Baseline Expectations V2 office hours
Tuesday, September 28, 2021
Attending
- Several community members
CTAB and Internet2 staff:
- David Bantz, U. Alaska
- Brett Beiber, U. Nebraska
- Jon Miner, U Wisconsin-Madison
- Andy Morgan, Oregon State U
- Johnny Lasker, Internet2
- Albert Wu, Internet2
- Tom Barton, Internet2
- Netta Caligari, Internet2
Discussion
- Several team members joined from one medical school organization
- This team just recently became aware of BEV2 when a previous InCommon Exec forwarded the email.
- They need to bring their InCommon Federation contact info up to date
- Previous InCommon contacts at their institution have moved on
- Albert provided info on how to define a new Exec Contact, and new Site Admin, etc.
- Running a Shib instance, migrating to Azure SSO.
- Albert:
- If migration from Shib to Azure is planned for about 6 months from now or more, it makes sense to update Shibboleth
- If migration is imminent, note that there are issues with Azure meeting all the federation requirements, and there will be a need for a bridging product
- Details about Azure not working out of the box
- There are some requirements in the R&E community that are not commonly found in commercial products.
- Example, NIH requirement for MFA
- For Azure, there is a need to use a bridging product; it's possible to use an in-house hosted solution, such as Shibboleth
- More commonly: use a commercial product, such as CIRRUS Identity Bridge, or Unicon,
- refer to Catalyst page that lists solutions https://incommon.org/community/catalyst/
- RDCT may be of interest as a consulting resource, they do work with NIH
- Question: how to do an inventory of who is using their federated metadata?
- Albert: see inside your Shib transaction logs
- Noted that https://met.refeds.org/ is a helpful site.
Concern about BEV2 emails
- Two community members said they have met Baseline Expectations but are still getting emails saying they have not.
- In both cases, the issue seemed to be failure to publish updated metadata with the SIRTFI box checked
- It was noted that also sometimes updates to meet BEv2 are made after the cutoff for the report that triggers emails from InCommon
Feedback from a Service Provider
- The timeline on BEV2 provided enough time to make the necessary changes/updates
- The InCommon Federation User Interface works well