Page tree
Skip to end of metadata
Go to start of metadata



  • Chris Phillips, CANARIE  (chair)  
  • Rob Carter, Duke   
  • Nathan Dors, U Washington   
  • Jill Gemmill, Clemson   
  • Ann Harding, SWITCH/GEANT  
  • Karen Herrington, Virginia Tech    
  • Todd Higgins, Franklin & Marshall College   
  • Tom Jordan, U Wisc - Madison    
  • Les LaCroix, Carleton College     


  • Steve Zoppi    
  • Ann West 
  • Emily Eisbruch   


  • Warren Anderson, University of Wisconsin-Milwaukee /LIGO  
  • Tom Barton, U Chicago   
  • Christos Kanellopoulos, GEANT  
  • Kevin Morooney, Internet2


FIM4R Gap Analysis and Recommendations Work  

  • Updates on latest for outreach to Inc-TAC, CTAB, TIER Component Architects – 
  • Introduction of CACTI-discuss list for public outreach and discussion of CACTI related topics 
  • FIM4R blog:
  • Chris reported that outreach to get input on FIM4R has been done to CTAB, Component Architects and InCommon TAC
  • CTAB is reviewing the space to see which parts are relevant
  • Hoping for public dialog through the CACTI-discuss list
  • Component Architecture discussion will be Wed Sept 5 at 1pm ET
    • Jill will plan to join that call
    • Jill and others who want to join the Sept 5 discussion, please email SteveZ to get included on the invite

The CACTI members on the call discussed themes for recommendations in the FIM4R gap analysis/response. Comments:

  • IDP Proxies are filling gap for lack of institutional IDs.
  • Proxies are needed due to multiple identities.
  • Suggest a TIER for Research, a software initiative funded by Internet2 to bridge the gap.
  • We can’t rely on young institutional IDPs
  • How is this different from Internet2 running an IDP of last resort? 
  • Need something to pull identities together to access research
  • Research SPs have Issue around getting the additional data IDPs are not releasing 
  • Decorating an existing identifier is what COmanage and Grouper does.
  • Internet2 is implementing COmanage for that reason
    • Not exactly a proxy, but it does identity linking
  • We should support COmanage, it can solve guest affiliate problem campuses have
  • also recognize there is some bilateral configuration
  • Find test campuses to do pilot deployments of COmanage
  • CILogon example
  • Community needs to have discussion on how to integrate well established proxies services like CI Logon into the infrastructure
  • TIER for research, as Les outlined is good
  •   implementation pilots (in service context) are crucial
  • Aggregate into an ecosystem that can be used by wider group
  • Need to suggest or define the service context
  • Re federation operators running services, InCommon is trying to identify gaps that orgs have with federation
  •  InCommon TAC is looking at requirements for IDP as a service
    • not exactly IDP of last resort, but for institutions that are not able to stand up an IDP
  • Want to be flexible and agile
  • Structure a way of engaging partners to provide services
  • Could be a COmanage implementation and surrounding environment 
  • Level 2 identity is important and provides value in the InCommon federation
  • What Level of security would outsourced IDP solutions have?
  • We look to the community for the requirements for the services
  • Mechanisms needed to make the flow easier for researchers
  • At 2017 Tech Ex, researchers said they care about high value identities if they can get the attributes they need. 

Reaching Service Providers

  • We need to be sure service providers know how to take advantage of what we offer them
  • Challenge reaching service providers

Non Web Authentication  

  • Non-web authentication is a gap
  • Use cases are increasing
  • We should evaluate how to increase representation of researchers within TIER
  • Is OPENID Connect the recipe for non web solutions?
  • Where is the best venue for the discussion of non-web?
  • Need to know more from FIM4R authors about the origin and highest priority use cases of the non-web discussion
  • Responsibility for CI Logon?
  • How can we influence an institution to do things differently? Training, messaging, to home institutions. 

David Walker is aggregating FIM4R response, including comments above, into a consolidated form.

Review OIDF R&E Charter for feedback

  1. Nathan - there are several OIDC activities at TechEx 2018
  • Will hear about OIDC plugin for Shib
  • What are the most important talking points?
  • Consistent messaging is needed
  • What are the OIDC adoption strategies?
  • Some want a separate infrastructure, some want bundled approach for OIDC, and there is also hybrid approach
  • There is an IAM Online webinar opportunity about OIDC the week before TechEx
    • Could present Introduction to OIDC deployment patterns
    • Focus on education around OIDC
  • Adoption strategies
    • We should put forth recommendations
    • Overlay of trust is not present unless the right people show up at OPENID Foundation
    • We need to encourage wide participation at  the OPENID Foundation
    • “The market will choose” approach is happening, 
    • The InCommon OIDC Deployment Working Group is discussing the messaging but needs to check in with InCommon TAC and other REFEDS people will be helpful 

Community  Reports

  1. MACE Dir Transition Status: Progressing 
      1. Sunset Transition Doc
      2. Proposed Requirements to transition eduPerson to REFEDS:
  1. TechEx in Orlando:  

      1. CACTI  calls prior to TechEx:   Tues Sept 4 (1st day back after Labour day), Tues Sept 18, Tues Oct 2,  
      2. open CACTI meeting at TechEx in Orlando (Thursday, Oct 18 at lunch )  


Next Call: Tuesday, Sept. 4, 2018 - day after Labor Day