...
Attending:
- Brett Bieber, University of Nebraska (chair)
- Chris Whalen, NIH/NIAID
- Ted Hanss, University of Michigan
- Tom Barton, U. Chicago
- Emily Eisbruch, Internet2
Action Items
[AI] (Brett) develop a more high level timeline for InCommon Steering
[AI] (Ann) consult with Internet2 Legal Dept. about the InCommon FOPP and InCommon Participation Agreement changes suggested for Baseline Expectations
[AI] (Brett) clarify who can contact InCommon support about a baseline expectations concern.
[AI] (Brett) move some of the details (regarding contacts/metadata and process to notify InCommon Community) to an operational appendix in the Draft Processes to Implement and Maintain Baseline Expectations (Brett started this)
[AI] (Brett) make additional updates to the Diagram, Community Dispute Resolution Process
[AI] (Tom and Brett) review documents to make them more generic so they could apply more broadly, such as to handle issues around tags such as R&S or SIRTFI.
[AI] (Tom) develop guiding principles for dispute resolution process
[AI] (Brett) develop thought piece for InCommon Steering regarding approach around supporting available profiles
[AI] (Emily) put reinstatement process (after metadata has been removed but then the issue is addressed) on a list for Ann and TomB to talk about with InCommon Ops
• Can the FM be modified to automatically check for metadata validity
• Once an entity has been modified in FM, can it be placed into the front of the maintenance process queue for checking contacts/URLs
Completed Action Items
[AI] (Brett) review Strawman Schedule for implementing Baseline Expectations and update it prior to July Steering meeting. (done, see Baseline Expectations Project Timeline)
DISCUSSION
Consultation is Open
Baseline Expectations (BE) Implementation Consultation https://spaces.at.internet2.edu/x/uZ6TBg is open from June 23, 2017 until Aug. 18, 2017. This will allow incorporation of feedback from InCommon Steering, as Brett will present BE to Steering on July 10 (overview) August 7 (more in depth).
IAM Online Webinar on Baseline Expectations - Wed. July 19 at 2pm ET
Brett Bieber and Tom Barton will present at July 19 IAM Online https://www.incommon.org/iamonline/
TImeline
In preparation for taking the BE package to InCommon Steering, Brett worked on the Strawman Schedule for implementing Baseline Expectations and the Baseline Expectations Project Timeline. The Project timeline shows three phases of effort,
- Conception, 2015-2016
- Initialization, 2017 - March 2018
- Operationalization, starting April 2018
It was suggested to add to the project timeline more details on the communication plan and plan for project rollout. It was agreed to push certain dates out for the educational phase. Also it was suggested to add a month for review of the revised InCommon Participation Agreement.
[AI] (Brett) develop a more high level timeline for Steering for the July 10 update
Brett or Ted will email a reminder to Steering between the July and Aug Steering meetings.
Compliance Issues around BE
An issue to consider is that many entities may be out of compliance with Baseline Expectations, for example having incomplete metadata. There will be a need for marketing awareness including educating the execs at InCommon participant institutions.
Here is a Baseline Expectations Impact Assessment from 2016: QUESTION FROM EMILY: SHOULD THIS BE INCLUDED IN THE PUBLIC VERSION OF THE NOTES? https://docs.google.com/document/d/1kPXQxFMh15HFAFHxA_GX3O6OFX7lHN_MOD9erhuo3BA/edit?usp=sharing
It was also suggested that for the first few months of implementation the focus should be on the crisply defined areas of the Baseline Expectations. We can notify the community that we will be developing the more fuzzy areas (security practices) together. As BE goes into effect, there will likely need to be community discussion on what constitutes good security practice. The AAC should work to help the community understand its expectations for itself.
It will be important to inform Steering of the risks around having many out of compliance entities.
InCommon Legal Agreements
For the InCommon FOPP and Participant Agreement, there will be internal drafts reflecting changes needed for BE implementation and maintenance. Ann will consult with Internet2 legal division on the proposed changes to those documents. The drafts should be ready to bring to InCommon Steering in September. In addition, as part of updating the InCommon legal agreements, there will be changes to the InCommon Participation Agreement template https://internet2.app.box.com/v/InCommon-Participation-Agreemt, based on a request from Internet2 Legal Division.
AAC Charter changes and new AAC members
There will likely be a need for new AAC members (starting January 2018) who can provide expertise in security and mediation
. The AAC can update the AAC charter in parallel with the rollout of BE.
The new Internet2 Trust and Identity project manager, Erin Murtha, has started and will be meeting with Tom Barton, John Krienke and others to get up to speed on Baseline Expectations (BE) Implementation and Maintenance. Erin will develop the BE timeline from Federation Operator perspective.
FICAM and 800-63 Digital Identity Guidelines
It is expected that information will be available in August or Sept. 2017 about the FICAM requirements for re-certification under the new specifcation. Once that information is available, the AAC will be able to compile rough estimates of timeframes and determine next steps. In addition, Tom Barton will be speaking with those sites who have InCommon bronze certification and learn more about its value to them.
Kantara is maturing their ideas about their Identity Assurance Program and how they might expand it. https://kantarainitiative.org/confluence/display/certification/Identity+Assurance+Accreditation+and+Approval+Program
Other Topics (for discussion at next call)
• Program Review of InCommon Assurance Program
• InCommon support for REFEDS Assurance Framework v1.0 metadata attribute
• MFA Interop Profile Status update
◦ Steering and Promotion
of Baseline Expectations
• Attributes for Collaboration and Federation WG - Draft Charter:
https://spaces.at.internet2.edu/x/ipiTBg
Next AAC call: Wed., July 19, 2017 at 4pm ET