Page tree
Skip to end of metadata
Go to start of metadata




  • Chris Phillips, CANARIE (chair)
  • Warren Anderson, University of Wisconsin-Milwaukee /LIGO
  • Tom Barton, U. Chicago  
  • Rob Carter, Duke
  • Nathan Dors, U Washington
  • Jill Gemmill, Clemson
  • Todd Higgins, Franklin & Marshall College  
  • Les LaCroix, Carleton College  


  • Kevin Morooney    
  • Ann West   
  • Steve Zoppi    
  • Nick Roy  
  • Emily Eisbruch   
  • David Walker  


  • Tom Jordan, U Wisc - Madison   
  • Marina Adomeit, GEANT
  • Christos Kanellopoulos, GEANT  
  • Karen Herrington, Virginia Tech   


 Community Updates

    Update on Baseline expectations deadline from Dec 2019

        See background at

      • Targets we set at the outset have been met.

      • Congrats on the hard work  

      • Just small percentage or entities left to meet Baseline Expectations (BE) ,

      •  about 4%, that have yet to meet BE

      • Soon the list of the 4% will be published to get community help in contacting those.

      • Community Dispute Resolution process can be used to urge that last 4% to meet BE. Final resort would be removing their metadata

      • CTAB is meeting weekly to work on the Baseline Expectations issues and process

      • Much outreach was done to achieve the success we have seen. Thanks to David Walker and Renee Shuey

      • Hard deadline and communications plan were helpful

      • Warren congratulates InCommon for the success; this marks a positive change in InCommon’s leadership in making federated identity helpful to researchers and the broader community

      • Other federations may take this example from InCommon and take similar steps to increase/strengthen trust fabric

   Update on InCommon fee structure and feedback from Jan. 16, 2019 webinar (Kevin)

      • presentation:

      • Jan 16, 2019 was webinar with Sean Reynolds, Ted Hanss, and Kevin Morooney

      • Presentation about proposed InCommon Fee change

      • Fee change had been discussed at governance level (Trust and Identity PAG and InCommon Steering) for about 10 months

      • Key question discussed by governance was if we were requesting enough resources to close the gap that exists

      • About 100 attendees at webinar

      • Received about 5-6 questions during webinar

      • There will be office hours starting this Thursday, and each week for 4 weeks, for answering additional questions

      • An FAQ will evolve

      • Hope to have a vote (by Steering?) and  finalize the fee change by mid-spring 2019

      • Last InCommon fee increase was in 2017, that was a small increase compared to the proposed increase now

      • Good story to tell about the results delivered from the 2017 fee increase.

      • This proposed fee increase is about providing the tools for participants to operate in the Federation.

   REFEDS survey and work plan available for review/suggestions

      • REFEDS survey is available to see the landscape – slides 24-26 may be of interest:

      • REFEDS proposed 2019 workplan is being built out :

      • Do REFEDs priorities align with what CACTI is working on?

        1. Priorities include MFA, OpenID Connect

        2. CACTI has been advocating for OpenID Connect, it’s mentioned in the FIM4R response document

        3. Issue of rechartering the OIDC WG chaired by Nathan, further down on our agenda

        4. Tom mentioned the SIRTFI is major focus at REFEDs  level

        5. Schema management is also important, this is where eduPerson has lande2019 planning  (Discussion - 20 min 

    1. Which items from FIM4R recommendations should CACTI focus on?

    2. Facilitating roadmap planning with other groups

      • Open for suggestions on roadmap planning; ideas so far: have CACTI encourage cross inviting chairs to their planning sessions, have CACTI have open calls for chairs to attend?

    3. Internet2 staff to look at the reports from CACTI, TAC, CTAB and bring questions about priorities to those groups

      • Albert is working on staff response to TAC, CTAB reports as well as the FIM4R response (the latter, along with Tom Barton and likely Nick)

      • Will share these with this group for planning purposes

Proposal to focus OIDC-Deployment working group on a deployment guide for the Shibboleth OIDC extension (Nathan)

  1. Late 2018: Need to re-focus the WG on practical matters

  2. (current OIDC Deployment WG wiki)

  3. Proposal: Develop practical guidance for IdP operators for various use cases:

    • everyday web-based apps

    • single page applications

    • native mobile and desktop apps

    • apps with more limited interfaces like command-line apps

  4. Feedback has been positive

    • InCommon TAC last week was supportive of the idea

  5. Next steps

    • Decide mechanics of putting together a deployment guide

    • Where should the deployment guide live and who would maintain it?

    • This would be IDP Operator focused, such as explaining how plug-ins are used

    • InCommon has had success with starting these initiative within InCommon,  need to make sure the calls are at at time that works for Europe. Get people on the calls from other federations. Set up wiki page, google doc, can use GitHub, such as the (SAML profile group, chaired by Keith Wessel).  Another example was the MFA work done within InCommon

    • Proposal is limited in scope: it’s to focus on and IDP operator taking the GEANT extension and integrating it into your IDP and deploying it for a particular application. For single sign on use case.  Currently only supports bilateral. Other activities could work in parallel. This is not about guidelines for the federation operators around OIDC

    • TomB: in Federation 2.0 re OIDC and OAuth 2, there are  potential implications for the role of federation operators. High-level architecture has evolved significantly.  Used to be flow from IDP to SP; now it’s a layered ecosystem for federated access. Many use cases and stakeholders.

    • ChrisP: the limited proposed scope for the rechartering of the OIDC group makes sense

    • Should Shib UI to be configured to help facilitate the use of the GEANT extension

FIM4R Assessment next steps (Chris, David, Jill)

    1. Consultation wiki updated with statuses (David): 
      Consultation for CACTI's FIM4Rv2 Assessment for Internet2 Trust and Identity

      • Some new comments were received yesterday from TomB, mostly clarification issues, not new topics

      • Group should likely meet one more time to deal with  those comments.

        1. David Walker will set  up a call for Friday

      • Kevin shared the FIM4R response draft with Internet2 senior leadership

      • Looking for opportunities to communicate more broadly, interested in Trust and Identity PAG and Steering response and the resulting action plans

      • Kevin interested in feedback from other federation operators as well

      • Big Ten Academic Alliance (representing 14 institutions) has IDM committee, Kevin recently met with the two co-chairs and mentioned the FIM4R response. Hopes to get them interested.  

      • CACTI happy to do outreach on FIM4R where it will be helpful

      • Albert and TomB are working on a response from Trust and Identity  to the FIM4R recommendations

      • Update TI doc stewardship with current version, add link to consultation wiki (David)

      • There will be  a FIM4R day at TIIME conference  in Vienna on Feb 11, 2019


Communication strategy for FIM4R Assessment (Ann, Kevin)

      • Share final FIM4R Assessment paper with TAC, CTAB, Component Architects, FIM4R group

        1. TAC discussed this on the 1/17/2019 TAC call

          1. TODO- Nick: Add any TAC feedback here

      • Webinar, invite Jim Basney to share his perspective

Next CACTI Meeting is Tuesday, February 5