Page tree
Skip to end of metadata
Go to start of metadata




  • Chris Phillips, CANARIE  (chair)  
  • Marina Adomeit, GEANT 
  • Tom Barton, U. Chicago   
  • Nathan Dors, U Washington,    
  • Karen Herrington, Virginia Tech     
  • Todd Higgins, Franklin & Marshall College   
  • Christos Kanellopoulos, GEANT   
  • Les LaCroix, Carleton College  


  • Steve Zoppi   
  • Emily Eisbruch   


  • Warren Anderson, University of Wisconsin-Milwaukee /LIGO 
  • Rob Carter, Duke  
  • Jill Gemmill, Clemson  
  • Tom Jordan, U Wisc - Madison 
  • Kevin Morooney , Internet2
  • Ann West, Internet2 

 New Action Item

{AI] (Christos) email CACTI with the name of the open AARC list looking at  scalability of trust network, etc.   (DONE)

[AI] (ChrisP) follow up with Les and Christos on next steps for URN / OID registry.


CACTI membership

  • Welcome to new CACTI member Marina Adomeit  
    • Marina works for academic network of Serbia
    • Leading Trust and Identity services activity in GEANT
      • This will include development of Trust and Identity services
    • Hope to inform roadmaps for Internet2 and GEANT
    • Currently in planning period
    • Project phase divided into development and operations 
    •  CACTI hopes to feed input into 2019 planning process for Internet2 and GEANT.

    •  Kickoff for project planning in GEANT is in Jan. 2019


eduPerson Transition to REFEDs 

MACE URN OID Transition 

      • With URL, it’s expected  you can click on it and  get something… this issue does not exist for URNs
      • One advantage of URL versus URN is with URL, you don’t need to update contact info in a place you don’t own
      • URLs are good for entityIDs but not for all use cases
      • It was suggested that  we should maintain the URN service even if not used much
      • For a central registry there must be authority and vetting
      • Current process when a new URN is requested: people make a judgment call on 
        • 1) if the requester institution is part of Higher Ed and
        •  2) if the person requesting has authority to request for the institution 
        • TomB offers to be the initial intake person for CACTI

      • Q: Would MACE registry be source of URNs for GEANT’s use?
      •  A: They mostly use the GÉANT URN namespace 

      • Les recommends stronger language on the web page to recommend URLs over URNs
      •  Current language is here
      • TomB: the more we operationalize delegation, the more URNs will have usage
      • Agreed that we should  maintain the URN service for existing entities, but no consensus beyond that
      • [AI}ChrisP will follow up with Les and Christos on next steps for URN / OID registry.
      • Thanks to Les for the research and recommendations

Emerging Federated Id Challenges with cloud stories  

      •  Azure, Multilateral trust with federated id, and eduroam
      • Google apps for education, AWS IDM - distant #2, #3?
      • Q: Is there a recommendation that Internet2/InCommon/others have? Is this topic in harmony with current activities?
      • ChrisP shared an email with one site’s perspective on moving to the cloud
        • CAS as a component for single sign-on, but then security concerns arose
      • Nathan shared via email a diagram from IDP governance discussion 
        • Governance decision is important
        • Example Nathan shared centered on decision to use OAUTH
        • Can be complicated and messy
      • TomB: Global R&E Federated Access Ecosystem
        • Maintain research networks and research  federations, 
        • Must be inclusive 
        • Use proxies
      • What about using Shib IdP in Azure as the proxy?
        • Setosa is the solution being used
      • Christos: moving in direction of using proxy and linked proxies, allows communities to use whatever software, but providing integration and interfaces. Connecting protocols.  Offering connector service. eduGAIN as a trust network.  Looking at putting IDPs in eduGAIN as the trust network.
        • Discussion within AARC project . Looking a scalability, and issues coming up from real deployments
        •  {AI] (Christos) email CACTI with the name of the open AARC list looking at  scalability of trust network, etc.   (DONE)
      • Les: as a small school IDP operator, using Shib for Web SSO, delegates to AD.
          •  It is a kind of proxy . Using Azure and Google federated with Shib. Different services tap in.  
          • Will also put some in cloud, primarily for redundancy. Like the diagram Nathan shared. Not sure the best solution
      • Nathan:  the OIDC Deployment Working Group has a few  more calls this year, developing the plan for 2019.  
          • May recharter and reduce the scope and create practical deployment guides for using the GEANT extension or using Setosa or a proxy.  
          • Deployment guides could include patterns of deployment in the cloud. 

Reports from the Field  

 2019 Internet2 Global Summit in DC

Parking lot: Suggestions from Oct 30, 2018  CACTI  call

    • ask RolandH to give CACTI a talk on direction of OIDC and SAML as an informational session. 
    • Perhaps also Davide Vaghetti (GARR) 
    • Suggestion to put Nathan on CACTI Agenda  to give info on OIDC 

Next CACTI meeting  Tuesday, Dec. 11, 2018