InCommon Steering Meeting Minutes – 23 Sept 2013
Attending: Jack Suess, Joel Cooper, Klara Jelinkova, Craig Stewart, Chris Holmes, Michael Gettes, John O’Keefe, Ken Klingenstein
With: Ann West, Steve Carmody, John Krienke, Shel Waggener
Scribe: Dean Woodbeck
(AI) Jack Suess will send the note concerning CIO communications to Ana, emphasizing the desire to get the first communication out early the week of October 7.
(AI) Dean Woodbeck will follow-up with on potential remote participation at the Steering meeting during Identity week (Thursday, Nov. 14).
(AI) John Krienke will send a note to the nominations committee to kick-off the process.
Minutes from September 9 will be up for approval next time
Communications to CIOs – A summary of the purpose for InCommon Steering communication for CIOs was drafted and needs to go to Ana Huntsinger, the Internet2 VP that is responsible for overall communications with CIOs. (AI) Hearing no objection from Steering, Jack will send the note to Ana, including the need to get the first communication out early the week of October 7.
Interfederation - John Krienke reported on work being done to bring federation to K-12. There are eight pilots underway with regionals, as a result of the Quilt discussions in February. In addition, InCommon and MCNC (North Carolina) have started a pilot to develop one the six models that have been developed for an infrastructure that a regional and InCommon might use for K-12 federation.
Also, TAC has spun up a second interfederation working group; this was one of the recommendations from the first interfederaton working group (see the complete set of recommendations at https://spaces.at.internet2.edu/x/Dw9OAg). This second group will be led by Warren Anderson (LIGO) and Paul Caskey (University of Texas System and TAC). The primary deliverables are to have InCommon sign the eduGAIN agreement, and to continue the work on interfederating with the UK federation. Currently, Brown is hosting a metadata aggregate that includes both the InCommon and the UK metadata, which is being used by several LIGO institutions.
Federal Demonstration Project (FDP)
Jack attended a meeting of the Federal Demonstration Project, which included mainly sponsored program officers from research universities (attendance was 100-130). NSF reported that only about one-half of one percent of FastLane logins are via InCommon and would like to see that increase. Most of the sponsored program officers had not heard of InCommon and were unfamiliar with federated identity. NIH was also in attendance and discussed the NIST Level 1 eRA.
In general, Jack suggested that regular engagement with CIOs would help, in regards to federated services at NSF and NIH. He also suggested development of resources and materials (such as short videos on appropriate topics).
Michael reported that, at Carnegie Mellon, the main sticking point with NSF is that FastLane requires users to change passwords every three or six months, which is problematic for federated access. Also, it is not obvious at research.gov where you go to use your federated credentials. In addition, NIH has apparently not implemented SAML2. Jack is meeting with the NSF CIO on Thursday and will bring concerns to that meeting.
Identity Week Meeting
John O’Keefe is interested in calling in to steering meeting. (AI) Dean will follow-up on potential remote participation.
A portion of the Sept. 30 exec call will focus on starting the nominations process for Steering. (AI) John K will send a note to the nominations committee to kick-off the process.
Marilyn MacMillan has resigned from Steering because of a continuing campus conflict with the Steering meeting time.
Meeting with Shel
Shel Waggener joined the call to continue the discussion of the role of Steering in the Internet2 Trust and Identity initiatives. He shared a draft organizational plan (PPT file attached to the wiki: https://spaces.at.internet2.edu/download/attachments/43058458/NET+Plus+Org+and+Governance+Model.pptx), emphasizing that he sees this as a living document that will likely change as we gain experience.
Shel reviewed slide #2 of the deck – “Internet2 Net+ Services Organization.” The chart shows five main service management areas, including Trust and Identity. While trying to develop a consistent model for each of the service types, Trust and Identity is somewhat different because it touches on some of the other service areas, as well as the integration, architecture, security and standards area. As a result, Steering would need a relationship with program managers from more than one service area, as well as with the associate vice president for architecture and integration.
Steering’s policy responsibilities (in the Trust and Identity area) would include (from slide #4 of the deck):
- Recommend to the Net+ PAG the size of each product category within the service domain for number of services to be included
- Review business models proposed by schools participating in service validation, providing feedback and confirming appropriate margins
- Review requests by campuses to sunset a service. Recommend to NET+PAG to remove
- Approve architecture recommendations for best practices and requirements for service providers in Trust and Identity space.
- Policy guidance for services – e.g. recommend higher level Trust and Identity support across services.
Other responsibilities would include
- Providing the identity responsibilities and obligations expected of a service that wants to participate in Net+ cloud services.
- Arbitrate which services are accepted into the Net+ pipeline (Trust and Identity area)
- Providing guidance concerning software development related to Trust and Identity, such as integration, architecture, and functionality. This is particularly important with the community-developed software
Slide #3 of the deck, titled “Steering Governance,” demonstrates where the Steering would fit within the Net+ governance structure. New service inquiries, integration and architecture developments (for such services as InCommon, CIFER, etc.) would flow up to the Steering Committee (functioning as the group responsible for Trust and Identity). Steering would make decisions on these issues, as well as adding and removing services, and the policy issues outlined above. The Net+ Program Advisory Group will be responsible for overseeing all of the Net+ service areas. Steering would have a representative on the PAG. However, the PAG would not add or remove services without Steering’s approval or recommendation.
Q to Shel: How do you see Steering interfacing with your division?
Shel said he plans to have someone assigned to provide administrative support for Steering, particularly the chair and vice chair. Steering would engage with John on a business level (metrics on how services are performing, for instance), and with the new Associate Vice President on integration and architecture issues. Steering would also work with the new AVP to ensure the support for key development activities. Ken will continue to work in the research and development area.
Klara discussed the need for Steering to continue to discuss and implement clear communications with the community, such as the current push to communicate with CIOs. She suggested that a quarterly one-pager focused on activitie in the Trust and Identity area would be a good first start.
There was also discussion about the status of the InCommon LLC. The LLC would no longer be necessary given this organizational structure. We may retain the LLC, however, if there is a benefit to doing so.
Michael suggested developing a charter – essentially a written summary of items discussed on this call, inlcuidng a description of the Net+ organization and how different areas interact.
Shel will develop an FAQ on a Google doc, which Steering can use to pose question, and Shel can answer
Next Call with Shel
The next Steering call with Shel is scheduled for Monday, October 7. The call will focus on 1) clarifying what we mean by TIER (now called Trust and Identity), and 2) understand how we can finance the initiative and get things moving.