Action Items from June 23
(AI) Chris Misra will draft language for the FOPP, which will then be vetted by TAC and ultimately recommended to Steering
(AI) Steve will incorporate the proposed changes to the “TAC Response to Priority Planning” and send the revised document to TAC no later than June 27 for comment. The document will be finalized after the close of business on June 29 and will be sent to Kevin Morooney for consideration.
(AI) Steve will contact TAC members about draft charters for items on the TAC Work Plan in time for the July 7 TAC call.
Attending: Tom Barton, Steve Carmody, Tom Mitchell, Mark Scheible, Jim Jokl, Scott Cantor, Kim Milford, Keith Hazelton, Albert Wu
With: Dean Woodbeck, Nick Roy, David Walker, IJ Kim, Ian Young, Tom Scavo, Mike LaHaye, Paul Caskey, Ann West
TAC agreed to recommend the FOPP changes to Steering and will propose to InCommon management that incident response procedures be created and an incident response plan be documented, perhaps with the help of one or more campus security officers (and others as needed). (AI) Steve Carmody will send notes to Steering and InCommon management with these recommendations.
Approved to make public
Upgrades that are in progress
To support the Steward Model, major changes to the Federation Manager are required. IJ has a prototype. IdP mdui:DisplayName will be editable. Will have multiple IdPs per organization (will be an undocumented feature).
The Ops Advisory Group recommends that Ops implement the following Interfederation Technical Policy rules:
After discussion at the last TAC meeting, Chris Misra reviewed the FOPP looking for a place that addresses security, with an eye toward inserting language allowing the InCommon Federation to take action should a security situation arise. He recommends this change to section 10.3.1:
10.3.1 Suspension for reasons of security
A Participant may request the suspension of any Federation services in the case of Administrator credential compromise, participant key compromise, or other security compromise within the Participant's systems. This request may be made via e-mail or telephone from the Executive or Administrator and will be verified by InCommon using trusted communication channels. Suspension may include processes such as revoking credentials, or removing or modifying Metadata.
If InCommon suspects any compromise or negligence on the part of a Participant, it will make reasonable efforts to contact Participant to verify Participant's status. In the case of a significant security incident that poses an unacceptable risk to InCommon or other Federation participants, InCommon may take immediate remediation actions commensurate with the impact of the incident. For example, a non-responsive Administrator's account may be suspended for the security and safety of Participant's Metadata if InCommon suspects an Administrator is no longer active and its repeated attempts at contact go unanswered.
Chris also recommended developing a document that would include InCommon’s incident response procedures, that would be approved by both TAC and InCommon Steering.
TAC agreed to recommend the FOPP changes to Steering and will propose to InCommon management that incident response procedures be created and an incident response plan be documented, perhaps with the help of one or more campus security officers (and others as needed). (AI) Steve Carmody will send notes to Steering and InCommon management with these recommendations. |
https://docs.google.com/spreadsheets/d/1-08e_nWxbxbsQsFuQiOsh_G-zqAvXf7T4Ka7dF3Ai8c/edit#gid=0
Steve Carmody provided an update on a number of items in the TAC work plan, including: