TAC Meeting 2015-10-01
Thursday, October 1, 2015
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT
Dial-in Information
+1-734-615-7474 (preferred) (use this number unless you pay for long distance)
+1-866-411-0013 (US and Canada) (use this number if you pay for long distance)
Access Code: 0139713#
eDial: http://edial.internet2.edu/call/0139713
SIP: sip:session_0139713@edial.internet2.edu
If you are on a phone lacking a mute button, you can mute your phone via eDial by pressing ##1. To unmute, press ##1 again.
Agenda
- Review current action items below
Acceptance of minutes from TAC Meeting 2015-09-17
Updates
- Overloading the PAOS Binding (OPS)
Minor changes to the SSL CPS in order to accommodate ECC certs (Jim)
Fed-Interop Working Group (Nick)
- Note – Fed Interop WG F2F: Monday 10/5 at 12:10 ET, in the ACAMP area. If interested, please feel free to attend.
- DRAFT Charter - Packaging+for+Ease-of-Deployment+Working+Group (Jim)
- DRAFT TAC Charter, Version 2
- This version is "minimalist", relative to Version 1. This was done in order to provide flexibility going forward, while maintaining some structure. Is this the right approach ?
- If we go with the minimalist Charter, should we develop a second document describing what we're actually doing ? The assumption is that this document might be reviewed yearly.
- Tom Barton's 9/27 note with subject: tech guidance for Internet2
- TechEx F2F Agenda
- (your agenda item here)
Informational Items
- Research & Scholarship activity since September 17, 2015
- Unizin Community approved for R&S on September 23, 2015
- Duke University supports global R&S as of September 24, 2015
- LIGO Software Control System - Test approved for R&S on September 25, 2015
- New and updated wiki documents:
- R&S Application Form: completely refactored due to an unscheduled confluence upgrade
- Protect Against Failed Metadata Processes: announced to inc-ops-notifications on September 22
- Shibboleth Metadata Config: added simplified IdP V3 metadata configuration
- Global Metadata 2015-09-27: the latest stats on imported metadata
- InCommon Shibboleth IdP Deployments: the latest stats on Shib IdP V2 deployments
Carryover Action Items
- Steve Carmody will draft a wiki page outlining the steps involved in creating a category
- John Krienke will implement a policy review regarding whether SP registration of keys could be made optional. <= Ann West will review and determine whether to keep this on the list
- Steve, Ann, Dean and Michael will draft a proposal to address TAC member responsibilities, TAC transparency, and related processes.
Steve Carmody will send email looking for a chair for the MD Distribution WG
Keith Hazelton and Ann West will edit the appropriate pages to make clear that URLs are as good and possibly better than URNs for entitlement values, etc. They will also add a page to the wiki that makes the case for URLs over URNs.
Tom Barton will develop a WG charter re: how to coordinate incident response
Paul Caskey will take charge of the goal “Making Federation Easier”
Steven Carmody and Michael Gettes will develop a short white paper to document the requirements and goals related to attribute release.
- Those on the TAC call voted to accept the External Identities WG report. Steve Carmody will send email to the TAC list asking for confirmation from those not on the call, and also include information about next steps.
Ann West will develop a service-level agreement concerning the IdP of Last Resort for Leif Johannson and UnitedID
Keith Hazelton will follow-up on the status of a REFEDS proposal to inject an IdPoLR into eduGAIN metadata, without the IdP needing to join a federation.
- Steve Zoppi, Steve Carmody, and Paul Caskey will come back to TAC in two weeks with a proposal concerning "making Shib easier;" specifically about how to leverage work already done through TIER to attract schools and individuals willing to commit to development help.
Tom Scavo will ensure that “per-entity metadata” is in the 2016 TAC work plan.
Tom Scavo will draft a note to the ops listand participants listand recommend that Shib IdP deployers configure at least 1GB of heap in the JVM.Tom Barton will sketch some comments about how to approach the proposed draft TAC charter.
TAC is asked to provide feedback on the draft charter for the Containerization/East of Deployment Working Group and ensure that it meets the needs of the federation.
Tom Barton will develop a recommendation as to whether the TAC working group chartering process would be a useful process for developing a containerization working group in conjunction with TIER.
Steve Carmody will talk with those who brought the containerization WG concept to TAC and seek a tighter scoping of the concept.
Tom Barton will talk with Chris Hyzer about potentially participating in a containerization working group.
Minutes
Attending: Tom Barton, Keith Hazelton, Steve Carmody, Ian Young, Scott Cantor, Jim Jokl, Chris Misra, Mike LaHaye, Jim Basney, Steve Olshansky
With: Dean Woodbeck, Tom Scavo, IJ Kim, Nick Roy, Steve Zoppi, Ann West (lurking)
(AI) Jim Jokl will send email to TAC with more details about ECC certs, including a link to the ECC cert.
Minutes from Sept. 17 - OK as corrected
Ops Updates
Overloading the PAOS Binding - This is in response to a Clemson request for an endpoint location that is non-HTTPS. The Federation Manager enforces a requirement that an endpoint location to be of the type “anyURI.” On September 30, Ops relaxed the validation code in the FM, which allowed Clemson to submit the metadata. No issues were reported as a result of this change. Details at https://spaces.at.internet2.edu/display/inctac/Overloading+the+PAOS+Binding
The FeduShare GitHub project at https://github.com/fedushare/mech_saml_ec will be implementing updates from https://tools.ietf.org/html/draft-ietf-kitten-sasl-saml-ec-13. More information, including a live demo, at TechEx in the session “FeduShare: A User Managed Collaboration Framework” http://meetings.internet2.edu/2015-technology-exchange/detail/10003961/
Minor changes to the SSL CPS in order to accommodate ECC certs - The CPS needs to change to 2048-bit RSA key or 256-bit key for ECC. This requires a relatively modern version of OpenSSL to work. There is an ECC cert on incommontest.org for people to experiment with. (AI) Jim Jokl will send email to TAC with more details, including a link to the ECC cert. There will be some profile changes, too, but those don’t change the CPS, so do not require Steering action.
Federation Interoperability Working Group - The group is currently working on protocol flows, bindings, and identifiers. There is a working group meeting during TechEx. Once the WG has completed a draft, it has been suggested to run it by the TAC for feedback, and share it with the REFEDS list. The group will also likely post the draft on a public wiki page.
Packaging for Ease of Deployment WG - Proposal
Jim Jokl will chair this group - anyone interested in joining should email him. The proposed charter is on the TAC wiki: https://spaces.at.internet2.edu/display/inctac/Packaging+for+Ease-of-Deployment+Working+Group
Draft TAC Charter
Based on the discussion from the last TAC meeting, and the numerous comments in the Google doc, the charter has been revised and simplified. The new version is here:
https://docs.google.com/document/d/1vrorNJXwY1dxF53hOlKg8viBw0FcAqesxxzCGyd2adk/edit
Next Meeting
Wednesday, Oct. 7 - 11:20 am - 1:20 pm ET @ TechEx