TAC Meeting 2015-03-19

Thursday, March 19, 2015
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT

Dial-in Information

+1-734-615-7474 (preferred) (use this number unless you pay for long distance)
+1-866-411-0013 (US and Canada) (use this number if you pay for long distance)

Access Code: 0139713#

eDial: http://edial.internet2.edu/call/0139713

SIP: sip:session_0139713@edial.internet2.edu

If you are on a phone lacking a mute button, you can mute your phone via eDial by pressing ##1. To unmute, press ##1 again.

Live Minutes

Taking minutes via a Google Doc. All are welcome to view/edit/add


  1. Please review carryover action items
    1. See this marked up list of action items
  2. Update: Per-Entity Metadata Pilot (TomS, Ann)
    1. Report on Per-Entity Metadata (review and update)
  3. URNs vs URLs (Keith)
  4. Discussion: Strawman 2015 Goals (Steve)
  5. Draft Charter for the Best Practices WG (Steve)
  6. Registered By InCommon Category (David)
  7. REFEDS R&S migration strategy (TomS)
  8. ECC Certificates (JimJ)
  9. (your agenda item here)

Informational Items

  1. OpenSSL Security Advisory (19 Mar 2015)
  2. Happy 10th Birthday SAML V2.0
  3. Research & Scholarship activity since March 5, 2015
  4. Updated as a result of community feedback (please review):
    1. Software Guidelines
      1. Using Other Software
  5. New wiki pages from the New Entities WG:
    1. Registered By InCommon Category
    2. Preparing for eduGAIN Metadata
  6. Refactored wiki pages:
    1. Research and Scholarship Entity Metadata
    2. Default Attribute Release
    3. Essential Attribute Bundle Config
    4. Research and Scholarship IdP Config
  7. (your info item here)

Carryover Action Items

  1. Steve Carmody will draft a wiki page outlining the steps involved in creating a category
  2. John will discuss with TAC how the Google OpenID Gateway might be operated and/or funded
  3. TAC will develop a recommendation for the potential necessary resources for eduGAIN implementation.
  4. John and Steven will review the Phase 2 Recommendations and propose to TAC a list of items that need to be addressed as a result of accepting the Recommendations
  5. John Krienke will distribute a list of outcomes related to the MD-Distribution recommendations
  6. John Krienke will implement a policy review regarding whether SP registration of keys could be made optional.
  7. Steve Carmody and John Krienke - Take to Steering for a policy discussion the issue of maintaining/guaranteeing the strength of the trust fabric through proactive scanning and probing of entities on behalf of the federation and its participants.
  8. Scott Cantor will continue to push discussion of the Affiliation-Based Access category and a library services category (proposed by SWITCH) and represent the TAC’s support for both.
  9. Ann West will bring up with the InC-Student working group the issue of R&S attribute release and its relationship (or not) to students who invoke the FERPA opt-out.
  10. Tom Scavo and Tom Barton will work on making available to campuses the InCommon scripts used to identify SP’s with endpoints that are not compatible with SHA-2.
  11. TAC members will review the original strategic priorities document and propose priorities for the rest of 2014.
  12. Tom Barton, Chris Misra, and Nick Roy (should he accept), and one or two members of Assurance Advisory Committee (AAC) (should they accept) will develop a list of first steps that InCommon might take vis a vis future security issues like Heartbleed.
  13. Steve Carmody will contact Nick Roy and the AAC leadership about participating in the Heartbleed group.
  14. Steve Carmody will initiate the process of developing a working group to deal with the larger gateway and interfederation issues.
  15. Steve Carmody will compare the priorities spreadsheet discussed today with the original TAC document on InCommon strategic priorities and call out major differences
  16. Scott, David, and TomB will reformulate the text in section 7.2 of the FOPP. The group will also look at the text in section 9 in light of the Google Gateway and eduGAIN but that may be deemed out of scope initially.
  17. Ann will keep TAC in the loop with respect to the Steering group working on eduGAIN policy issues.
  18. InCommon staff will go back to the drawing board and discuss possible paths forward with respect to REFEDS R&S and eduGAIN.
  19. Steve C. will send a note to Nicole Harris asking that she accept proposed changes through the end of August.
  20. John K. will ask Comodo about moving to support SHA2 in the other CAs, specifically to meet a Microsoft deadline of January 2016.
  21. Tom Scavo and Steve Carmody will clarify the REFEDS R&S definition.
  22. Steven Carmody and Keith Hazelton (and whomever else wishes to) will edit these for clarification and to send to Steering Program subcommittee.
  23. Prior to the break, Steve Carmody will develop a scope of work for an “eduGAIN punch list”
  24. Steve Carmody will communicate the Alternative IdP Working Group final report and recommendations to Steering.
  25. Steve, Ann, Dean and Michael will draft a proposal to address TAC member responsibilities, TAC transparency, and related processes.
  26. Steve Carmody will send email looking for a chair for the MD Distribution WG
  27. Ann will talk to Jacob Farmer about participating in developing the charter for the Baseline Practices WG.


