TAC Meeting Minutes - April 26, 2018
Attending: Matt Brookover, Michael Grady, Albert Wu, Mark Scheible, Eric Kool-Brown, Keith Wessel, Judith Bush, Eric Goodman
With: Nick Roy, IJ Kim, David Walker, David Shafer, Kevin Morooney, Steve Olshansky, Dean Woodbeck, Steven Zoppi, Ian Young, Shannon Roddy, Ann West
Ops Update
Deployed some bug fixes on the federation manager this week
Working on delegated admin items in the FM
Working to deploy FM in AWS
Security - got about 135 responses with interest in the security vulnerability email list and wiki. Discussing holding a Zoom meeting with Shannon and Scott Cantor.
Internet2 Trust and Identity Updates
Kevin - attended KINBERcon - presented with Bill Thompson - discussed Campus Success Program, Baseline Expectations, SIRTFI, Shib IdPv3
Kevin - also attended MAX (Mid-Atlantic Crossroads) meeting - mostly networking
At Global Summit - Klara Jelinkova and Kevin co-moderating a 50-minutes session in the executive track (sort of state of the union and dialogue about sustaining TIER efforts)
Ann - posting two positions - 1) Federation service manager, 2) second-level support engineer
Review the Trust and Identity project portfolio
International Updates (from Heather Flanagan)
APAN 46 will be in Auckland from August 5-9 (winter) and early bird registration is open. This is a great opportunity to interact with the growing number of identity federations in the Asia-Pacific region. http://apan46.nz/apan46
The REFEDS 2018 Work Plan is being finalized, and we're opening up a call for one or two WG chairs for the proposed Federation 2.0 WG. The IoLR WG is also going to switch chairs shortly; you'll see some revitalization in that group soon. https://wiki.refeds.org/display/WOR/2018+REFEDS+Workplan
The next REFEDS meeting is Sunday, 10 June in Trondheim, next to TNC 18. It'll be a full and useful day. I'm not sure if/how we'll be handling remote participation. https://refeds.org/meetings/38th-meeting
RA21 has a free workshop happening this week in Philadelphia. The highlights will be on the User Experience work and the output of the Security and Privacy reviews of the pilots. Registration is still open, including for remote participation. https://www.eventbrite.co.uk/e/ra21-resource-access-for-the-21st-century-tickets-43700742096
Working Group Updates
Attributes for Collaboration and Federation
Finalizing recommendations white paper
Looking at process for community consultation/review
SP Onboarding
Expecting to soon begin a community consultation period the final report, questionnaire, and criteria document.
Consultation will appear here: https://spaces.at.internet2.edu/display/SPCSWG/Consultation+for+the+Streamlining+SP+Working+Group+Final+Report
Co-chair Tommy Roberson is also working on a graphic to depict metadata key exchange.
OIDC
Ongoing review of use cases
Deployment Profile
Community consultation ends May 7
Comment period for OASIS Identifier Profile also ends May 7
Will meet the week after Global Summit to review comments from the consultation
Implementation profile (chartered by TAC and led by Walter Hoehn) has been ratified by Kantara
Start considering next steps and whether TAC will charter (or recharter) a new WG
Discussion of ADFS and other ‘long tail’ deployments
Chris Phillips came to the last meeting and discussed an ADFS Toolkit that makes it easier to work in a multilateral federation. Chris and Nick Roy also discussed key rollover concerns. Challenges remain - and we have observed some recently with some unplanned key rollovers by groups using software that does not handle key rollover correctly.
Site admin at Maxient - works with 300 IdPs - enumerated several challenges working with IdPs. Nick reviewed some of the challenges of InCommon staff working with individual participants.
A next step may be the development of an InCommon Profile that would sit on top of previous work (like the deployment profile). This would involve gathering requirements from multiple audiences, especially REFEDS/eduGAIN.
SWAMID is a partner with CANARIE on the ADFS Toolkit. SWAMID expects that soon 50% of its participants will be running ADFS. If this is the case there and elsewhere, the community needs to engage vendors to discuss the issues.
Ann - Various divisions of Internet2 had a call with Microsoft to explore where things are today. Microsoft seems interested in working with Internet2’s cloud services, network, and trust/identity. They know what is going on re: the Kantara profiles. They need to see business gains or losses resulting from ADFS issues to help drive changes to ADFS.
InCommon Test Federation
There is growing interest in those wanting to test the federation, test configurations, and more generally a need for pre-production mode for use by the Federation Operator (as well as participants). Steve and NIck discussed the scope (emphasize - this is not a production place - there is basically zero trust here). See Nick’s write-up and please make comments in the document: https://docs.google.com/document/d/1vQ_jk7ApSpuClTiQCTqcmbjpGXRpPT0VLbfwD0MEaOI/edit?usp=sharing
There were several comments during the meeting, which Nick has incorporated into the document.