spaces.at.internet2.edu has been upgraded to Confluence 6.12.2. If you have any questions and/or concerns, please contact us at collaboration-support@internet2.edu
Skip to end of metadata
Go to start of metadata

InCommon Steering Committee Minutes - October 9, 2017

  
Attending: Dee Childs, Celeste Schwartz, Michael Gettes, Melissa Woo, Ted Hanss, Dennis Cromwell, Klara Jelinkova, Sean Reynolds, Dave Vernon

With: Kevin Morooney, Ann West, Steve Zoppi, Von Welch Brett Bieber

Action Items

(AI) Kevin Morooney will write a short summary of a proposed way forward for all InCommon participants to receive Shibboleth support. He will begin the conversation with the Consortium board at a meeting on October 11.

(AI) Steve Zoppi will share an updated document that incorporates a gap analysis of the Shibboleth needs, and the costs for different scenarios of addressing the gaps.

September Minutes

Minutes from September 11 approved via the wiki.

Shibboleth Sustainability Subcommittee

The subcommittee (Kevin, Sean, Ted, Michael, Marty) met and discussed both sustaining Shibboleth by asking InCommon participants to join the Shibboleth Consortium, as well as addressing the problem of support workload drawing developers away from development.

The subcommittee asked Kevin to explore informally whether the Consortium would be open to a model in which InCommon provide funding for all of its participants and all participants would receive some level of software support. The model would be such that the per-institution fee would be at a lower rate than each participant joining the Consortium but would still provide significant resources for Shibboleth.

Subsequently, Kevin has discussed the concept in separate conversations with Justin Knight (who is the Consortium operator) and Josh Howlett, the JISC representative on the Consortium board. Both were intrigued with the idea and believe it is something worthy of discussing with the Consortium board. (AI) Kevin is going to write a short summary to use to begin conversations with the Consortium board at the next meeting (October 11). This will also be an item on the Trust and Identity PAG agenda at TechEx.

(AI) Steve Zoppi will share an updated document that incorporates a gap analysis of the Shibboleth needs, and the costs for different scenarios of addressing the gaps.

Steering raised several other points to incorporate into the discussion

  • Need to provide transparency and financial accountability if the “all-in” approach is used

  • Need to consider and outline the governance process for potentially increasing InCommon fees and moving funds to an external organization

  • Need to consider having redundancy in the developer base to reduce risk of relying on a limited number of people

  • How would support work? Would we support only the TIER version of Shibboleth because of the instrumentation/information on configuration that it provides? Would we develop a program in which we approve companies to provide support?

  • Are there other open-source projects (COmanage, Grouper) that have some of these same needs and challenges? After TechEx, Tom Barton will begin a full inventory of this space - the key open-source projects, the dependence on each, and the state of governance of each.


Nominations

Three members have terms ending this year and all eligible for another term. Dennis Cromwell will be resigning at the end of the year because of new duties at Indiana University. There is a list of potential nominees under development.

The proposed process is the same as last year:

  • Send a call for nominations in late October

  • Steering considers nominees in light of institutional diversity and the need for key expertise (such as the research advisory seat) or experience

  • A decision will be made by early December, recommending a slate of nominees to Kevin.


Assurance Advisory Committee Changes

Brett Bieber, chair of the Assurance Advisory Council, outlined the change of AAC focus that has developed over the last two years, with a large amount of time spent developing Baseline Expectations for Trust in Federation and the associated implementation plan. This program will require changes to the InCommon Participation Agreement and the Federation Operating Practices and Policies (FOPP), which will involve Steering.

The AAC also will propose changes in its charter, including the roles needed on the committee. The group was originally charged with supporting the assurance program and the resulting Bronze and Silver assurance profiles. To date, however, there are only five Bronze institutions and no Silver institutions. With the migration towards raising trust in the federation, there are different needs (security, for example).

Tom Barton talked with the five Bronze institutions and found the value of the profile is as a toolkit and a checklist for trust practices. They also said the MFA profile is helpful and SIRTFI will be helpful. They would also like to see an identity-proofing profile or guideline.

In addition, NIST has updated 800-63 to 800-63-3 and FICAM (Federal Identity, Credential, and Access Management) will require its trust framework providers (InCommon is one) to move to the new NIST 800-63-3 digital identity guidelines. This would require significant time and resources for InCommon and, as of yet, no federal agencies are asking for this. It would likely take a year or year-and-a-half to change the InCommon profiles to meet the new requirements (which are not yet documented).

Von said his conversations with research agencies and services is that they place far more emphasis on having a way to request two-factor authentication, rather than the specific assurance profiles.

Brett reiterated that the key role for Steering at this point will be to consider revising the AAC charter, and consider the proposed changes to the Participation Agreement and FOPP when those are ready (likely in the next two months).

Meeting Adjourned   
 

  • No labels