Attending

Members: Barry Johnson, Stoney Gan, Rob Carter, Michael Grady, Barry Johnson, Kevin Hickey, Erik Scott, Les LaCroix, John Bradley, Steven Premeau, Chris Phillips

With: Nicole Roy, David Walker, Etan Weintraub (Linking SSO Systems WG co-chair), Steve Zoppi, 

Regrets: Licia Florio, Marina Krenz

  1. Reminders
    1. Transparency is a critical part of CACTI’s duty to the community. Please promptly approve, edit (or indicate reason for disapproval) of minutes after they are posted.
      1. As of Sept 12, 2022...
        2022-August-30 CACTI Notes (need two more approvals)
  2. Pre-read materials
    1. Draft Linking SSO Systems WG Report (co-chairs will join us to review)
  3. Administrivia
    1. Internet2 Intellectual Property Agreement reminder
    2. CACTI Charter pointer
    3. Agreements:
      1. Please say your name when you start to speak, until we learn each others' voices
      2. Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
      3. It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
      4. Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
    4. Volunteer(s) to scribe (new standing item)
      1. Please use the CACTI scribing doc
    5. Agenda bash
  4. Announcements
    1. We need two more approvals for the last meeting's notes – if you were at the 30-Aug meeting and haven't reviewed the notes, please take a moment to do so
    2. November IAM Online (IAM:  What you can and can't outsource to a vendor in the IAM space) - volunteers needed
      1. Rob:  If you’re interested/willing to work on the IAM Online, let Rob know
      2. Kevin H:  I’m interested.
      3. Rob:  I’ll likely send a CFP around, and once we have a subgroup identified, we’ll try to schedule some time to start bashing a presentation.  Particularly interested in input from members who have experience with switching to/from commercial IAM providers for this engagement.
    3. 2023 Nominations are open - if your current term expires in 2022 (Rob, Margaret, Mike G) and you want to continue, you may self-nominate.  Feel free to nominate others, too!
      1. Nominations can be proffered at https://docs.google.com/forms/d/e/1FAIpQLSdgB2gT4XQ5yjNUycVsqv-bVWE4Jdeag3N2LaFEOTTtOMynew/viewform
      2. Nominations close 21-October-2022, so plan accordingly.
    4. 2023 officer selection will be upon us in just a couple months - please consider filling one of the chair positions!
      1. Once we have our 2023 membership finalized, it’ll be time to elect officers
      2. Rob plans to step back so that some other folks can lead the group in 2023
      3. Rob:  Chairing is a fun and enlightening experience – you can gain a lot of insight into I2 and particularly InCommon, and have the opportunity to influence Trust and Identity in additional ways as a chair or vice-chair.  
      4. Nicole:  As flywheel, Nicole is always there to help out.  Rob:  She’s been a great help in the two years I’ve been chairing the group.
  5. Main Business

    1. Working group updates (questions only – info to be sent in advance via email)
      1. No update on Linking SSO Systems WG (Etan W. presenting today)
      2. Thanks to Mike, Kevin H, and Les for updates from CTAB, IDPaaS, and TAC, respectively
    2. Linking SSO Systems WG Report (chairs, 20m)
      1. Etan Weintraub and Brian Arkills, co-chairs
        1. Framing the report as an artifact that is intended for consumption by InCommon participants as a work-product for them to be able to do IdP linking using one or more of these products.
          1. Note that once the report is vetted by CACTI and made public, there will be opportunity additional community feedback – where the WG lacked insight into particular linking scenarios via its own members, there may be community members who can fill in additional information during the community review period.
        2. Detailed feedback from CACTI to the WG
          1. The WG report should probably explicitly note that the scenarios included in the table within it do not constitute an exhaustive accounting of possible linking scenarios, but rather cover the scenarios with which  the WG had collective experience.
          2. The WG report could use some introductory information about the rationale for operating multiple SSO systems.  The introduction to the WG’s charter has some text that can probably be repurposed in the report to fill that gap.
          3. The WG needs to consider consumption and automatic configuration of an IdP based on InCommon multilateral SAML metadata as a requirement for the IdP that gets published in InCommon. This is why, for example, Cirrus Bridge exists as a solution for Azure AD and Okta.
          4. Linking two IdPs together is the core value proposition for being able to federate an otherwise non-InCommon-compatible IdP with InCommon. 
          5. Community may be confused by the distinction between proxying and linking. May need to make this clearer, what you can do with these options and why you would want to do them. Or, if the distinction isn’t necessary for public understanding of the recommendations, remove the distinction. 
          6. The report should call out the requirements of the Kantara SAML 2 Deployment Profile for Federation Interoperability, both as requirements for the “thing that gets published in InCommon” under these linking recommendations, and so that the reader community becomes reminded of / aware of this foundational documentation: https://kantarainitiative.github.io/SAMLprofiles/saml2int.html .  It may be worth noting that the scenarios reviewed by the WG can all be deployed in compliance with the deployment profile (or noting any which cannot).
          7. InCommon Federation Library (documentation of InCommon Federation requirements): https://spaces.at.internet2.edu/display/federation 
    3. Time being exhausted for this meeting, the remaining items will carry over to the September 27 meeting agenda:

The following items were not able to be covered on this call and will be discussed on the next CACTI call: 

  1. W3C Browser Privacy Update (Chris P., 10m)
  2. Continuation of architectural priorities discussion (All, 20m)
    1. The TAP Reference Architecture (RA)

Next Meeting: Tuesday, September 27, 2022

  • No labels