Trust and Identity Program Advisory Group Meeting - November 13, 2017
Attending: Ted Hanss, Kelli Trosvig, Klara Jelinkova, Sean Reynolds, Chris Phillips, Kevin Morooney, Mark Johnson, Ron Kraemer, Michele Norin
With: Ann West, Steve Zoppi
(AI) Steve Zoppi and Kevin Morooney - For the next PAG meeting, revamp the presentation information to be more clear about what Internet2 is responsible for and provide additional clarifications.
(AI) Michele Norin will take to the Global Summit program committee the concerns about a combined trust/identity and security track, with the PAG consensus that these tracks should be separate.
Internet2 Trust and Identity Services
Today’s main agenda item is to provide information about the trust and identity service portfolio. Kevin prepared an outline of the major service offerings:
InCommon Certificate Service
Trust and Identity Division support
Funded via subscriptions, Internet2 dues (Internet2 members do not pay for eduroam), and some of the cert service revenue
Kevin is leading a group of Internet2 execs to determine how to pay for eduroam in the future, as well as to discuss how we can provide regionals access (for their own organizations)
About 560 connectors
Internet2 is the US node for the global eduroam service
eduroam identity providers must be education or research orgs, but any organization (say, Starbucks) can be a service provider
Kevin shared some stats about eduroam connector demographics
Over the last several months, staff have been working on getting contracts signed by all connectors. About 70 of the 560 connector contracts are still in flight
420 higher education/research subscribers
Subscribers also pay the InCommon fees (but cert-only subscribers were held harmless in the 2017 dues increase)
About to start production to introduce SSO and MFA to the Certificate Manager portal
There are about 150 cert subscribers that do not use federated identity management
Comodo - the provider - was recently acquired by Francisco Partners
There was discussion about whether services like Let’s Encrypt pose a threat (Let’s Encrypt provides an automated way to set up a certificate every time you set up a new service - like an Apache server). So far, such services have not been an issue, since our main selling point is that we offer an enterprise solution and that it provides the campus operator with a view of all certificates on campus.
Steve Zoppi provided an overview of the software engineering work. The broad goal is tying together Shibboleth, Grouper, and COmanage into an IAM suite. Internet2 is providing the integrative services for these, providing the packaging via containers. So while we don’t control Shibboleth development, for example, we have containerized the IdP and are developing a user interface (which the community has told us is important to them).
There was discussion about being more specific about what Internet2 “owns,” and the services Internet2 specifically provides, and then separately those things that Internet2 does not own but uses (such as Shibboleth). It is important that we are clear on what services we are offering and which we don’t control.
(AI) For the next PAG meeting, Steve and Kevin will revamp the presentation information to be more clear about what Internet2 is responsible for and provide additional clarifications.
For the 2018 Global Summit, the trust/identity and security tracks have been combined. There is concern that these topics are not the same and that this could leave holes in the program. There was also discussion about the assumed audience for Global Summit and whether highly technical sessions are generaly deferred to TechEx.
After discussion, the general consensus is that trust/identity and security are different and should have separate tracks. (AI) Michele Norin is co-chair of the Global Summit and said she would take the feedback about tracks to the program committee. They will review the number of proposals in trust/identity and in security as part of the decision about the combined track.
In terms of the audience for Global Summit, we typically assume the target audience are people at the director level and above. We typically encourage presentation of technical topics be done in way that people at the director level and above can understand. Trust/Identity sessions tend to get more technical, but there was a good balance at last year’s Global Summit.