InCommon Steering Committee Meeting Minutes - October 6, 2014
Attending: Dennis Cromwell, Melissa Woo, Klara Jelinkova, Mark Crase, John O’Keefe, Dave Vernon, Michael Gettes, Bill Yock, Jack Suess, Ken Klingenstein, Steve Carmody, Chris Holmes, Joel Cooper
With: John Krienke, Steve Zoppi, Ann West
The minutes from Sept. 8, 2014, were approved
Klara reported on the RUCC (Research University CIO Consortium) meeting at EDUCAUSE. RUCC was presented with a plan and funding proposal for TIER. Klara reported that the CIOs understand that identity is important and that funding is needed. The funding model is two-pronged – raising dues by $3,000-$5,000 to fund TIER and also asking for initial investors to commit $25,000/year for three years. There was overwhelming support for the concept.
There will also be two or three design sessions to discuss what TIER will deliver, with investor CIOs and chief architects would attend and help to define.
NSTIC and IDESG
Jack provided an update on NSTIC. Georgia Tech has deconstructed common standards into granular trust marks. This is work that NSTIC (and InCommon) can leverage. Jack proposes a small group drawn from AAC, TAC, and Steering meet with Georgia Tech to understand how they did the FICAM analysis for both LoA1 and LoA2. The goal would be to develop a set of questions that universities could answer and, depending on answers, be assigned one or more trust marks.
Ken reported on NSTIC and the PrivacyLens project. The federal government is starting to understand metadata and multilateral federation and has adopted SAML2 as the standard. There is work being done on federated incident response, and on making user consent portable.
Ken is setting up a discussion group to address problems specific to international attribute release issues.
Finally, there is considerable frustration among the science and VO community about attribute release and particularly in getting more campuses to adopt R&S and user consent. Ken said that thought leadership and advocacy are needed to help campuses understand the importance and need for this.
Final Symplicity Statement
The ER&G subcommittee has discussed and approved the statement regarding the dispute involving Symplicity. InCommon will issue the statement to the participants list. See https://spaces.at.internet2.edu/display/INCS/Symplicity
Dennis reported on significant discussion on the participants email list concerning a potential requirement for service providers to encrypt attributes. This led to a more-general discussion about the publishing and enforcement of best practices. Some service providers and Net+ providers, for example, aren’t in metadata and treat each relationship as bilateral rather than taking advantage of the multilateral federation.
TAC is discussing how we might help SPs meet some basic requirements. There is also continuing discussion about a program to recognize and publicize SPs that meeting certain practices and requirements.
John Krienke will follow up with ER&G (and Steve Carmody volunteered TAC help) to define criteria and discuss enforcement.
Nominations Advisory Committee
Klara is developing this group and hopes to have an initial call the week of October 20. John K. and Dean will prepare a community announcement.
The executive committee will meet October 20 to finalize the F2F agenda.
Monday, October 27, 2014
8 am - Noon ET
In-person at the Technology Exchange