Skip to end of metadata
Go to start of metadata

InCommon Steering Committee Minutes - June 19, 2017


Attending: Dave Vernon, Ann West, Dennis Cromwell, Sean Reynolds, Michael Gettes, Michele Norin, Marty Ringle, Klara Jelinkova, Dee Childs 

With: Dean Woodbeck, Steve Zoppi, Kevin Morooney, Mark Scheible, Brett Bieber, Von Welch

Minutes from April 23 approved via the wiki.

Action Items

(AI) - Steering members should read and comment on the Attribute Release working group charter

(AI) - Ann will follow up with AACRAO on names of registrars who would be potential members of the Attribute Release working group

InCommon Dues Increase - Use of Funds

Link to slides

 Ann provided an overview of the slides. Reviewed the five priorities - some funded by dues increase and some accomplished prior to the increase

  1. Sustaining Shibboleth Software

    1. Shib Consortium did webinars outlining the need for funding

    2. Kevin, Justin Knight and Scott Cantor did an IAM Online on the Shib Consortium finances and on plans for future features and updates. It was well-attended.

    3. The Consortium has attracted new memberships since the webinars, which improved the financial position.

    4. The Consortium board will be discussing sustainability. The lack of resources makes the rate and pace of the development team slower than what the community demands.

  2. Hardening/Sustaining Federation Operations

    1. Upgrading Federation Manager code and interface (through use of consultants) and streamlining processes in the FM

    2. Containerizing the Federation Manager backend to match the TIER approach

    3. Working with the UK and Canadian federations to share metadata hosting (initially for emergency purposes)

    4. January 2017 - rolled out security incident response program

    5. April 2017 - documented a disaster recovery plan for the federation

  3. Scaling Federation Operations and Infrastructure

    1. Significant challenges as to signing metadata and how metadata is managed - need to containerize and streamline efforts

    2. Signing metadata currently done by hand (and must be done on-site in Ann Arbor). Will work with the new security lead on changing that

    3. By mid-July, should have an offer out to a DevOps manager (maintenance of all of all this and to take ownership of the production process)

  4. Maturing Federation Service Delivery

    1. Deployed ticketing system

    2. Hired a new service management employee for onboarding and help desk

  5. Standards and Community Adherence

    1. Baseline Expectations for Trust in Federation - AAC has developed these. They include a dispute resolution process

    2. SIRTIFI - Security Incident Response Trust Framework for Federated Identity - International standard. InCommon has deployed this in pilot (and plan to move to production later this year). Move the self-attested SIRTFI tag into the Federation Manager (a box to click to self attest)

    3. Putting Baseline into Production - AAC discussing detailed process for members holding one-another accountable for meeting expectations.

Thoughts and ideas from Steering:

  • develop value proposition around these items to help participants understand what is involved in running the federation.

  • Can we expose the workload involved in implementing tags, profiles, and the like; and perhaps employing a method for the community to help prioritize.

  • Another idea - perhaps Internet2 could develop a “behind the scenes” series to introduce community members to the various initiatives and value.

  • Perhaps present a version of today’s presentation to participants/members.

  • Want to make sure we aren’t ahead of the finances

How does this outreach fit with TIER? Ann - One thing we’ve discussed is merging the TIER and InC communications so people start to recognize the relationship. The intent is to gradually move the communications to “Trust and Identity” overall.

2017 Phased Hiring Plan

  • Have hired a project manager.

  • Have hired a Research Business Relationship Manager (partial FTE - Tom Barton - working 40% time on Internet2 programs)

  • In final stages of hiring a DevOps Manager and Security Lead

Q - are we in a better place than a year ago? Ann - yes. Talented new staff members coming on board. Rolling out revised Federation Manager in July, which is much needed. Have talented contractors that have helped with this and it will be ready for staff to take over. Also, will work with PAG to start aligning InCommon, TIER, Trust/Identity funding. A next step will be education, outreach, and engagement for the community. Need to work with participants on changing local behaviors and practices. Will also likely offer services to help with that.

Research SP Support Update

  • Was an Attribute Release roadmap update distributed with the agenda

  • Aligning AAC, TAC, and Steering efforts and concerns - Mark Scheible has been developing a draft for a working group charter. WG will be charged to

    • recommend an attribute release policy for participants

    • develop and implement a roadmap for adoption

    • Drive discussions on expectations of IdPs for attribute release

    • WG would consist of reps from Steering, AAC, TAC, PAG, a couple of registrars, I2/TIER, research SP, CIO at large, auditor/risk mgr
      Is a draft charter to be discussed by Steering, TAC, AAC. Is a tight timeline

    • Looking for names of individuals to fill these slots.

      • Suggest connecting with AACRAO for names of registrar(s) (AI - Ann)

  • Dennis and Ann on the program for AACRAO Tech conference in July. Session with a registrar to discuss attribute release - improving privacy/security while still releasing appropriate information. Coming out of that, hope to have some people interested in developing a white paper.

  • (AI) - Steering comment on the working group charter

Trust and Identity Communication to new Internet2 CEO

  • Klara - PAG drafting a member endorsing Kevin’s work and priorities

  • Content to discuss why trust/identity matters. Need for sustainability for this work

  • Kevin had first one-on-one with Howard last week. His experience in trust/identity space at Time Warner should help him come up to speed quickly

OpenID Connect Survey WG Report

  • Ran short of time today

  • Place on next month’s agenda

Next Meetings:

July 10, 2017 - Monthly Steering call

July 17, 2017 - First Trust/Identity PAG call

  • No labels