Click on the title of any column to reorder the list. # Name Document (if any) Issue Description Theme Scope for this group? Action Item 1 Warren Will publishing of InCommon IdPs and SPs into eduGAIN be opt-in or opt-out? opt-in/ In Scope for policy decision Key Issue. 2 Warren Will eduGAIN metadata feeds be aggregated into the InCommon feed or pulled separately by InCommon IdPs and SPs? Metadata practices Out of Scope TAC 3 Warren Will InCommon simply publish the metadata as it arrives from eduGAIN, or will it add value, by, for instance: Metadata practices Minimally In scope TAC 4 Von Research SPs and making sure that the ease of obtaining attribute release that the Research and Scholarship category has enabled within InCommon expands to the international arena. R&S Out of Scope but Note Bene InC Ops/ 5 Ann FOPP Section 1. Add international context/role description Role Definition In Scope 6 Theresa FOPP Section 2. Organizational Structure: do we need a basic flow chart? Document Clarity Out of Scope Doc Editors 7 Bill FOPP Section 7.2 Relationship of Systems to Participant: Are ownership structures different in eduGain? Does that matter? Are their significant commercial or government systems influencing federations? [Warren's response] Legal/ Process In Scope ]]></ac:plain-text-body></ac:structured-macro> 8 Steven FOPP Update the IdP and SP definitions to better reflect the complexities of the environment. 9 Bill FOPP Are the types of Identity Providers and Service Providers in eduGain substantially different entities than what we see in our federation? Are there different trust marks or certification marks than what we tend to use? If substantially different how will we inform our participants of what those entities are? [Warren's response] 10 Ann FOPP Section 7.3.2 Metadata description needs to reflect interfederation InCommon Practices 11 Bill FOPP Do we need to include dispute resolution between federations? ]]></ac:plain-text-body></ac:structured-macro> 12 Steven FOPP Section 9.2 InCommon must put in place processes to require the POP. Note Bene ]]></ac:plain-text-body></ac:structured-macro> 13 Theresa PA Disclaimer and Limitation: How will this be worded? Attorney's get really squeamish with these types of statements. 14 Ann FOPP Federation Technical Infrastructure will need mention of how eduGAIN is supported. InCommon Practices 15 Ann PA Add description to section 1. Role Definition 16 Ann PA Update 6. Participant Requirements regarding governing law, accurate metdata, and documenting practices as needed for participant to support eduGAIN. Participant Requirements/ 17 Ann PA Section 7 InCommon Federation Services. Will be sharing metadata internationally as well. Upon request? opt-in/ 18 Bill PA Section 9. I suspect "privacy" rules are the biggest impact from a regulation standpoint. What are eduGains requirements from their participants in this area? [Donald's response] Privacy 19 Ann PA Section 7: Federation Rules - Do we need to allude to other federations here or let the responsibility for applying those rules rest on InC to promulgate? [Bill's response] [Donald's response] 20 Bill PA Section 13: Are edGAIN insurance requirements similar, equitable? Does InCommon verify insurance contracts of participants? 21 Theresa PA Section 15. Many public institutions are not allowed to agree to governance that is not within their state. Can this be reworded? 22 Group PA Participants have a choice and would sign a new agreement. Opt-out, we would send them the changes and propose a time when they would take effect. Either way, this the changes to this Agreement would be publicly vetted and discussed. opt-in/ 23 Ann PA Section 11: Is there an international impact on liability? Is there increased risk to the federation and participant? How should we proceed? 24 Bill PA Section 10. Dispute Resolution: Should InCommon help with international disputes? ]]></ac:plain-text-body></ac:structured-macro> 25 Theresa PA Section 9. This is pretty ambiguous, can "as be required by federal and European law be added to the statement? privacy 26 All FOPP Section 10. Termination or Suspension: what does this mean in the international context? 27 Steven Recommended attributes for interoperability: Includes SCHAC attributes. What does InCommon want to recommend to our members? 28 Steven eduGAIN uses two metadata fields that are not required or different from what we do. (isRequired and MDUI) What does InCommon want to recommend to our members? 29 Steven What configuration should we recommend to our IdPs and SPs? 30 Bill Why is there an additional risk statement on the FOPP page? https://incommon.org/docs/policies/risk_assessment.html Can this be eliminated or incorporated into the policies in some way? Trust?
In particular, if we make publishing metadata into eduGAIN and pulling metadata from eduGAIN opt-in activities, it seems to me we might be able to simply have separate agreements and operating procedures for those efforts. It also seems to me as though we can start asking those IdPs and SPs that choose to participate what added value might be of most benefit to them.
opt-out
a) filtering eduGAIN metadata (to remove malformed metadata or metadata that does not comply with InCommon standards/expectations, metadata from commercial enterprises entering through other federations, etc?)
b) negotiating attributes release policies, entity category tags, SAML versions, hash algorithms, etc with other eduGAIN participating federations.
c) interpreting legal obligations related to PII or other attribute release from other federations to make it easier for InCommon IdPs and SPs.
d) other similar value-adding activities.
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3f0925d7-7bc1-40c8-a081-eb3be4ebf5d9"><ac:plain-text-body><![CDATA[[John's response] Perhaps in an adjacent or linked document (TBD), InCommon Ops should publish our import filtering rules and export filtering rules in human readable format. Import filter will remove any tags we are authoritative for (e.g., InCommon Bronze, Silver), all certs <1024 bit key strength, duplicate md entries from eduGAIN sources, other filters...
]]></ac:plain-text-body></ac:structured-macro>
item C
TAC
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="347a0b23-484d-4421-8ab8-a92f56b87d2d"><ac:plain-text-body><![CDATA[[Tracy's response] or a graphic?
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="281e2a5a-b205-489b-b8b5-c2875ad697d6"><ac:plain-text-body><![CDATA[[Susan response] What about a federal inquiry? How do we handle those things that aren’t an adjudicated order? Or sensitive research with an entity in a hostile nation that raises questions from the US Gov?
. eduGAIN itself does not add additional tags to metadata of this sort.
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f5d22029-07d7-452a-b40b-2325d663630c"><ac:plain-text-body><![CDATA[*[Tracy's response] *Could we get guidance from the Global Network at Berkman for international governance models?
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fceed516-daee-4d9b-97f8-dcf374f09ee3"><ac:plain-text-body><![CDATA[[John's response] This is dealt with in eduGAIN policy.
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2c746441-37c4-42e1-a30e-c3f8f43fc7af"><ac:plain-text-body><![CDATA[[Bill's Comments] Section 9.2 talks about "communications" and "support" but seems to be mainly about support. It states documents and POPs are published on InCommon Website. Is that the only communication requirement? Where are POPs published? I am not real familiar with the Federation Manager, does it allow users to browse POPs?
Practices
opt-out
opt-out
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="95c83dd1-2e4e-4774-bb88-b89ddcc3840c"><ac:plain-text-body><![CDATA[[Bill response] Sounds like a slippery slop to suggest international dispute resolution. I will confer with Scott David for an opinion.