CACTI Call Tuesday, Feb. 16, 2021
Attending
Members
- Rob Carter, Duke, (Chair)
- Les LaCroix, Carleton College (Vice-Chair)
- Marina Adomeit, SUNET
- John Bradley, Independent
- Joshua Drake, Indiana University's Center for Applied Cybersecurity Research
- Matthew Economou, InCommon TAC Representative to CACTI
- Michael Grady, Unicon
- Kevin Hickey, Detroit Mercy
- Marina Krenz, REN-ISAC
- Barry Johnson, Clemson
- Jeremy Perkins, Instructure
- Chris Phillips, CANARIE
Internet2
- Kevin Morooney
- Ann West
- Steve Zoppi
- Nicole Roy
- Emily Eisbruch
- Bill Kaufman (Guest)
Regrets
- Margaret Cullen, Painless Security
- Stoney Gan, University of South Florida
- Bill Thompson, Lafayette College
--------------------
Action Items
- AI - By Tuesday, February 23, CACTI members should make any edits to the proposed MidPoint group charter
- AI - Les, Rob and Nicole will review charter and develop a strategy to push to OIDC working group product farther
-------------------
Discussion
- Internet2 Intellectual Property Agreement reminder
- CACTI Charter pointer
Announcement: The EDUCAUSE Cybersecurity and Privacy Professionals Conference
- Call for proposals is open
- https://events.educause.edu/cybersecurity-and-privacy-professionals-conference/2021/call-for-proposals
MidPoint Working Group Proposal (Bill Kaufman, Internet2)
- There is a draft charter for proposed new working group
- Bill Kaufman is Internet2 Senior Project Manager, works w InCommon Trusted Access Platform Software
- MidPoint provides identity management and governance, provisioning manager
- https://evolveum.com/midpoint/
- https://wiki.evolveum.com/display/midPoint/Introduction
- MidPoint team is based in Slovakia
- MidPoint is part of suite of InCommon Trusted Access Platform suite
- MidPoint issues are currently managed through the Trusted Access Platform Software Integration working group
- Suggestion for a new MidPoint working Group to be chaired by Slavek Licehammer
- Name of Group
- Question: the draft MidPoint working group charter does not mention development deliverables.
- Should there be a different name other than "working group"?
- Perhaps call this the MidPoint Users group?
- Good idea to consider the name
- Hope to get the community to bring their use cases to this group
- Connector Framework
- MidPoint supports a ConnID connector framework, providing connection to a variety of software platforms
- The ConnID framework is a "connector" framework originally supported by a number of IAM Framework providers (notable: Oracle) … and there is a new version of that framework to which we intend to conform.
- This is the primary "binding" mechanism that midPoint uses to perform provisioning and deprovisioning.
- ChrisP: ConnID is a technique for connection at a low level, jar file, like an LDAP connector, but no standards behind it.
- Consistency was discussed 2 years ago at TIIME conference.
- SteveZ: They who do the implementation control the standards
- ConnID 2.0 framework is controlled by Evolveum.
- Hope for a better voice to how the implementation is done
- Correct it’s not an IETF standard, but neither are APIs.
- MidPoint has many possible functions, many knobs and levers
- The adapter framework becomes important
- Note is a different abstraction level from SCIM.
- SCIM: “System for Cross-domain Identity Management” (www.simplecloud.info, iirc)
- ConnID is a framework to write your own connectors
- LDAP library is to Shib software, as ConnID is to MidPoint or COmanage
- How would Midpoint Users Group be positioned?
- As advisory to Evolveum?
- Or to steer Evolveum and report through Trusted Access Platform?
- Bill: Hope for both.
- Would like to see Evolveum users community have higher visibility
- There would likely be more involvement from community if there was a MidPoint Users Group or working group
- InCommon Software Integration Working Group has a backlog
- Suggestion: Slavic would participated in the Component Architects group, SteveZ agrees this is a good idea
- CACTI needs to vote on forming the new MidPoint group
- Next Steps:
- Make a few edits to the proposed MidPoint group charter
- AI - by Tuesday, February 23, CACTI members should make any edits to the proposed MidPoint group charter
- Then CACTI will vote on this new MidPoint group at the Tuesday, March 2 CACTI call
- Working Group charter needs to be part of Trust and Identity Document Repository
Final report of the OIDC Working Group (Rob)
- What are next steps to get final report completed for the OIDC Working Group?
- Background:
- In 2017, Albert Wu and others surveyed community to determine level of community interest in OIDC
- https://spaces.at.internet2.edu/display/OIDCSurvey
- Final report in April 2017
- Produced suggestions about community needing OIDC support.
- InCommon TAC chartered an OIDC working group in 2018 to help increase support for OIDC in the community
- OIDC working group was chaired by Nathan Dors, U Washington.
- OIDC working group met for 2 years
- The OIDC working group never produced a final report.
- ChrisP worked on OIDC with REFEDs and edugain
- Should we reconvene the group to review the materials produced to date?
- Question: where does this OIDC working group effort land compared to OPENID Foundation work ?
- When the 2017 group was formed, there were not a lot of deployments
- This group was looking at possible OIDC deployments in Higher Ed?
- And looking at the OIDC relationship to SAML
- Keith Wessel did an IAM Online presentation on using a native app
- More participation in OPEN ID Foundation would be helpful if we can align on what we want
- Agreed: could be helpful to have a final report from the OIDC working group
- Possible next steps:
- CACTI could review the charter of the OIDC Working Group
- Could close the working group and state there was no final report
- Could start something new to build on
- Could ask those who participated in the working group, what their thoughts are, and if we can move them towards other related efforts, such as OPENID foundation working group
- OPENID Foundation working group is more focused on the technical solution
- AI Les, Rob and Nicole will review charter and develop a strategy to push to OIDC working group product farther
- Currently GEANT does not have active work on this, Marina A will talk with Davida.
FOR NEXT CACTI CALL
- Secrets management in public cloud infrastructure (all)
- Use-cases and problem statements
- Next steps
Next Meeting: Tuesday, March 2nd, 2021