2021-Sept-28 BEv2 Office Hours Call

Baseline Expectations V2 office hours

CTAB and Internet2 staff:

Several team members joined from one medical school organization
This team just recently became aware of BEV2 when a previous InCommon Exec forwarded the email.
They need to bring their InCommon Federation contact info up to date
- Previous InCommon contacts at their institution have moved on
- Albert provided info on how to define a new Exec Contact, and new Site Admin, etc.
Running a Shib instance, migrating to Azure SSO.
Albert:
- If migration from Shib to Azure is planned for about 6 months from now or more, it makes sense to update Shibboleth
- If migration is imminent, note that there are issues with Azure meeting all the federation requirements, and there will be a need for a bridging product
Details about Azure not working out of the box
- There are some requirements in the R&E community that are not commonly found in commercial products.
- Example, NIH requirement for MFA
- For Azure, there is a need to use a bridging product; it's possible to use an in-house hosted solution, such as Shibboleth
- More commonly: use a commercial product, such as CIRRUS Identity Bridge, or Unicon,
- refer to Catalyst page that lists solutions https://incommon.org/community/catalyst/
- RDCT may be of interest as a consulting resource, they do work with NIH
Question: how to do an inventory of who is using their federated metadata?
Albert: see inside your Shib transaction logs
Noted that https://met.refeds.org/ is a helpful site.

Concern about BEV2 emails

Two community members said they have met Baseline Expectations but are still getting emails saying they have not.
In both cases, the issue seemed to be failure to publish updated metadata with the SIRTFI box checked
It was noted that also sometimes updates to meet BEv2 are made after the cutoff for the report that triggers emails from InCommon

Feedback from a Service Provider