Attending: Steve Carmody, Ian Young, Nick Roy, Jim Jokl, Scott Cantor, Keith Hazelton, Jim Basney, Paul Caskey, David Walker, Michael Gettes

With: Tom Scavo, Dean Woodbeck, IJ Kim, Nate Klingenstein, Steve Zoppi, Ann West

Action Items

(AI) Keith Hazelton and Ann West will edit the appropriate pages to make clear that URLs are as good and possibly better than URNs for entitlement values, etc. They will also add a page to the wiki that makes the case for URLs over URNs.

(AI) Steve Carmody will edit the Best Practices Working Group charter, incorporating the comments and the wiki page, and send a note to the TAC email list when he has finished the editing.

(AI) Steve Carmody and Nick Roy will recruit non-usual suspects to join the Best Practices Working Group. We need to make sure that these baseline practices are achievable for smaller institutions.

(AI) At its next meeting, TAC will review the R&S Migration Strategy, confirming the consensus that InCommon should follow Option #1 on this wiki page: https://spaces.at.internet2.edu/display/inctac/REFEDS+RandS+Migration+Strategy

(AI) Tom Scavo will summarize the consensus of TAC members with respect to the REFEDS R&S migration strategy.

Per-Entity Metadata Pilot

Tom Scavo reported that we will continue to operate the mdq-beta.incommon.org server, given that LIGO and UW-Milwaukee are using it in production for eduGAIN. This will also allow the next iteration of the Metadata Distribution Working Group to spin up and determine whether this will become a full production service. See the per-entity metadata report on the wiki.

URNs vs URLs

Keith noted that MACE-DIR is receiving a number of requests for URNs (rather than URLs). He asked TAC to consider the question, “Should we be doing more to promote the use of URLs in preference to URNs in situations where InCommon (and Internet2) recommend the use of URNs or URLs to guarantee global uniqueness of values?” (See https://spaces.at.internet2.edu/display/inctac/URNs+vs+URLs) There is a wiki page that advocates URLs but does not provide a rationale.

There was consensus that we should promote URLs over URNs. (AI) Keith and Ann will edit the appropriate pages to make clear that URLs are as good and possibly better than URNs for entitlement values, etc. They will also add a page to the wiki that makes the case for URLs over URNs. This does NOT mean we’re deprecating or trying to purge URN-based values.

Strawman: 2015 Goals

Steve discussed the 2015 goals sheet that he distributed earlier via email. The Steering Program Subcommittee is in the process of setting priorities based on this strawman. TAC members have been asked to review the document and send their choice for the top five InCommon priorities for 2015 to the TAC email list.

Draft Charter for the Best Practices WG

TAC discussed and reviewed the draft charter for this working group (https://spaces.at.internet2.edu/display/inctac/Best+Practices+Working+Group). There is already consensus among TAC and Steering that developing these practices will be a 2015 priority.

TAC voted to approve this working group and charter.

(AI) Steve Carmody will edit the charter, incorporating the comments, and send a note to the TAC email list when he has finished the editing.

(AI) Steve and Nick will recruit non-usual suspects to join this working group. We need to make sure that these baseline practices are achievable for smaller institutions.

Registered By InCommon Category

There was discussion about adopting and operationalizing the “Registered by InCommon” category, which would allow identification of the registration authority. This is recommended by the New Entities working group and was discussed here two weeks ago. A description of the category is here: https://spaces.at.internet2.edu/display/NewEntities/Registered+By+InCommon+Category

(AI) Steve Carmody will provide a summary of this category and its implications to Steering as an informational item.

REFEDS R&S Migration Strategy

There was discussion of the InCommon migration strategy for the REFEDS R&S category. Tom Scavo has added a third migration option to an existing wiki page: https://spaces.at.internet2.edu/display/inctac/REFEDS+RandS+Migration+Strategy
There was discussion about what we are trying to achieve. If we’re going to have all IdPs do some work, for instance, we should end up in a better state at the end (for instance, that the legacy InCommon-only R&S entity would be removed from metadata). There was support for that viewpoint from TAC. Also, that InCommon messaging should encourage the adoption of the international category.

There was general consensus for Option #1 on the R&S Migration Strategy wiki page, but TAC will review this again at the next meeting before making a final decision.

ECC Certs

Jim Jokl discussed the need to create profiles for ECC certs and is spinning up the Wednesday calls in the next week or so. Scott Cantor said that he would do software testing once the group has something developed.

Next TAC Meeting - April 2 - 1 pm ET
