TAC Meeting 2016-09-01

Attending: Tom Barton, Mark Scheible, Keith Hazelton, Jim Jokl, Steve Carmody, Michael Gettes, Janemarie Duh, Tom Mitchell, Scott Cantor, Kim Milford

With: Nick Roy, Ann West, Kevin Morooney, Dean Woodbeck, Tom Scavo, IJ Kim, Mike LaHaye, Paul Caskey, Steve Zoppi, David Walker, Ian Young

Action Items

(AI) Steve Carmody will communicate to InCommon Steering the decision to create an IdP-only production aggregate.

(AI) Nick will discuss this default-allow attribute import concept with Rhys Smith at the UK Federation and determine if we can take a common approach.

(AI) Steve Carmody will draft an agenda for the Sept. 28 F2F for TAC to review.

(AI) Dean will look into stickers/tags for TAC for TechEx name badges.

(AI) Janemarie will draft a note (and share the draft with TAC) to send the EDUCAUSE IdM list and the InCommon Participants list asking about top priority vendors for such deployment guides. 

Approval of Past Minutes

Minutes from Aug. 4 and Aug. 18 approved

Ops Update

  1. Related to the July incident when the federation info pages on web stopped working, a Nagios plug-in has been developed to prevent such outages - this could also be applied to other dynamic web pages. Testing now.
  2. Sirtfi proof of concept - development work is done and tested internally. Have not deployed the Federation Manager software updates, but the intent is to do so later today (Sept. 1, 2016)
  3. Ops Advisory Group recommends importing the REFEDS security contact and the Sirtfi entity attribute. Ian has updated the tooling and testing has taken place. Not yet deployed. Will do so after the Federation Manager update completed (from above). Only those entities participating  in the proof of concept will have their security contacts changed (to the REFEDS contact). We will want to do a coordinated communication campaign about Sirtfi and also security practices in general.


Per-Entity Metadata WG Urgent Request

The working group has made an urgent request for InCommon to produce an IdP-only aggregate, to resolve reported problems from some SPs. While creating new aggregates is something not taken lightly, it is understood that there are unsolved problems with both discovery and memory issues due to the large size of the aggregate. Creating this aggregate is an acceptable short-term solution, so InCommon Ops has recommended creation of a production-quality, IdP-only aggregate to be published at a permanent location. 

TAC recommends this solution, as well, and (AI) Steve Carmody will communicate this decision to InCommon Steering.

Interim report from the Per-Entity Working Group

The InCommon Per-entity Metadata Working Group wishes to submit an interim finding in order to facilitate a rapid and timely response from InCommon Operations. This interim finding is in addition to but does not supplant the final report the working group is to deliver.

The working group finds and recommends that InCommon Operations proceed immediately with the design, creation, and delivery of a new InCommon metadata aggregate that contains only the metadata for identity providers (IdPs). This new aggregate is intended to be consumed by service providers (SP) that need to consume InCommon metadata but that will be unlikely or unable to transition immediately to a per-entity metadata service when offered by InCommon. The new IdP-only aggregate will help relieve issues some SPs face as the size of the existing InCommon metadata aggregates continues to grow.

The working group also finds that there should be a single IdP-only aggregate rather than following the model that the full aggregate provides of having the triplet of preview, main, and fallback versions of the aggregate. This finding balances the effort necessary from InCommon Operations to produce and support a new aggregate against the benefits provided by the new aggregate. A single new IdP-only aggregate without preview and fallback versions solves important issues for some SPs but does not cost as much to operate.

In preparing this interim finding the working group has been in direct contact with InCommon Operations through Tom Scavo and Nick Roy, who are part of the working group. The working group understands that InCommon Operations supports this finding.

Please let us know if there are any questions about this finding that the working group can help answer.

Sincerely,

Scott Koranda
David Walker

for the InCommon Per-Entity Metadata Working Group

Default-allow for the import of entity attributes

There has been discussion, most recently on the REFEDS list, about allowing the import of entity attributes by default (which is a change for InCommon). Most federation operators have a more relaxed approach to both entity attribute import and the import of eduGAIN metadata in general.  The recommendation is that InCommon change its policy to allow the import of entity attributes by default, understanding that there will be a “deny” list of entity attributes with known problems. The UK Federation is considering a similar approach. 

This would allow the community to create and deploy such attributes without intervention by InCommon (or other federations). We would need a policy about any conflicts that arise.

Export of such attributes is a separate problem and one that needs to be addressed, as well. 

(AI) Nick will discuss this default-allow import with Rhys Smith at the UK Federation and determine if we can take a common approach.

Nick also suggested keeping a list of backlogged topics that will require working groups. This discussion gave rise to two:

  • IdP Discovery in a per-entity metadata world
  • Entity Attribute enhanced use in the community - use cases, needs, strategy, direction, etc. (allowing self-assertion, tagging of entities you don’t own, etc.)

Agenda for TAC F2F on Sept. 28

Some potential topics:

  • 2017 planning - what do we think will be the next set of issues?
  • Working groups -  Reports and discussion. For this item, it might be helpful to invite Scott Koranda and Keith Wessel, since they are chairing current working groups
  • What are the threats to InC and federation?
  • Each person submit the one thing they really care about
  • Closing the gaps (potential fee increase)

(AI) Steve will draft an agenda for TAC to review.

TAC Membership

TAC members should keep in mind, while in conversations at TechEx, that we will need several new members for 2017. (AI) Dean will look into stickers/tags for TAC for TechEx name badges.

TAC Chair

Should chair selection be offset from new members? Should TAC elect its chair before the end of 2016? Or 3-6 months into 2017? No consensus was reached.

IdP/SP Deployment Guides for Specific Vendors

This was discussed during the TAC community update webinar. (AI) Janemarie will send a note to the EDUCAUSE IdM list and the InCommon Participants list asking about top priority vendors for such deployment guides. She will send a draft of the message to TAC first.

Next Meeting - Thurs., September 15, 2016 - 1 pm ET

  • No labels