CACTI Call Tuesday, Feb. 16, 2021

Attending

  Members

• Rob Carter, Duke, (Chair)  
• Les LaCroix, Carleton College (Vice-Chair)     
• Marina Adomeit, SUNET   
• John Bradley, Independent   
• Joshua Drake, Indiana University's Center for Applied Cybersecurity Research  
• Matthew Economou, InCommon TAC Representative to CACTI  
• Michael Grady, Unicon  
• Kevin Hickey, Detroit Mercy  
• Marina Krenz, REN-ISAC   
• Barry Johnson, Clemson   
• Jeremy Perkins, Instructure  
• Chris Phillips, CANARIE   

 Internet2 

• Kevin Morooney  
• Ann West   
• Steve Zoppi   
• Nicole Roy  
• Emily Eisbruch   
• Bill Kaufman (Guest)  

  Regrets

• Margaret Cullen, Painless Security
• Stoney Gan, University of South Florida 
• Bill Thompson, Lafayette College

--------------------

Action Items

• AI - By Tuesday, February 23, CACTI members should make any edits to the proposed MidPoint group charter
• AI - Les, Rob and Nicole will review charter and develop a strategy to push to OIDC working group product farther 

-------------------

Discussion

• Internet2 Intellectual Property Agreement reminder
• CACTI Charter pointer

Announcement: The EDUCAUSE Cybersecurity and Privacy Professionals Conference 

• Call for proposals is open 
• https://events.educause.edu/cybersecurity-and-privacy-professionals-conference/2021/call-for-proposals

MidPoint Working Group Proposal (Bill Kaufman, Internet2)

• There is a draft charter for proposed new working group  
• Bill Kaufman is Internet2 Senior Project Manager, works w InCommon Trusted Access Platform Software
• MidPoint provides identity management and governance, provisioning manager
• https://evolveum.com/midpoint/
• https://wiki.evolveum.com/display/midPoint/Introduction
• MidPoint team is based in Slovakia
• MidPoint is part of suite of InCommon Trusted Access Platform suite
  
• MidPoint issues are currently managed through the Trusted Access Platform Software Integration working group
• Suggestion for a new MidPoint working Group to be chaired by Slavek Licehammer
  
• Name of Group
  • Question: the draft MidPoint working group charter does not mention development deliverables.
  • Should there be a different name other than "working group"?
  • Perhaps call this the MidPoint Users group?
  • Good idea to consider the name
    
  • Hope to get the community to bring their use cases to this group
    
    
• Connector Framework
  • MidPoint supports a ConnID connector framework, providing connection to a variety of software platforms
  • The ConnID framework is a "connector" framework originally supported by a number of IAM Framework providers (notable: Oracle) … and there is a new version of that framework to which we intend to conform.
  • This is the primary "binding" mechanism that midPoint uses to perform provisioning and deprovisioning.
  • ChrisP: ConnID is a technique for connection at a low level, jar file, like an LDAP connector, but no standards behind it.   
  • Consistency was discussed 2 years ago at TIIME conference.  
  • SteveZ: They who do the implementation control the standards
  • ConnID 2.0 framework is controlled by Evolveum.
  • Hope for a better voice to how the implementation is done
  • Correct it’s not an IETF standard, but neither are APIs.
  • MidPoint has many possible functions, many knobs and levers
  • The adapter framework becomes important
    
• Note is a different abstraction level from SCIM. 
  • SCIM:  “System for Cross-domain Identity Management” (www.simplecloud.info, iirc)
  •  ConnID is a framework to write your own connectors
    
• LDAP library is to Shib software, as ConnID is to MidPoint or COmanage
• How would Midpoint Users Group be positioned?
  • As advisory to Evolveum?
  • Or to steer Evolveum and report through Trusted Access Platform? 
  • Bill: Hope for both.
    
    
• Would like to see Evolveum users community have higher visibility 
• There would likely be more involvement from community if there was a MidPoint Users Group or working group
• InCommon Software Integration Working Group has a backlog
• Suggestion: Slavic would participated in the Component Architects group, SteveZ agrees this is a good idea
• CACTI needs to vote on forming the new MidPoint group
• Next Steps:
  • Make a few edits to the proposed MidPoint group charter
  • AI - by Tuesday, February 23, CACTI members should make any edits to the proposed MidPoint group charter
  • Then  CACTI will vote on this new MidPoint group at the Tuesday, March 2 CACTI call
  • Working Group charter needs to be part of Trust and Identity Document Repository

Final report of the OIDC Working Group (Rob)

• What are next steps to get final report completed for the OIDC Working Group? 
• Background:
• In 2017, Albert Wu and others surveyed community to determine level of community interest in OIDC
  • https://spaces.at.internet2.edu/display/OIDCSurvey
  • Final report in April 2017
  • Produced suggestions about community needing OIDC support.
• InCommon TAC chartered an OIDC working group in 2018 to help increase support for OIDC in the community
• OIDC working group was chaired by Nathan Dors, U Washington.
• OIDC working group met for 2 years
• The OIDC working group never produced a final report.
• ChrisP worked on OIDC with REFEDs and edugain
• Should we reconvene the group to review the materials produced to date?
• Question: where does this OIDC working group effort land compared to OPENID Foundation work ?
  • When the 2017 group was formed, there were not a lot of deployments
  • This group was looking at possible  OIDC  deployments in Higher Ed?
  • And looking at the OIDC relationship to SAML
  • Keith Wessel did an IAM Online presentation on using a native app
• More participation in OPEN ID Foundation would be helpful if we can align on what we want
• Agreed: could be helpful to have a final report from the OIDC working group
• Possible next steps:
• CACTI could review the charter of the OIDC Working Group
• Could close the working group and state there was no final report
• Could start something new to build on 
• Could ask those who participated in the working group, what their thoughts are, and if we can move them towards other related efforts, such as OPENID foundation working group
• OPENID Foundation working group is more focused on the technical solution
• AI Les, Rob and Nicole will review charter and develop a strategy to push to OIDC working group product farther
• Currently GEANT does not have active work on this, Marina A will talk with Davida.

FOR NEXT CACTI CALL

• Secrets management in public cloud infrastructure (all)
• Use-cases and problem statements
• Next steps

Next Meeting: Tuesday, March 2nd, 2021