Minutes
Attending: Mark Rank, Keith Wessel, Janemarie Duh, Eric Goodman, Matthew Economou, Matt Brookover, Steven Premeau
With (Also Starring): Les LaCroix (CACTI) , David Bantz, Nicole Roy, Albert Wu, Ann West
Regrets: David Walker, Judith Bush
Status Updates - Q&A
- T&I and Ops Updates (Ann/Nic/Albert/Shannon/Dave/Johnny)
- Johnny Lasker mentioned that there was a Federation Manager release earlier in the week.
Subject identifier work
- TAC work from Fall 2020:
- Deploying SAML Subject Identifiers in InCommon - still in draft
- Strategies for Working with Identifiers in Federation - still in draft
- Comparison of identifiers used in Federation - published on InCommon Federation wiki as Understanding Federated User Identifiers
- This is part of the deployment profile, so part of what we're already doing.
- Steering will discuss TAC's Deployment Profile proposal on Monday, 8/2/2021.
- R&S 2.0 specifies the new identifiers, as do REFEDS Assurance Framework and Seamless Access's attribute bundles.
- Matthew Economou operates a virtual organization (VO). It needs to have IdPs release new identifiers as the first step to allow for a transition.
- A year transition period sounds reasonable.
- Janemarie: This needs to be managed as a project.
- Mark Rank: To jump start, we should reach out to some large research universities to be early adopters. Also, vendors could start providing "out of the box" solutions.
- Albert: The current REFEDS discussion is specifically about targetedID. We should consider the whole issue.
- To help structure outreach, it'd be good to know what identifiers are used by asking the community.
- This should be handled as part of our overall deployment profile rollout.
- Mark: Perhaps as "step 0 / pre-step" get a small (more than 1-2) IdPs to deploy in next six months.
- We're moving into a world where one common version of our standards is adopted by everyone. We need to assume multiple versions (e.g., current, upcoming, legacy).
- Keith: Would it be within the realm of possibility that, say, NIH might announce a requirement by some specific date?
- It would have to be demonstrably better to drop something old, perhaps a security issue.
- Albert will draft a response to the REFEDS list, sharing it with TAC for review before sending.
EDUCAUSE Federation Observations
- Albert and David Walker are creating guidelines for IdPs that should address some of these issues
- This can provide value before federation testing is in place.
- Matthew Economou: Is there anything that compiles all the pieces in one place?
- Software packages
- Configuration assistance
- Things not to do
- Nicole: It's much easier than it used to be, but still not something that will make everyone happy, particularly those accustomed to environments like AD.
Federation Testing
- We announced the group a few months ago, but didn't get much interest in participation. Maybe we should put it off?
- Albert: The current charge is pretty broad, basically to define what testing is needed. How about reducing the scope to the deployment profile? TAC could just says this is needed for deployment profile and ask InCommon Ops to start implementing (which will probably get in line behind current projects like eduroam).
- The consensus was to proceed as Albert suggested.
EMail Updates
SeamlessAccess, REFEDS, and Browser Interactions update (from 7/7/2021, prior to the canceled 7/14/2021 meeting)
| Subject: | [TAC-InC] SeamlessAccess, REFEDS, and Browser Interactions update |
|---|---|
| Date: | Wed, 7 Jul 2021 14:54:28 -0700 |
| From: | Heather Flanagan |
I honestly don’t know if these should be considered late notes for the last call or early notes for the next call. I think it may depend on whether anything else happens between now and next Thursday to warrant a new update.
REFEDS
42nd REFEDS meeting
The 42nd REFEDS meeting was held on 16 June 2021. Slides and notes are available online, and a recording will be made available shortly.
R&S 2.0
The Entity Category Development Working Group, commonly referred to as the R&S 2.0 Working Group, is exploring a slightly different approach to the evolution of the R&S entity category. Rather than a 2.0 version of the current R&S, the group is considering an extension to the family of authorization entity categories (Anonymous Authorization and Pseudonymous Authorization) so that it includes a Personalized Authorization entity category. The biggest (but not the only) challenge with the current R&S is the lack of a common definition as to exactly what Research & Scholarship means. Even the terms used to provide shape to the phrase (for example, rejecting 'commercial' services) do not offer sufficient clarity to make globally applicable decisions about the service.
If the Personalized Authorization entity category is formally adopted by the working group, the related entity categories (Anonymous Authorization and Pseudonymous Authorization) will also be updated to make sure the language across all three is consistent.
