InCommon Steering Committee Minutes - June 19, 2017
Attending: Dave Vernon, Ann West, Dennis Cromwell, Sean Reynolds, Michael Gettes, Michele Norin, Marty Ringle, Klara Jelinkova, Dee Childs
With: Dean Woodbeck, Steve Zoppi, Kevin Morooney, Mark Scheible, Brett Bieber, Von Welch
Minutes from April 23 approved via the wiki.
Action Items
(AI) - Steering members should read and comment on the Attribute Release working group charter
(AI) - Ann will follow up with AACRAO on names of registrars who would be potential members of the Attribute Release working group
InCommon Dues Increase - Use of Funds
Ann provided an overview of the slides. Reviewed the five priorities - some funded by dues increase and some accomplished prior to the increase
Sustaining Shibboleth Software
Shib Consortium did webinars outlining the need for funding
Kevin, Justin Knight and Scott Cantor did an IAM Online on the Shib Consortium finances and on plans for future features and updates. It was well-attended.
The Consortium has attracted new memberships since the webinars, which improved the financial position.
The Consortium board will be discussing sustainability. The lack of resources makes the rate and pace of the development team slower than what the community demands.
Hardening/Sustaining Federation Operations
Upgrading Federation Manager code and interface (through use of consultants) and streamlining processes in the FM
Containerizing the Federation Manager backend to match the TIER approach
Working with the UK and Canadian federations to share metadata hosting (initially for emergency purposes)
January 2017 - rolled out security incident response program
April 2017 - documented a disaster recovery plan for the federation
Scaling Federation Operations and Infrastructure
Significant challenges as to signing metadata and how metadata is managed - need to containerize and streamline efforts
Signing metadata currently done by hand (and must be done on-site in Ann Arbor). Will work with the new security lead on changing that
By mid-July, should have an offer out to a DevOps manager (maintenance of all of all this and to take ownership of the production process)
Maturing Federation Service Delivery
Deployed ticketing system
Hired a new service management employee for onboarding and help desk
Standards and Community Adherence
Baseline Expectations for Trust in Federation - AAC has developed these. They include a dispute resolution process
SIRTIFI - Security Incident Response Trust Framework for Federated Identity - International standard. InCommon has deployed this in pilot (and plan to move to production later this year). Move the self-attested SIRTFI tag into the Federation Manager (a box to click to self attest)
Putting Baseline into Production - AAC discussing detailed process for members holding one-another accountable for meeting expectations.
Thoughts and ideas from Steering:
develop value proposition around these items to help participants understand what is involved in running the federation.
Can we expose the workload involved in implementing tags, profiles, and the like; and perhaps employing a method for the community to help prioritize.
Another idea - perhaps Internet2 could develop a “behind the scenes” series to introduce community members to the various initiatives and value.
Perhaps present a version of today’s presentation to participants/members.
Want to make sure we aren’t ahead of the finances
How does this outreach fit with TIER? Ann - One thing we’ve discussed is merging the TIER and InC communications so people start to recognize the relationship. The intent is to gradually move the communications to “Trust and Identity” overall.
2017 Phased Hiring Plan
Have hired a project manager.
Have hired a Research Business Relationship Manager (partial FTE - Tom Barton - working 40% time on Internet2 programs)
In final stages of hiring a DevOps Manager and Security Lead
Q - are we in a better place than a year ago? Ann - yes. Talented new staff members coming on board. Rolling out revised Federation Manager in July, which is much needed. Have talented contractors that have helped with this and it will be ready for staff to take over. Also, will work with PAG to start aligning InCommon, TIER, Trust/Identity funding. A next step will be education, outreach, and engagement for the community. Need to work with participants on changing local behaviors and practices. Will also likely offer services to help with that.
Research SP Support Update
Was an Attribute Release roadmap update distributed with the agenda
Aligning AAC, TAC, and Steering efforts and concerns - Mark Scheible has been developing a draft for a working group charter. WG will be charged to
recommend an attribute release policy for participants
develop and implement a roadmap for adoption
Drive discussions on expectations of IdPs for attribute release
WG would consist of reps from Steering, AAC, TAC, PAG, a couple of registrars, I2/TIER, research SP, CIO at large, auditor/risk mgr
Is a draft charter to be discussed by Steering, TAC, AAC. Is a tight timelineLooking for names of individuals to fill these slots.
Suggest connecting with AACRAO for names of registrar(s) (AI - Ann)
Dennis and Ann on the program for AACRAO Tech conference in July. Session with a registrar to discuss attribute release - improving privacy/security while still releasing appropriate information. Coming out of that, hope to have some people interested in developing a white paper.
(AI) - Steering comment on the working group charter
Trust and Identity Communication to new Internet2 CEO
Klara - PAG drafting a member endorsing Kevin’s work and priorities
Content to discuss why trust/identity matters. Need for sustainability for this work
Kevin had first one-on-one with Howard last week. His experience in trust/identity space at Time Warner should help him come up to speed quickly
OpenID Connect Survey WG Report
Ran short of time today
Place on next month’s agenda
Next Meetings:
July 10, 2017 - Monthly Steering call
July 17, 2017 - First Trust/Identity PAG call