Attending


  Members

  • Warren Anderson, University of Wisconsin-Milwaukee /LIGO   
  • Tom Barton, U Chicago   
  • Rob Carter, Duke   
  • Nathan Dors, U Washington  
  • Todd Higgins, Franklin & Marshall College   
  • Tom Jordan, U Wisc - Madison    
  • Les LaCroix, Carleton College    
  • Chris Phillips, CANARIE     

Internet2

  • Steve Zoppi   
  • Emily Eisbruch   

Regrets:

  • Jill Gemmill (Clemson)
  • Ann Harding (SWITCH/GEANT)
  • Karen Herrington (Virginia Tech)
  • Christos Kanellopoulos (GEANT)
  • Kevin Morooney (Internet2)
  • Ann West (Internet2) 


Intellectual Property Reminder https://www.internet2.edu/policies/intellectual-property-framework

Action items List:   https://spaces.at.internet2.edu/x/GoPdBg  

 

 DISCUSSION

MACE-Directories Working Group Re-chartering

Chris stated that discussion around the rechartering of MACE-Directories working group is ongoing. The Oct. 2, 2017  MACE-Dir call focused on that topic. Notes from that MACE-Directories call are here. https://docs.google.com/document/d/19OGEWazQ5Fr3vNt9hF1p10du6yLLOIoO5lWKxW7qbLc/edit#

FIM4R Resources

 CACTI members TomB, Christos, and Chris attended the recent FIM4R in Montreal. Ken Klingenstein also attended. There were a total of 28 or 30 participants.  Resources:

The FIM4R editorial board will meet this week to polish some of the notes, and there may be additional discussion at ACAMP at 2017 TechEx in San Francisco.

Observations from CACTI members in attendance at the FIM4R meeting

There was substantial discussion at the FIM4R meeting, surfacing requirements. It was agreed that federation provides huge value now and can still provide more value to the research community. We may need to look at federation differently, and build on top of federation  (blueprint architecture) such as using proxies and gateways. Some things needed for research will not be sourced by the broader community. SIRTFI is also identifying new federation requirements that need to be addressed. One relevant issue is that SIRTFI tags must be brokered in a manual way (since the SIRTFI tag is not appropriate for self-attestation) causing scalability issues.  There is a possible connection with eduGain.  

The original FIM4R document, to address research needs for federation, led to GEANT activities. Now there is a review  and reboot of FIM4R.   A white paper will be finished in the spring 2018, however the list of requirements will be developed sooner. It would be good for CACTI to review the requirements and suggest different groups (routing to GEANT, Internet2, etc)  to address the various requirements. CACTI is the best inroad for feature requests and  it will also be helpful to share any suggested requirements  with the T&I PAG so these requirements can be factored in for the 2018 and beyond work planning.

Thoughts and comments are welcome to be added to: Topic-FIM4R state as of fall 2017

Proxies and other approaches

Warren stated that LIGO is moving in the direction of using proxies to address the reality that not every organization is in a federation, and not all federations are in edugain.  LIGO India for example has a federated identity system, but it is not part of a global network. There are issues in getting identifying attributes from IdPs, some IdPs use EPTID as identifier, and there is a need to do identity linking. For vendors, use of Google Suite is one path.  The Proxy approach can help fill gaps. 

Chris noted that token translation was also mentioned at the FIM4R meeting (using SAML from the perimeter and then X509 CERT or OIDC connection).  Non web experience is now a free-for-all.  ECP support is desired but not necessarily there, as it is not a required protocol.  Proxies are trying to form that bridge.  THere are questions for the federation operator on how to provide sustainable recommendations on non-web federated signon. It likely makes senst to support a mix of approaches. Change in the Globus space may drive some changes

Les mentioned the use case of students taking classes from another institution. The campus would like them to be able to authenticate with their home identity, but an additional layer for authentication is needed.  This topic may be discussed at the External Identities session at Tech Ex.  Tuesday morning  Oct 17, 2017 https://meetings.internet2.edu/2017-technology-exchange/detail/10004868/ 

It was noted that federated identity in research is focused in very large research groups and it would be helpful if TIER could work on having an appliance that fits for smaller research collaborations, with 20-40 people.  Those collaborations will not have the resources of CERN or LIGO. SteveZ commented that is the long tail of the TIER program but developing an appliance for collaboration for a small organization is challenging and may require a new funding model.

 

Developing the Agenda for Wed. Oct. 18, 2017 CACTI F2F at TechEx  https://meetings.internet2.edu/2017-technology-exchange/detail/10004926/

           Wed. Oct 18, 12:10pm - 1:30pm ET

    1. We have about 75 minutes in a face to face, please think about and submit suggestions for areas of discussion 
      1. Candidate topics: 
        1. FIM4R – how to contribute
        2. TIER – can the topics we've covered be offered as inputs to TIER activities, and if so, which ones?
        3. Review/provide further candidate activities suggestions to GÉANT (in conjunction with FIM4R?)
        4. AARC & CACTI future-state reference architectures; part of the look ahead
        5. Work planning?      
                                           

Community Reports 

The InCommon OAuth/OIDC working group - https://spaces.at.internet2.edu/x/jJiTBg had their first call on Friday, Sept 22, 2017, facilitated by Steven Carmody. Notes from the call are here:

https://docs.google.com/document/d/1w_r_JhZX-lzPWjL0H9PWrTeY9efaII1K9TDnp3qtz9I/edit

There is a need to harmonize OIDC/OAuth with SAML. There is awareness of the REFEDs work in the OIDC area.


Reminder: in Person Meetings at 2017 TechEX 

 

Next CACTI Call following TechEx: Tuesday, Oct. 30 2017 at at 11am ET/ 1500 UTC