InCommon Steering Committee Minutes - March 5, 2018
Attending: Mike Erickson, Melissa Woo, Dave Vernon, Sean Reynolds, Ted Hanss, Mark Scheible, Michael Gettes, Laura Paglione, Ann West, Brett Bieber, Marty Ringle, Klara Jelinkova, Dee Childs
With: Kevin Morooney, Steve Zoppi
(AI) As part of the Baseline Expectations dispute resolution process, CTAB will discuss communication around placing an entity on the docket for removal, including clearly defined requirements about how that entity would be removed from the docket and/or reinstated.
(AI) At its next meeting, Steering Exec will discuss whether there are issues that would benefit from a Face-to-Face discussion at Global Summit.
Minutes from Feb. 5 were approved via the wiki
Participation Agreement/Federation Operation Policies and Practices Changes
Ann reviewed the reasons for the proposed changes to these documents. The Baseline Expectations are changing the way we do business from an operations point of view and from the participant point of view. This requires changes to both the Participation Agreement and the FOPP. The change process for these documents is for management to propose changes, vet them with Internet2 legal, then ask for Steering approval. If approved, we publish the revised FOPP and notify the community within 15 days. For the Participation Agreement, we notify the participants of legal changes, which go into effect 90 days after the notification.
The latest versions of the PA and FOP are dated March 1 and available on the Steering meeting wiki page.
Steering discussed one area of the FOPP, section 10.3.3 “Suspension for Failure to Meet Baseline Expectations.” The discussion involved whether to add a sentence or clause to that section to the effect that the entity would be reinstated after it meets the Baseline Expectations. There was concern expressed that the FOPP should not be overly specific and that it would be difficult to anticipate all scenarios. Further, the dispute resolution process may be a better place to address the concern. (AI) CTAB will discuss communication around placing an entity on the docket for removal, including clearly defined requirements about how that entity would be removed from the docket and/or reinstated.
The Steering consensus was to leave such a statement out of the FOPP, but look to CTAB to include something in the dispute resolution process.
Brett mentioned that CTAB is also working on the process by which InCommon Operations communicates a dispute process to CTAB, including the type of information required in a ticket (both private and public). They will walk through a test case to help determine the requirements.
There was also discussion about the concept of InCommon Operations altering an entity’s metadata. Ann outlined one scenario: an IdP self-asserts the Research & Scholarship tag, but it is discovered that the entity does not, in fact, meet the R&S specification. In such a case, InCommon Operations would remove that self-asserted tag. However, InCommon would not add any metadata for an entity.
There were no questions about the proposed changes to the Participation Agreement.
InCommon Steering Resolution
Marty Ringle moved, and Michael Gettes seconded, this resolution:
The InCommon Steering Committee accepts the InCommon Participation Agreement and Federation Operating Policies and Practices changes to reflect Baseline Expectations, updated dispute resolution process and housekeeping updates with an effective date of March 5, 2018.
Legacy Metadata Endpoint Removal
Ann brought an information item to Steering concerning removing an old endpoint that participants could use to download metadata. InCommon instantiated a new download spot for metadata in 2014. At the time, it was expected that the old location (e.g. endpoint) would be deprecated, but there was some pushback and that never happened. Because of the plan to move ahead with per-entity metadata, the decision was made to remove this old endpoint.
InCommon Operations has communicated with site admins and execs since November 2017 about the removal of this endpoint. The URL for the old endpoint was removed on February 14. Because metadata expires two weeks after it is signed, metadata from this old endpoint expried on February 27. There are still 56 top-level domains and 117 hosts still trying to use the old download point.
For those 117 hosts, the services should be broken and no longer usable. If a service is still trying to use the old URL, that means one of three things: 1) the service is abandoned and no one is watching, 2) the software does not check the validity date on the metadata, or 3) the service is lightly used and no one has tried to access the service since Feb. 27.
There was concern expressed that a number of Amazon and Blackboard hosts appear on the list, so a university may not know that there is a problem. These types of third-party services is one thing that Baseline will need to address. However, it is incumbent on all site admins and execs to keep track of their email. Michael pointed out that we are talking about ;less than 3% of the more than 4,000 SPs.
Trust and Identity Project Portfolio
This is an item included on the agendas of all Trust and Identity governance and advisory groups and will be a standing information item for each meeting. It shouldn’t take any more than 3-4 minutes for members to review prior to the meeting.
Steering at Global Summit?
The Trust and Identity PAG will meet a Global Summit. Is there a need for a Steering Face-to-Face? (AI) Steering Exec will discuss at its next meeting.