Trust and Identity Program Advisory Group Meeting - October 31, 2017

Face-to-Face at 2017 EDUCAUSE Annual Conference

Minutes 

Attending: Chris Phillips, Mark Johnson, Kevin Morooney, Klara Jelinkova, Ron Kraemer,  Sean Reynolds, Ted Hanss, John O’Keefe

With: Dean Woodbeck

Action Items

(AI) Kevin will provide CACTI with the matrix of “big questions” developed by the PAG.

(AI) Kevin - for the next PAG meeting - provide the funding model for the federation, certificate service, and eduroam.

(AI) PAG - do we need to create subcommittees/working groups to address the individual questions included in the matrix?

Trust and Identity PAG Issues

Ron shared the results of an exercise to determine priority questions and information that the PAG needs. He created a matrix with “degree of importance” on one axis and “degree of urgency” on the other. The results are here.

(AI) As CACTi is a recently formed group, Kevin will provide them with the results from the matrix exercise.

The PAG’s main needs that resulted from this analysis are:

1. Defining Trust and Identity service portfolio

2. Understanding Trust/Identity funding model

3. Trust/Identity roadmap

4. External factors and actors

   1. Commercial IAM providers

   2. Interfederation interoperability

5. Communications

6. Including demonstrating accomplishments


In addition, we should define other externals that we need to pay attention to, such as Globus and CARMA.

Since some of the matrix items involve TIER, Kevin recapped the current funding state. Internet2 has $1.1-$1.2 million committed to middleware development annually. The TIER  investor funds about doubled that amount for the three-year investment period, which ends at the end of 2018. Steve Zoppi is managing the spending of these funds to ensure a smooth transition at the end of the three-year investment period.

There was discussion about what comprises the Trust and Identity portfolio at Internet2, the roadmap for sustainability for these services, and the overall funding strategy. What does it cost to run the Trust and Identity services? There is also a need to understand the gaps that have been identified through various planning exercises. As an example, there are gaps related to the InCommon Federation meeting its operational goals.   

Kevin said that, in general, the Trust and Identity portfolio includes middleware development (currently in the form of TIER development that involves Shibboleth, Grouper, and COmanage), the InCommon Federation, eduroam, and the InCommon Certificate Service. There are other projects that are not part of TIER but are related to middleware development (like CARMA, the user consent to attribute release software).

Some of the other questions posed and discussed include:

• What is the financial model for continuing support and sustainability for the TIER software?

• What is the scope of the InCommon Federation and what role will it play in support for Shibboleth?

• How can InCommon work with vendors (particularly key vendors like Microsoft, Okta, Ellucian)

• What is our constituency and does our governance model match the needs? (Kevin: the constituency is Internet2 the organization, the Internet2 member community, InCommon participant community, and research organizations and service providers)

• What services do we need for InCommon to be successful?

• What are the services in the TIER project and the projection for their sustainability moving forward?

• What is the final answer on the Shib consortium? What is the sustainable future for Grouper and COmanage? Is the structure OK? (InC Steering, PAG, TAC, CACTI). Still some development and structural questions that need to be answered.


There is a sense that we are helping to create some anxiety in the community with our talk about sustainability and funding. This is a real impediment. We need to separate discussion about our challenges from communications that promote our pieces of infrastructure.

In general, we need to resolve these broad categories of the structure of Trust and Identity: governance, funding, membership model, development effort. This, and the big questions from the matrix mentioned at the top of the meeting, would best be done by creating some working groups or subcommittees of the PAG to gather information and address these questions.