IT Auditors: confirm management assertions, not guarantee IA conformance

• Reduce number and frequency of audits

IAM Functional Model

• flesh out enterprise scenario, vs dedicated IdP

• eg, multiple apps, RAs, password stores

• streamline terms (Subject, Applicant, Claimant)

• define terms in context

• draw a picture ...

Registration and Proofing

• clarify use of "existing relationship" vs in-person vs remote proofing

• clarify identity information required, meaning of "address of record"

• fix record retention problem (7.5 years?)

Logging and retention

• Distinguish between logged events

• registration, credential issuance, authn; not all are equal

• 7.5 years retention for cred issuance required by USG

• Retention of 3 years required for I-9/RA

• No reqs for authn, have to support SP problem res

Technical environment

• Applies to IdMS operations, not everything

• Software Maintenance (not Change Mgt)

• Network Security

• Physical Security

• Ensure failures don't create false positives

Various & Sundry

• remove "suggested evidence" stuff

• distinguish requirements from assessment

• "industry-standard crypto" vs Approved/FIPS

• clarify requirements for password protection

• clarify use of identifiers

What next

USG, ICAM, TFPAP

• InCommon IA 1.0 almost approved as TFP

• still negotiating around privacy items, have to introduce 1.1 carefully ...

• ICAM currently "focused" on privacy

• opt in, minimalism, activity tracking, adequate notice, non compulsory, and termination

• dealing with commercial IdP issues (e.g. Google)

• unclear how this will affect InCommon IA

Incommon Identity Assurance Program

• Proper service offering

• pricing, review board, info about SP/IdP adopters, contributions re how to comply, privacy matters

• new position(s) being hired to support program

• Current estimate of production service is Summer 2011

Feedback from all of you

• Please do look for the new InCommon IAP and IAAF 1.1 to be available for comment in February

• Feedback from campus auditors especially of interest