Versions Compared

Old Version 1

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

InCommon TAC Meeting

...

Thursday, July 23, 2015
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT

Dial-in Information

+1-734-615-7474 (preferred) (use this number unless you pay for long distance)
+1-866-411-0013 (US and Canada) (use this number if you pay for long distance)

Access Code: 0139713#

eDial: http://edial.internet2.edu/call/0139713

SIP: sip:session_0139713@edial.internet2.edu

If you are on a phone lacking a mute button, you can mute your phone via eDial by pressing ##1. To unmute, press ##1 again.

Agenda

Div
stylefloat: right;
Note
TAC Minutes being taken live now!
  1. Review current action items below
  2. Acceptance of minutes from TAC Meeting 2015-07-09
  3. Interest in a TAC F2F at TechEx? Tentatively scheduled Weds, Oct. 7, 11:20 am - 1:30 pm
  4. Roadmap for Operationalizing eduGAIN (Nick)
    1. Additional eduGAIN/technical items: do we want to export SAML1-only entities to eduGAIN?  Do we want to require mdui:DisplayName for any SPs that don't currently set it before allowing their export to eduGAIN?
  5. Certificate Service Update (Paul)
  6. Federation Interop Working Group update (Nick)
  7. Status - from discussion of issues and concerns around TLS and the trust framework (Nick)
  8. InCommon - making it easier to install a Shib IDP - Phase 1 (Paul)
  9. (your agenda item here)

Informational Items

  1. Research & Scholarship activity since July 9, 2015
    • TBD
  2. New wiki documents:
    1. TBD
  3. (your info item here)

Carryover Action Items

  1. Steve Carmody will draft a wiki page outlining the steps involved in creating a category
  2. John Krienke will implement a policy review regarding whether SP registration of keys could be made optional. <= Ann West will review and determine whether to keep this on the list
  3. Tom Barton, Chris Misra, and Nick Roy (should he accept), and one or two members of Assurance Advisory Committee (AAC) (should they accept) will develop a list of first steps that InCommon might take vis a vis future security issues like Heartbleed.
  4. Steve Carmody will contact Nick Roy and the AAC leadership about participating in the Heartbleed group.
  5. Steve Carmody will communicate the Alternative IdP Working Group final report and recommendations to Steering.
  6. Steve, Ann, Dean and Michael will draft a proposal to address TAC member responsibilities, TAC transparency, and related processes.

  7. Steve Carmody will send email looking for a chair for the MD Distribution WG

  8. Keith Hazelton and Ann West will edit the appropriate pages to make clear that URLs are as good and possibly better than URNs for entitlement values, etc. They will also add a page to the wiki that makes the case for URLs over URNs.

  9. Nick Roy will outline the predecessor/successor relationships among the priorities to determine sequence and need-by dates. David and Ann will assist. This will be circulated to TAC and AAC.

  10. Tom Barton will develop a WG charter re: how to coordinate incident response

  11. Paul Caskey will take charge of the goal “Making Federation Easier”

  12. Steven Carmody and Michael Gettes will develop a short white paper to document the requirements and goals related to attribute release.

  13. Those on the TAC call voted to accept the External Identities WG report. Steve Carmody will send email to the TAC list asking for confirmation from those not on the call, and also include information about next steps.
  14. Dean Woodbeck will consider where to publish the External Identities Working Group report.
  15. Steve Carmody will take the External Identities report, along with recommended next steps, to Steering.
  16. Steve Carmody will send email to the TAC list seeking confirmation of acceptance of the IdP of Last Resort WG report from those not in attendance.
  17. Steve Carmody will contact Jacob Farmer (char of the AAC) asking the AAC to begin work on the Trustmarks WG, including the POP replacement.

  18. Ann West will develop a service-level agreement concerning the IdP of Last Resort for Leif Johannson and UnitedID

  19. David Walker will summarize the recommendation for registration information for entities registered by InCommon Stewards

  20. Keith Hazelton will follow-up on the status of a REFEDS proposal to inject an IdPoLR into eduGAIN metadata, without the IdP needing to join a federation.

  21. Nick Roy will send a note to TAC with a review of his meeting with Chris Phillips and thoughts on the Canadian federation’s Shibboleth installation tool.
  22. Nick Roy will develop a small group to assess and discuss issues and concerns around TLS and the trust framework.

...

Minutes - July 23, 2015

Attending: Michael Gettes, David Walker, Steve Carmody, Chris Misra, Scott Cantor, Tom Barton, Jim Jokl

With: Ann West, Dean Woodbeck, Nick Roy, Nate Klingenstein, Steve Zoppi, Paul Caskey

Action Items

(AI) Paul will draft a new charter for the PKI Subcommittee, including putting out a call for new subcommittee members (to better represent Certificate Service subscribers)

(AI) Steve Zoppi, Steve Carmody, and Paul Caskey will come back to TAC in two weeks with a proposal concerning "making Shib easier;" specifically about how to leverage work already done through TIER to attract schools and individuals willing to commit to development help.

Minutes from July 9, 2015, approved

TechEx Face-to-Face?

There may be interest in a TAC meeting during TechEx if there are agenda items that would benefit from such a meeting. The proposed time is Wednesday, Oct. 7, 11:20 pm - 1:30 pm, which overlaps a general session and lunch. We’ll leave that time for now. Another option if the agenda is light is to have a TAC lunch in a private room.

Operationalizing eduGAIN

  • The Operationalizing eduGAIN Roadmap (https://spaces.at.internet2.edu/x/4IFHBQ) takes a phased approach, in terms of the import/export plans for SPs and IdPs. There will be changes in the Federation Manager interface to enable opting in and out.
  • Participation Agreement and FOPP - Ann is cautiously optimistic that legal will have these ready for the Steering meeting on August 3. The goal is for Steering to approve submitting the candidate documents to community review. The ultimate goal is Steering approval of the changed documents on November 2.
  • Nick has two side questions: Do we want to export SAML1-only entities to eduGAIN?  Do we want to require mdui:DisplayName for any SPs that don't currently set it before allowing their export to eduGAIN? if you have an opinion on this, please email Nick.

Certificate Service Update

  • Paul reported that Usher will no longer be a community-wide service and be turned over to the University of Virginia.
  • The Comodo contract is up for renewal in Fall 2016. The process will include a review of the service, a community survey, and an assessment of past performance and future needs.
  • Paul will reconvene the PKI Subcommittee to review the draft survey and then the results once the survey is complete, with a report back to TAC.

...

A new domain approval process is circulating internally, with a possible move to DCV.

Federation Interoperability Working Group

Nick reported that the WG will begin meeting Monday, Aug. 10, at 10 am ET and continue meeting weekly. Walter Hoehn is chairing the group, and there is also interest from Roland Hedberg and Nicole Harris in participating. Several companies are also participating.

TLS and trust framework

Nick sent an email summarizing this issue (how the fingerprint and public key for metadata signing are distributed). The group discussed a number of options for distributing the fingerprint, but Nick is comfortable with the current situation for now.

Making Shib Easier (Paul)

  • Looking at the Canadian federation installer and potential for something similar for InCommon
  • Also looking at the potential for custom configuration files and, down the road, some sort of auto-config managed service
  • There was discussion about how to engage people to help with moving along with making Shibboleth easier. Steve Zoppi suggested managing this activity in combination with TIER, perhaps via a JIRA backlog, given that this overlaps with TIER. TIER has already identified potential helpers for projects, which could be of benefit.

(AI) Steve Zoppi, Steve Carmody, and Paul Caskey will come back to TAC in two weeks with a proposal along these lines.

Next Meeting - Thursday, August 6, 2015 - 1 pm ET