Attending

 Members

  • Chris Phillips, CANARIE  (chair)  
  • Rob Carter, Duke   
  • Nathan Dors, U Washington   
  • Jill Gemmill, Clemson   
  • Ann Harding, SWITCH/GEANT  
  • Karen Herrington, Virginia Tech    
  • Todd Higgins, Franklin & Marshall College   
  • Tom Jordan, U Wisc - Madison    
  • Les LaCroix, Carleton College     

 Internet2 

  • Steve Zoppi    
  • Ann West 
  • Emily Eisbruch   

Regrets

  • Warren Anderson, University of Wisconsin-Milwaukee /LIGO  
  • Tom Barton, U Chicago   
  • Christos Kanellopoulos, GEANT  
  • Kevin Morooney, Internet2

DISCUSSION

FIM4R Gap Analysis and Recommendations Work  

  • Updates on latest for outreach to Inc-TAC, CTAB, TIER Component Architects – 
  • Introduction of CACTI-discuss list for public outreach and discussion of CACTI related topics 
  • FIM4R blog:  https://www.internet2.edu/blogs/detail/16295
  • Chris reported that outreach to get input on FIM4R has been done to CTAB, Component Architects and InCommon TAC
  • CTAB is reviewing the space to see which parts are relevant
  • Hoping for public dialog through the CACTI-discuss list
  • Component Architecture discussion will be Wed Sept 5 at 1pm ET
    • Jill will plan to join that call
    • Jill and others who want to join the Sept 5 discussion, please email SteveZ to get included on the invite

The CACTI members on the call discussed themes for recommendations in the FIM4R gap analysis/response. Comments:

  • IDP Proxies are filling gap for lack of institutional IDs.
  • Proxies are needed due to multiple identities.
  • Suggest a TIER for Research, a software initiative funded by Internet2 to bridge the gap.
  • We can’t rely on young institutional IDPs
  • How is this different from Internet2 running an IDP of last resort? 
  • Need something to pull identities together to access research
  • Research SPs have Issue around getting the additional data IDPs are not releasing 
  • Decorating an existing identifier is what COmanage and Grouper does.
  • Internet2 is implementing COmanage for that reason
    • Not exactly a proxy, but it does identity linking
  • We should support COmanage, it can solve guest affiliate problem campuses have
  • also recognize there is some bilateral configuration
  • Find test campuses to do pilot deployments of COmanage
  • CILogon example
  • Community needs to have discussion on how to integrate well established proxies services like CI Logon into the infrastructure
  • TIER for research, as Les outlined is good
  •   implementation pilots (in service context) are crucial
  • Aggregate into an ecosystem that can be used by wider group
  • Need to suggest or define the service context
  • Re federation operators running services, InCommon is trying to identify gaps that orgs have with federation
  •  InCommon TAC is looking at requirements for IDP as a service
    • not exactly IDP of last resort, but for institutions that are not able to stand up an IDP
  • Want to be flexible and agile
  • Structure a way of engaging partners to provide services
  • Could be a COmanage implementation and surrounding environment 
  • Level 2 identity is important and provides value in the InCommon federation
  • What Level of security would outsourced IDP solutions have?
  • We look to the community for the requirements for the services
  • Mechanisms needed to make the flow easier for researchers
  • At 2017 Tech Ex, researchers said they care about high value identities if they can get the attributes they need. 

Reaching Service Providers

  • We need to be sure service providers know how to take advantage of what we offer them
  • Challenge reaching service providers

Non Web Authentication  

  • Non-web authentication is a gap
  • Use cases are increasing
  • We should evaluate how to increase representation of researchers within TIER
  • Is OPENID Connect the recipe for non web solutions?
  • Where is the best venue for the discussion of non-web?
  • Need to know more from FIM4R authors about the origin and highest priority use cases of the non-web discussion
  • Responsibility for CI Logon?
  • How can we influence an institution to do things differently? Training, messaging, to home institutions. 

David Walker is aggregating FIM4R response, including comments above, into a consolidated form.

Review OIDF R&E Charter for feedback

  1. Nathan - there are several OIDC activities at TechEx 2018https://meetings.internet2.edu/2018-technology-exchange/
  • Will hear about OIDC plugin for Shib
  • What are the most important talking points?
  • Consistent messaging is needed
  • What are the OIDC adoption strategies?
  • Some want a separate infrastructure, some want bundled approach for OIDC, and there is also hybrid approach
  • There is an IAM Online webinar opportunity about OIDC the week before TechEx
    • Could present Introduction to OIDC deployment patterns
    • Focus on education around OIDC
  • Adoption strategies
    • We should put forth recommendations
    • Overlay of trust is not present unless the right people show up at OPENID Foundation
    • We need to encourage wide participation at  the OPENID Foundation
    • “The market will choose” approach is happening, 
    • The InCommon OIDC Deployment Working Group  https://spaces.at.internet2.edu/x/jJiTBg is discussing the messaging but needs to check in with InCommon TAC and other REFEDS people will be helpful 

Community  Reports

  1. MACE Dir Transition Status: Progressing 
      1. Sunset Transition Doc https://docs.google.com/document/d/1MbsvYWA2dyQIE0fGUpzxu84ImQtwTESgB8e3VEQ_Z5w/edit#heading=h.pjiszqpbrsc4
      2. Proposed Requirements to transition eduPerson to REFEDS: https://docs.google.com/document/d/1rQnJFT-j7V4XsxgA4K8ozZzPVElLm_iB4cMQLXvuXn0/edit
  1. TechEx in Orlando:  

      1. CACTI  calls prior to TechEx:   Tues Sept 4 (1st day back after Labour day), Tues Sept 18, Tues Oct 2,  
      2. open CACTI meeting at TechEx in Orlando (Thursday, Oct 18 at lunch )  
      3. https://meetings.internet2.edu/2018-technology-exchange/detail/1000524

 

Next Call: Tuesday, Sept. 4, 2018 - day after Labor Day