SeamlessAccess
SeamlessAccess held a pair of workshops for federation operators interested in learning more about the SeamlessAccess service. Feedback was very positive, and the slides from the session are publicly available here. One key takeaway from the session was a clear list of priorities from the participants regarding the features in development, specifically (and in order of priority) IdP filtering, internationalization, and branding. (N.B. IdP filtering refers to the ability for SeamlessAccess to offer cues to the end user as to whether a particular IdP is likely to work with a given Service Provider.)
The most recent SeamlessAccess Newsletter with additional information is now available on our website: https://seamlessaccess.org/posts/2021-07-06-summer2021newsletter/
And, to offer a segue between this topic and the Browser Interaction topic, we've also posted an article on the SeamlessAccess site to inform more people about the expected browser changes. https://seamlessaccess.org/posts/2021-07-06-browserchanges/
Browser Interactions
The new W3C community group, Fed-ID, is now available for registration: https://www.w3.org/community/fed-id/. Our first call will likely be in August. The next few weeks will give people time to register to become members; I will send out a poll to find a time for the first call later this month.
Heather Flanagan — Translator of Geek to Human
https://sphericalcowconsulting.com
Federation Test Working Group Update
| Subject: | [TAC-InC] Fed Test WG Update |
|---|---|
| Date: | Thu, 29 Jul 2021 11:19:48 -0400 |
| From: | Janemarie Duh |
Hi, All,
Last call, please, for edits to the draft Fed Test WG announcement to go to the SP Operators list:
https://docs.google.com/document/d/1lUrryOzcPp4eu9fGiFA4BXt01HN0Xt1Vvs2mtjXqu2Y
The message will go out courtesy of Heather after today's meeting depending upon the outcome of the discussion on the item on today's agenda you may have noticed.
Thank you.
Janemarie
Janemarie Duh
Identity and Access Management
Information Technology Services
Lafayette College
610-330-5609
CTAB update
| Subject: | [TAC-InC] CTAB update |
|---|---|
| Date: | Thu, 29 Jul 2021 16:59:35 +0000 |
| From: | Eric Goodman |
Main points from Tuesday’s meeting:
- REFEDS Assurance Framework, Implementation Guidance document
- Consultation closed, document updated
- CTAB approved report
- Will be presented to steering
- BE2
- Steering requested a status update
- Short version is that adoption/compliance is moving (much?) faster than it did with BE1 at the same point in the rollout.
- Ongoing discussion of support options for locations having difficulty. (Office hours, clinics, FM changes, etc)
- Potential for tabletop exercises in the future.
Federation 2.0 update
| Subject: | Re: [TAC-InC] CTAB update |
|---|---|
| Date: | Thu, 29 Jul 2021 17:11:25 +0000 |
| From: | Bush,Judith |
Sorry I cannot attend and lost track of time –
Editorial passes and final writing happening for Fed 2.0.
judith
International, SeamlessAccess, and Browser Updates (7/29/2021)
| Subject: | [TAC-InC] International, SeamlessAccess, and Browser Updates |
|---|---|
| Date: | Thu, 29 Jul 2021 10:14:04 -0700 |
| From: | Heather Flanagan |
REFEDS
43rd REFEDS meeting
The 43rd REFEDS meeting is scheduled for the week before CAMP/ACAMP at 30th September 2021 from 15:00-18:00 UTC. WE’re currently planning on a deep dive into R&S 2.0 and the REFEDS Strategic Plan (which will be shared prior to the meeting, but isn’t publicly available yet).
SeamlessAccess
As of 1 July 2021, Hylke Koers has taken over the role of Program Director for SeamlessAccess. Heather Flanagan will focus on a more technical liaison role going forward.
New publishers continue to join the SeamlessAccess integrator community: Emerald Publishing and the American Medical Association will both be going live in the next few weeks.
And to bridge the discussion between SeamlessAccess and Browsers, there is a new recording available of the webinar "Web browsers, privacy, and your publishing platform webinar”. This was an eye opening session for publishers and librarians alike as they learn that even IP address authorization is at risk in the brave new world where browsers take a more active role in mediating user privacy on the web.
Browser Interactions
The new W3C Federated Identity Community Group will be having their first call on Monday, 2 August 2021 at 09:00 UTC-7. So far, over 80 people have signed up to participate, including a healthy representation of higher ed individuals. The first call will largely be administrivia, as we sort out chairs, approve the charter, and figure out what kind of call schedule we’d like to have.
Heather Flanagan — Translator of Geek to Human
https://sphericalcowconsulting.com