Versions Compared

Old Version 1

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version 2

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

InCommon TAC Meeting 2014-10-29

...

Wednesday, October 29, 2014
10:30 am - 1:30 pm
@TechEx in Indianapolis https://docs.google.com/a/internet2.edu/document/d/1RUW4RWCzBLjsnvAGfexZK46S1NYMCVLW4tXdrAfg-u8/edit#

Agenda

...

...

  1. Attribute release doesn't happen broadly enough
  2. Metadata consumption and key management 
  3. Security incident response
  4. Evolving federation infrastructure and updated expectations

...

  1.  Sustained and periodic communication to Participant contacts about best practices and/or potentially unmet obligations. Eg, security contacts.
  2. Periodic testing of presence and accuracy of security contact info.

...

Ops Trajectories

Given current trajectories, Ops can/will/might deliver the following in 2015:

  1. InCommon Admin MFA Service
    1. Distributed Multifactor Authentication
    2. Step-Up Authentication
    3. Automated User Enrollment and Device Management
    4. Embedded Discovery Service
    5. Integrated Google Gateway Service
    6. Embedded Login and Account Creation Service (IdPoLR)
    7. Embedded Error Handling Service
  2. InCommon Research & Scholarship MFA Service
    1. (same features as InCommon Admin MFA Service)
    2. Exposes only those IdPs that pass the Basic Interoperability Test
  3. Self-Asserted Attribute Release Policy
    1. A stateful web app for Site Administrators
    2. Automates and extends the onboarding process for R&S IdPs
    3. Permits fine-grained tagging of IdPs by IdP operators:
      1. http://macedir.org/entity-category-support => https://refeds.org/category/research-and-scholarship
      2. http://macedir.org/entity-category-support => https://cilogon.org/shibboleth
  4. User-Defined Entity Categories
    1. Permits fine-grained tagging of IdPs and SPs by anyone (with permission):
      1. http://macedir.org/entity-category => http://uctrust.universityofcalifornia.edu/category/faculty-staff-basic
      2. http://macedir.org/entity-category-support => http://uctrust.universityofcalifornia.edu/category/faculty-staff-basic
  5. Custom Metadata Aggregates
    1. Permits fine-grained tagging of IdPs and SPs by anyone (with or without permission):
      1. http://macedir.org/entity-category-support => https://cilogon.org/shibboleth
  6. Super Metadata Aggregate
    1. http://md.incommon.org/InCommon/InCommon-metadata-super.xml
    2. includes pre-production metadata not vetted by InCommon Admin
    3. https://incommon.org/md-rps
  7. Metadata Query Server
    1. http://mdq.incommon.org/global
      1. InCommon production metadata + filtered eduGAIN metadata
    2. http://mdq.incommon.org/incommon
      1. ALL InCommon metadata (production and pre-production)

Minutes

Attending: Scott Cantor, David Walker, Steve Carmody, Nick Roy, Keith Hazelton, Mike LaHaye, Steve Olshansky, Jim Basney, Tom Barton, Jim Jokl, Paul Caskey, Ken Klingenstein, Michael Gettes

...

This will be further refined during the November 13 TAC call, then sent to Steering.

...

Next Meeting – Thursday, Nov. 13, 2014 – 1 pm ET

...

attachments