20130315.InCommon.Quilt.Pilot.Tech.Call.Notes

Minutes from Quilt / InCommon Pilot Tech Call
2:00 PM Eastern Time Friday March 15, 2013
Notes taken by Steve Thorpe, thorpe@mcnc.org
Reminder on Group Logistics:
Email list is inc-quilt-pilottech@incommon.org
Box folder is https://www.box.com/files/0/f/680471824/InC-Quilt_Pilot_Tech
Standing meeting is Fridays at 2:00 PM Eastern
Dial-in numbers for our standing meeting are: +1-734-615-7474 (English I2, Please use if you do not pay for Long Distance), +1-866-411-0013 (English I2, toll free US/Canada Only) Access code: 0110688#
Attendees:
Bernie A'cs, NCSA
Chris Giordano, MOREnet
Keith Hazelton, University of Wisconsin-Madison
Steve Olshansky, Internet2
Tom Scavo, InCommon/Internet2
Mark Scheible, MCNC (chair)
Steve Thorpe, MCNC
Action Items From Last Week's Meeting:
[AI] Mark S: Put PowerPoint slides into Box folder after the call. DONE: See "Regional Federation Models.pptx" in the "InC-Quilt Pilot Tech" box folder.
[AI] Mark S: Will start a questions document in the Box folder, with the questions captured here. And people can add to it (along with administrative questions). DONE: See "Quilt Tech WG Pilot Questions.docx" in the "InC-Quilt Pilot Tech" box folder. John K. has since combined these into a higher-level document (see below).
[AI] Steve T: Publish these minutes around to the various lists / box folder. DONE: See "20130308.InCommon.Quilt.Pilot.Tech.Call.Notes.docx" in the "Minutes of Pilot Tech Calls" box folder.
[AI] Tom S: Will try to find a previous diagram and set of steps for how the Proxy IdP works. DONE: See https://spaces.at.internet2.edu/display/GS/SAMLIdPProxy (another shout-out to Chris who also found this link)
Action Items From Today's Meeting:
[AI] Steve T: Publish these minutes around to the various lists / box folder. DONE: See "20130315.InCommon.Quilt.Pilot.Tech.Call.Notes.docx" in the "Minutes of Pilot Tech Calls" box folder.
[AI] All: Put yourselves into the shoes of the person trying to answer the questions. If you were asked to answer them, could you do it?
[AI] Mark: Put a glossary together
[AI] Mark: Provide feedback to the pilot definition working group, that having some supplemental material to the questions would be helpful – e.g. diagrams, motivation, etc. To put things into context.
[AI] Chris G: (If can identify spare cycles) Explore MDA and provide any feedback to this group.
Discussion:
0. Agenda Bash
1. Updates from Admin & Pilot Definition Calls
Pilot definition working group met yesterday. They reviewed the pilot ideas, and the plan to work with regionals who already have something in mind – rather than a formal call for proposals. This will be more informal. Goal is to have a nice mix of scenarios to follow through validating the models discussed at the workshop.
Admin call – seems like they focused primarily on going through the questions.
2. Review of "Combined" Questions for Pilot Applicants
See file "Quilt_Federation_Pilot_Questions_v01.docx" that Mark/John K. added to the top-level "InC-Quilt Pilot Planning" box folder. John K. added a bunch of changes as well. It covers the following topics (with a narrative for each):

1. Goals
2. Scope of constituents
3. Number of SPs
4. Legal
5. Financial and Pricing model
6. Additional Goals
7. Calendar
8. Federation Operations
   1. Federation Scenario
   2. Metadata Management
   3. Registration Authority
   4. Metadata Aggregator
   5. Proxy IdP / SP Usage
9. What are you providing / offering?
10. What are your needs?
11. Community Contribution / Strategic Importance

Probably the questions document could use a glossary. Also perhaps diagrams could be included as part of that. Pointers to further information would also be nice.
Bernie: I like the questions & we have some diagrams for question 8. Would it be possible for similar diagrams to be created for the MDA?
Mark: MDA is part of the diagram I put up today. I think we're talking here about the MDA that Ian Young is in charge of. (Vs. the European Python version.)
Tom: Chad and Ian collaborated on that tool way back. Ian has taken over as the primary maintainer. A new release of the aggregator is imminent. MDA is a shib project, so If you have an MDA usage list, use the shib users list. For development questions, use the shib dev list.
Q from Mark: Would this group possibly like to hear from Ian about the MDA on this call?
A from group: Perhaps it is premature at this time. Could use the list to communicate, and it will become clear when its time. When we do have a call (if we do) then hopefully it would be in the context of how we're actually trying to use it in our project.
3. Review of Proxy IdP Diagram and Usage
See file "Proxy IdP-SP Slides.pdf" that Mark added to the "InC-Quilt Pilot Tech" box folder. Proxy could have different authentication methods behind it – not just IdPs. For example could have ldap, CAS, etc. Another benefit of the proxy is it allows using InCommon metadata by multiple members not in it.
Q from Mark: What is it the proxy can do that the MDA can't do?
A from Tom: If everyone actually had a SAML-based IdP, then MDA is definitely preferred. The proxy sure does make things easier, however it does become a single point of failure as well – thus making its daily monitoring, reliability etc. very critical. If they're all SAML-based metadata enabled already, MDA probably makes more sense.
A from Bernie: In the K12 community we'll probably get confronted with multiple directories behind the scenes. So a proxy IdP would proxy requests to whatever environments are back there.
Mark: The more we understand the pros and cons of these the better, and maybe capturing that, it would help us. The other model is potentially doing a multi-scoped IdP. But in any of those, we'd need to balance the amount of work in configuring / supporting a proxy IdP and/or a multi-scoped IdP, vs. standing up individual IdPs.
Tom: Let me add to that, there's also the question of user experience. I imagine there will be user-experience type issues having to do with discovery, for example. Is the discovery going to be equivalent or degraded? (it certainly is not going to be enhanced)
Mark: Perhaps we can identify workarounds. For example could a cookie help reduce the pain of the discovery service process?
Steve: Setting up test simpleSAMLphp IdP proxy now. May put up documentation.
4. Review of Metadata Aggregator Diagrams and Usage
See file "MDA Scenarios.pdf" that Mark added to the "InC-Quilt Pilot Tech" box folder.
Mark: Are there any volunteers to try out the MDA?
Chris: I'll volunteer but as long as I'm not fully committed to anything, I could see if I could fit it in. At least to take a cursory look at it. I'm interested in it but am also quite busy right now.
Mark: That would be great. At least if you had any feedback to this group about whether it would be a viable option.
5. Next Steps?
Goal is to relatively get to the stage of saying we're ready for proposals.
If the application is ready to go, what do we do? Continue / expand / change? Want to make sure we're not overlapping existing projects out there. Perhaps can consider this in coming weeks.
Chris: My thought is, as the project gets started and things unfold, we need a way to consolidate / organize / publish results. Would that be segregated or all together? Perhaps administrative side would be disbanded before the technical does.
Steve O: Some kind of technical support infrastructure from this group in the future would be nice.
6. Adjourn
Next Meeting: Friday March 22, 2:00 PM EDT