Attending
Members
- Chris Phillips, CANARIE (chair)
- Marina Adomeit, GEANT
- Tom Barton, U. Chicago
- Nathan Dors, U Washington,
- Karen Herrington, Virginia Tech
- Todd Higgins, Franklin & Marshall College
- Christos Kanellopoulos, GEANT
- Les LaCroix, Carleton College
Internet2
- Steve Zoppi
- Emily Eisbruch
Regrets
- Warren Anderson, University of Wisconsin-Milwaukee /LIGO
- Rob Carter, Duke
- Jill Gemmill, Clemson
- Tom Jordan, U Wisc - Madison
- Kevin Morooney , Internet2
- Ann West, Internet2
New Action Item
{AI] (Christos) email CACTI with the name of the open AARC list looking at scalability of trust network, etc. (DONE)
[AI] (ChrisP) follow up with Les and Christos on next steps for URN / OID registry.
DISCUSSION
CACTI membership
- Welcome to new CACTI member Marina Adomeit
- Marina works for academic network of Serbia
- Leading Trust and Identity services activity in GEANT
- This will include development of Trust and Identity services
- This will include development of Trust and Identity services
- Hope to inform roadmaps for Internet2 and GEANT
- Currently in planning period
- Project phase divided into development and operations
CACTI hopes to feed input into 2019 planning process for Internet2 and GEANT.
Kickoff for project planning in GEANT is in Jan. 2019
- Marina works for academic network of Serbia
eduTEAMs
- Christos is the service owner of eduTEAMS
- eduTEAMS has long history; it was a number of individual components for scientific use cases: now integrated into one bundle
- Wide target audience within research space
- Long-term plans include expanding beyond just research space to broader campus space
- May discuss eduTEAMS more on a future CACTI call, hopefully when KevinM and Klaas can be present on the call
- Christos is the service owner of eduTEAMS
eduPerson Transition to REFEDs
- Progressing: new list schema-discuss@lists.refeds.org & governance model recommendation @ REFEDS below
- Can suggests amendments
- Consultation until Dec 10, 2018 https://wiki.refeds.org/display/STAN/Schema
- Can suggests amendments
- Progressing: new list schema-discuss@lists.refeds.org & governance model recommendation @ REFEDS below
MACE URN OID Transition: https://spaces.at.internet2.edu/x/Sgi6Bw
- Les reviewed the registries transition.
- URN and OID are low use items
- Some use by TIER
- URN registry delegated to other institutions
- Service that Internet2 recommends not using
- Les recommends looking at discontinuing the URN service for new URNs
- In GEANT there is a new interest in URNs
- AARC recommended URNs for groups
- https://aarc-project.eu/wp-content/uploads/2017/11/AARC-JRA1.4A-201710.pdf
- ChrisP: Have seen URNs in eduperson entitlements
- AARC recommended URNs for groups
- With URL, it’s expected you can click on it and get something… this issue does not exist for URNs
- One advantage of URL versus URN is with URL, you don’t need to update contact info in a place you don’t own
- URLs are good for entityIDs but not for all use cases
- It was suggested that we should maintain the URN service even if not used much
- For a central registry there must be authority and vetting
- Current process when a new URN is requested: people make a judgment call on
- 1) if the requester institution is part of Higher Ed and
- 2) if the person requesting has authority to request for the institution
- TomB offers to be the initial intake person for CACTI
- Q: Would MACE registry be source of URNs for GEANT’s use?
- A: They mostly use the GÉANT URN namespace https://wiki.geant.org/display/URN/URN+Home
- Les recommends stronger language on the web page to recommend URLs over URNs
- Current language is here
- TomB: the more we operationalize delegation, the more URNs will have usage
- Agreed that we should maintain the URN service for existing entities, but no consensus beyond that
- [AI}ChrisP will follow up with Les and Christos on next steps for URN / OID registry.
- Thanks to Les for the research and recommendations
Emerging Federated Id Challenges with cloud stories
- Azure, Multilateral trust with federated id, and eduroam
- Google apps for education, AWS IDM - distant #2, #3?
- Q: Is there a recommendation that Internet2/InCommon/others have? Is this topic in harmony with current activities?
- ChrisP shared an email with one site’s perspective on moving to the cloud
- CAS as a component for single sign-on, but then security concerns arose
- Nathan shared via email a diagram from IDP governance discussion
- Governance decision is important
- Example Nathan shared centered on decision to use OAUTH
- Can be complicated and messy
- TomB: Global R&E Federated Access Ecosystem
- Maintain research networks and research federations,
- Must be inclusive
- Use proxies
- What about using Shib IdP in Azure as the proxy?
- Setosa is the solution being used
- Christos: moving in direction of using proxy and linked proxies, allows communities to use whatever software, but providing integration and interfaces. Connecting protocols. Offering connector service. eduGAIN as a trust network. Looking at putting IDPs in eduGAIN as the trust network.
- Discussion within AARC project . Looking a scalability, and issues coming up from real deployments
- {AI] (Christos) email CACTI with the name of the open AARC list looking at scalability of trust network, etc. (DONE)
- Discussion within AARC project . Looking a scalability, and issues coming up from real deployments
- Les: as a small school IDP operator, using Shib for Web SSO, delegates to AD.
- It is a kind of proxy . Using Azure and Google federated with Shib. Different services tap in.
- Will also put some in cloud, primarily for redundancy. Like the diagram Nathan shared. Not sure the best solution
- Nathan: the OIDC Deployment Working Group has a few more calls this year, developing the plan for 2019.
- May recharter and reduce the scope and create practical deployment guides for using the GEANT extension or using Setosa or a proxy.
- Deployment guides could include patterns of deployment in the cloud.
- Azure, Multilateral trust with federated id, and eduroam
Reports from the Field
- NSF and Internet2 to explore cloud computing to accelerate science frontiers: https://nsf.gov/news/news_summ.jsp?cntn_id=297193
- Q: Is there a role for CACTI to support this activity?
- Q: Is there a role for CACTI to support this activity?
- FIM4R - a bit of a hiatus during Thanksgiving week – resuming this week.
- OIDC - Nov 19 kickoff meeting held: https://openid.net/wg/rande/
- NSF and Internet2 to explore cloud computing to accelerate science frontiers: https://nsf.gov/news/news_summ.jsp?cntn_id=297193
2019 Internet2 Global Summit in DC
- March 5-8, 2019 in DC https://meetings.internet2.edu/2019-global-summit/
- How many CACTI members will be attending? ChrisP not attending.
Decision: Likely no CACTI meeting at Global Summit 2019
Parking lot: Suggestions from Oct 30, 2018 CACTI call
- ask RolandH to give CACTI a talk on direction of OIDC and SAML as an informational session.
- Perhaps also Davide Vaghetti (GARR)
- Suggestion to put Nathan on CACTI Agenda to give info on OIDC
- ask RolandH to give CACTI a talk on direction of OIDC and SAML as an informational session.
Next CACTI meeting Tuesday, Dec. 11, 2018