InCommon Steering Committee Meeting - September 14, 2020
Attending: Brad Christ, Ted Hanss, Marc Wallman, Pankaj Shah, Ann West, Christine Miki, Sean Reynolds, Laura Paglione, Dee Childs, Michael Berman
With: Kevin Morooney, Dean Woodbeck, David Bantz (CTAB), Steve Zoppi, Jill Gemmill (CACTI) Kim Owen (eduroam Advisory Committee), Janemarie Duh (TAC), Von Welch, Jessica Fink
Regrets: Chris Sedore
Baseline Expectations v2
Ann reviewed from the origins of Baseline Expectations.
- During the first few years, InCommon did not mandate anything, but relied on best practices and each organization publishing a document that contained relevant information about identity proofing, attribute release, and the like. Other organizations could then read those documents and make a trust determination. This proved not to be scalable.
- After 9/11, the federal government turned to federated identity and developed some levels of assurance via the Federal Identity, Credential, and Access Management (FICAM) effort. FICAM developed a certification for trust framework providers and InCommon was one of those
- InCommon then developed the assurance program, initially with Bronze and Silver levels, but over time, no government agencies required these levels and only six identity providers ended up participating.
- The InCommon community decided to establish a base level of requirements for all federation participants based on the assurance work, creating Baseline Expectations for Trust in Federation
- Development and implementation started about four years ago. In 2019, reached 100% adherence.
David Bantz, chair of the Community Trust and Assurance Board, reviewed the original expectations and the three that are part of version 2 (encrypting endpoints, supporting SIRTFI - Security Incident Response Trust Framework, and requiring inclusion of an error URL in metadata to help end users).
CTAB is now in the consultation process, which ends October 19, and will come to Steering in November for final approval.
InCommon Technical Advisory Committee (TAC) - Janemarie Duh
Deployment Profile Working Group, chaired by Keith Wessel, had a number of recommendations, including testing tools, updated requirements for TLS, and the adoption of new subject identifiers to replace existing problematic identifiers. TAC reviewed the recommendations with an eye towards the amount of work involved in implementation. Subject identifiers will be the most intensive change requiring a multi-year effort of outreach, explanation, and migration strategies.
Test Federation Environment Working Group - TAC has completed a charter for a working group on the development of a test federation environment for organizations to use to test interoperability.
IdP as a Service Working Group - This working group has almost completed it work, as it puts the finishing touches on a draft final report.
CACTI - Jill Gemmill
Common identity registry - CACTI has been discussing the concept of a common identity registry for higher education, a topic suggested by some CIOs. CACTI referred this to Kevin to determine if this is a priority and/or something for InCommon to investigate.
IAM Hiring and Recruiting Working Group - This group was established to help identify the skills and requirements to consider when hiring for IAM. Recruiting WG members now.
IDPro - CACTI has had conversations with this professional group to help dentify best practices.
CACTI is also exploring the concept of a federation proxy service for use with cloud vendors
eduroam Advisory Committee - Kim Owen
eAC formed earlier this year. Rob Gorrell and Kim Owen are co-chairs. eAC has broad representation, including members from Europe. One focus is on K-12, as well as outreach to libraries and museums.
Development of an eduroam best practices guide - to be delivered this fall and available for training. Provide guidance on deployments and implementation - scalability and interoperability. Not highly technical and points to other references. The draft is almost complete; the next step is to go out for community input
- Jessica reviewed the schedule and is drafting a community communications now.
- Ted emphasized the need to consider types of members that Steering may want to recruit, considering roles, regions, and the scale of institutions.
Next Meeting - October 5, 2020
4 pm ET / 3 pm CT / 2 pm MT / 1 pm PT