Attending

Members:  Les LaCroix,Stoney Gan, John Bradley, Margaret Cullen, Rob Carter, Chris Phillips, Richard Frovarp, Mike Grady, Erik Scott, Kevin Hickey, Barry Johnson, Steven Premeau

With: Nicole Roy, Kevin Morooney, David Walker, Ann West

Regrets:  Licia Florio


  1. Agenda bash/administrivia
  2. Announcements
    1. CACTI open meeting at TechEx - have submitted a room request (Nicole)
      1. Separate from the talking session we have that is merged into another session (ChrisP)
  3. Main Business

    1. SAML subject identifier adoption WG (Les/Steven) (indefinite hold)
    2. Linking SSO WG (Rob)
      1. Chairs held a meeting last week, next one is next week
      2. All of the scenarios identified now have people’s names attached to them re: gathering material for a report
      3. Goal is to have first-cut of descriptions of scenarios, along with applicable situations into the spreadsheet (tracking) in time for next week’s meeting
      4. Start to figure out how to piece things together starting next week
    3. IDPaaSv2 (Kevin H)
      1. Meeting - set the timeline - every week this month, want to be done with the deliverables by the end of August so the pilot program can kick-off in September. 
      2. Looking at the connector type solution, looking to integrate with existing solutions, not replace them.
      3. REFEDS MFA support is a required component of any accepted solution.
    4. Others?
      1. Charter: https://docs.google.com/document/d/1p_7KNxRf4jc6oADYLgaL2iI-ThDTUX9-/edit  
      1. This might be more interesting for the eAC than for us, but there is ongoing work in the IETF EMU (EAP Method Update) WG.  They are updating EAP-TLS to use TLS 1.3 (i.e. encrypting the certificates across the wire).  There is also discussion of privacy enhancements to other commonly-used EAP methods — PEAP and EAP-TTLS. 
      1. CTAB (Mike G) At the CTAB meeting on 7/26 there were reports on the status of the following, but the bulk of the meeting focused on the report and presentation to Steering on recommendations for next steps on Baseline Expectations 2 (how to deal with various entities not yet in full compliance etc.).
        1.  REFEDS MFA Working subgroup, working on a 1.1 version. Discussion of ForceAuthn and other issues
        2.  Entities category working group
        3.  Upcoming SIRTFI exercise
        4.  SP Proxying workgroup
      2. Cloud Security Alliance - Kevin H - starting up an IAM working group- kicked off a couple weeks ago, still actively seeking participants. Kevin H going to sit in on this.
      3. REFEDS MFA (subgroup) - Chris - refining some definitions in the REFEDS MFA profile. Hoping to wrap up shortly. 
      4. IETF EMU WG - updating EAP-TLS - Margaret
  1. Update on Global CEO Forum discussion of July 6th (Kevin M)

Klaas Wierenga and Kevin Morooney did an update on IAM activities

Including stuff like impact of OpenRoaming on eduroam

Nothing conclusive- big take-away is that the CEOs are really energized about making sure we have a plan and they have a say about the future of eduroam. 

Kevin did a federation futures update - shared some slides from the REFEDS update at TNC. Hoping to get interest in guiding the future of eduGAIN. Also discussed some things from the eduGAIN futures report. “Exec summary of the executive summaries”, try to bring them together.

Kept the topics in front of the group, hoping/thinking they will be invited back again. Had a good convo with Jim Ghadbane, CEO of CANARIE about this stuff. Howard, CEO of Internet2, also supportive. 

Second thing that is happening - Internet2 leadership/board working on a multi-year roadmap. Examining fee structure for various services/membership context. Beginning phases of a longer-term planning effort. Board-level effort related to fees/stakeholders.

Third thing - Conversationss in CACTI, TAC, CTAB, Steering, etc. about the future of federation. Doing a planning effort that is in parallel to and connected to the larger Internet2 planning effort. Develop a framework for having those conversations so we can focus on eduroam and federation. Taking off later part of ‘22, likely a focus for CY ‘23. Upcoming quarterly committee chairs call. Will start working on this there as well. Nascent conversations with InCommon Steering. Steering is also interested in a planning conversation. 

Making sure that these other planning efforts feed into the CEO conversation. 

Likely good for this group to reflect on Fed 2.0 paper and eduGAIN futures paper - the aggregate of those two reports and recommending where I2/InC should go. Kind of like the FIM4R response that CACTI did a few years ago. 

eduGAIN Futures paper:  

https://wiki.geant.org/display/eduGAIN/eduGAIN+Futures+Working+Group+Report+Consultation?preview=/483754120/483754123/eduGAIN%20Futures%20WG%20recommendations.pdf

Federation 2.0 paper:

https://wiki.refeds.org/display/GROUPS/Federation+2.0?preview=/44958215/107118613/Federation2Report.pdf

  1. November IAM Online - outsourcing identity - what do you have to retain? (Rob/Nicole/Chris)
    1. Strong current towards outsourcing the software/systems associated with IAM
    2. Possible to outsource some things, but you can’t outsource knowledge about the business processes and thus the business rules that need to drive the logic that goes into things like IAM groups/roles/permissions. 
    3. Kevin Hickey says U. Detroit-Mercy has worked on this - with Azure and Cirrus Identity. The “we can help you” sales-pitch from companies. There are always things you have to keep in-house, focus on staff training. A lot of the ops stuff will fade away. 
    4. Ann - Update from the recent InCommon Catalysts call. Lots of schools that have gone with a vended solution are starting to look at open source again. Realization the the commercial solution may not fit all their needs. Looking to add in things like Grouper which work for higher-ed. What kind of training would we need to offer to orgs that want to do that switch?
    5. Steven Premeau says he’s had a related/relevant experience lately
    6. Including the leadership in this conversation would be good if we can figure out how
    7. IAM Online attendance varies by role and topic. When Kevin did an update earlier this year, lots of CIO-type attendance. Lots of topics draw technical practitioners. 


  1. Update/question from July 25, 2022 TI Component Architects call (Rob, Steve Z, Nicole)
    1. Should CACTI be discussing the higher-education and research position we should be taking on the constellation of these: Self-Sovereign ID / Wallet / WebAuthN / passkey (portable authenticator) / etc ?
    2. What, if any, role should InCommon/I2 have in shaping / facilitating / supporting these new technologies?  To what extent are they solutions to problems we have, and to what extent are they just different implementations?
    3. John - lots of attention on this kind of key handling in the consumer space- “you put everything into your icloud keychain and you’re good” - doesn’t necessarily work well in the R&E space. Lots of pluses and minuses. A passkey is a single factor, that’s all you can consider it to be. Hard to say if it’s a knowledge versus a possession factor considering you really have neither.


Next Meeting: Tuesday, August 16, 2022

  • No labels