You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

TAC Meeting 2015-10-01

Thursday, October 1, 2015
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT

Dial-in Information

+1-734-615-7474 (preferred) (use this number unless you pay for long distance)
+1-866-411-0013 (US and Canada) (use this number if you pay for long distance)

Access Code: 0139713#

eDial: http://edial.internet2.edu/call/0139713

SIP: sip:session_0139713@edial.internet2.edu

If you are on a phone lacking a mute button, you can mute your phone via eDial by pressing ##1. To unmute, press ##1 again.

Agenda

TAC Minutes being taken live now!
  1. Review current action items below

  2. Acceptance of minutes from TAC Meeting 2015-09-17

  3. Updates

    1. Overloading the PAOS Binding (OPS)

    2. Minor changes to the SSL CPS in order to accommodate ECC certs (Jim)

    3. Fed-Interop Working Group (Nick)

      1. Note – Fed Interop WG F2F: Monday 10/5 at 12:10 ET, in the ACAMP area. If interested, please feel free to attend.
    4. DRAFT Charter - Packaging+for+Ease-of-Deployment+Working+Group (Jim)
  4. DRAFT TAC Charter, Version 2
    1. This version is "minimalist", relative to Version 1. This was done in order to provide flexibility going forward, while maintaining some structure. Is this the right approach ?
    2. If we go with the minimalist Charter, should we develop a second document describing what we're actually doing ? The assumption is that this document might be reviewed yearly.
    3. Tom Barton's 9/27 note with subject: tech guidance for Internet2
  5. TechEx F2F Agenda
  6. (your agenda item here)

Informational Items

  1. Research & Scholarship activity since September 17, 2015
    1. Unizin Community approved for R&S on September 23, 2015
    2. Duke University supports global R&S as of September 24, 2015
    3. LIGO Software Control System - Test approved for R&S on September 25, 2015
  2. New and updated wiki documents:
    1. R&S Application Form: completely refactored due to an unscheduled confluence upgrade
    2. Protect Against Failed Metadata Processes: announced to inc-ops-notifications on September 22
    3. Shibboleth Metadata Config: added simplified IdP V3 metadata configuration
    4. Global Metadata 2015-09-27: the latest stats on imported metadata
  3. InCommon Shibboleth IdP Deployments: the latest stats on Shib IdP V2 deployments

Carryover Action Items

  1. Steve Carmody will draft a wiki page outlining the steps involved in creating a category
  2. John Krienke will implement a policy review regarding whether SP registration of keys could be made optional. <= Ann West will review and determine whether to keep this on the list
  3. Steve, Ann, Dean and Michael will draft a proposal to address TAC member responsibilities, TAC transparency, and related processes.

  4. Steve Carmody will send email looking for a chair for the MD Distribution WG

  5. Keith Hazelton and Ann West will edit the appropriate pages to make clear that URLs are as good and possibly better than URNs for entitlement values, etc. They will also add a page to the wiki that makes the case for URLs over URNs.

  6. Tom Barton will develop a WG charter re: how to coordinate incident response

  7. Paul Caskey will take charge of the goal “Making Federation Easier”

  8. Steven Carmody and Michael Gettes will develop a short white paper to document the requirements and goals related to attribute release.

  9. Those on the TAC call voted to accept the External Identities WG report. Steve Carmody will send email to the TAC list asking for confirmation from those not on the call, and also include information about next steps.

  10. Ann West will develop a service-level agreement concerning the IdP of Last Resort for Leif Johannson and UnitedID

  11. Keith Hazelton will follow-up on the status of a REFEDS proposal to inject an IdPoLR into eduGAIN metadata, without the IdP needing to join a federation.

  12. Steve Zoppi, Steve Carmody, and Paul Caskey will come back to TAC in two weeks with a proposal concerning "making Shib easier;" specifically about how to leverage work already done through TIER to attract schools and individuals willing to commit to development help.

  13. Tom Scavo will ensure that “per-entity metadata” is in the 2016 TAC work plan.

  14. Tom Scavo will draft a note to the ops list and participants list and recommend that Shib IdP deployers configure at least 1GB of heap in the JVM.

  15. Tom Barton will sketch some comments about how to approach the proposed draft TAC charter.

  16. TAC is asked to provide feedback on the draft charter for the Containerization/East of Deployment Working Group and ensure that it meets the needs of the federation.

  17. Tom Barton will develop a recommendation as to whether the TAC working group chartering process would be a useful process for developing a containerization working group in conjunction with TIER.

  18. Steve Carmody will talk with those who brought the containerization WG concept to TAC and seek a tighter scoping of the concept.

  19. Tom Barton will talk with Chris Hyzer about potentially participating in a containerization working group.

Minutes

Attending: Tom Barton, Keith Hazelton, Steve Carmody, Ian Young, Scott Cantor, Jim Jokl, Chris Misra, Mike LaHaye, Jim Basney, Steve Olshansky

With: Dean Woodbeck, Tom Scavo, IJ Kim, Nick Roy, Steve Zoppi, Ann West (lurking)

(AI) Jim Jokl will send email to TAC with more details about ECC certs, including a link to the ECC cert.

Minutes from Sept. 17 - OK as corrected

Ops Updates

Overloading the PAOS Binding - This is in response to a Clemson request for an endpoint location that is non-HTTPS. The Federation Manager enforces a requirement that an endpoint location to be of the type “anyURI.” On September 30, Ops relaxed the validation code in the FM, which allowed Clemson to submit the metadata. No issues were reported as a result of this change. Details at https://spaces.at.internet2.edu/display/inctac/Overloading+the+PAOS+Binding

The FeduShare GitHub project at https://github.com/fedushare/mech_saml_ec will be implementing updates from https://tools.ietf.org/html/draft-ietf-kitten-sasl-saml-ec-13. More information, including a live demo, at TechEx in the session “FeduShare: A User Managed Collaboration Framework” http://meetings.internet2.edu/2015-technology-exchange/detail/10003961/

Minor changes to the SSL CPS in order to accommodate ECC certs - The CPS needs to change to 2048-bit RSA key or 256-bit key for ECC. This requires a relatively modern version of OpenSSL to work. There is an ECC cert on incommontest.org for people to experiment with. (AI) Jim Jokl will send email to TAC with more details, including a link to the ECC cert. There will be some profile changes, too, but those don’t change the CPS, so do not require Steering action.

Federation Interoperability Working Group - The group is currently working on protocol flows, bindings, and identifiers. There is a working group meeting during TechEx. Once the WG has completed a draft, it has been suggested to run it by the TAC for feedback, and share it with the REFEDS list. The group will also likely post the draft on a public wiki page.

Packaging for Ease of Deployment WG - Proposal

Jim Jokl will chair this group - anyone interested in joining should email him. The proposed  charter is on the TAC wiki: https://spaces.at.internet2.edu/display/inctac/Packaging+for+Ease-of-Deployment+Working+Group

Jim plans to announce this effort at TechEx then do some recruiting via InCommon and TIER lists. The WG plans to complete its work before the TIER release date of April 2016.

Draft TAC Charter

Based on the discussion from the last TAC meeting, and the numerous comments in the Google doc, the charter has been revised and simplified. The new version is here:
https://docs.google.com/document/d/1vrorNJXwY1dxF53hOlKg8viBw0FcAqesxxzCGyd2adk/edit

Next Meeting

Wednesday, Oct. 7 - 11:20 am - 1:20 pm ET @ TechEx

 

 

 

  • No labels