Trust and Identity Program Advisory Group Meeting - February 11, 2019
Minutes
Attending: Kevin Morooney, Klara Jelinkova, Mark Johnson, Ted Hanss, Mike Erickson, Ann West, Steve Zoppi
Regrets: Laura Paglione, Klaas Wierenga, Sean Reynolds, Chris Phillips
PAG Membership
The InCommon Steering Executive Committee will serve on the PAG (Ted Hanss, Mike Erickson, Laura Paglione). Sean Reynolds will continue on the PAG (but not representing Steering). Kevin is still pursuing a regional representative for the PAG. Klaas Wierenga from GÉANT has also agreed to join the PAG.
Internet2 Planning and Priorities Committee
Sean Reynolds will remain on the PAG (his term as InCommon Steering chair has ended) and will serve as representative to the Internet2 Board’s Planning and Priorities Committee. That committee will meet at Global Summit; Kevin and Sean will discuss potential issues to address. If any PAG members have thoughts, please contact Kevin or Sean. Jack Suess will serve as the NET+ PAG representative to the PPC.
Global Summit
The PAG will meet Wednesday (March 6), 8:30-10 am at Global Summit. InCommon Steering members are also invited.
Eduroam Update
Ann West provided an overview and update of the eduroam service (slides are here).
eduroam is a global service run by GÉANT. Each country, in turn, has an eduroam operator; Internet2 serves this role in the U.S. Ann serves on the eduroam global governance committee.
Trust and Identity is responsible for the business operations of eduroam and owns the equipment and technical infrastructure. Day-to-day operation is contracted to the contractor ANYROAM. Internet2’s Technical Services Group also has some technical responsibilities. There are currently 624 connectors in the U.S. Internet2 members receive eduroam as part of their member fees.
Internet2 assigned this service to Trust and Identity in 2016. The focus that year and in 2017 was to work with all connectors to sign contracts and to implement a fee structure for non-Internet2 members. In 2018, service maturity has been the focus, with an emphasis on a security review, operational maturity, and scalability. In 2019, one goal will be to more-fully engage the eduroam community, starting with development of a Technical Advisory Committee.
The security review had these recommendations:
Develop risk management framework, based on NIST’s Cybersecurity Framework
Update change management process
Create incident response plan and testing plan
Develop schedule for review of attack surfaces, periodic testing
Update operations plans
Trust and Identity is reviewing each finding and will develop work plans and do periodic self-assessments. In terms of scaling, there is a pilot underway with the Utah Education and Telehealth Network to provide eduroam to their members.
There was discussion about excitement in the community to expand eduroam to K-12, libraries, hospitals, and even airports. The work with the Utah regional is a step in that direction. The challenge now, though, is to ensure security and operational maturity. We want to be sure to address the gaps that have been identified and not expand too quickly until that happens.
There are also discussions about the business model. Currently, Internet2 members do not pay for the service (it is part of member dues), and non-members pay 10 cents per FTE, which is very low.
InCommon Fee Change
Kevin provided an overview of the outreach work on the proposed fee increase. The introductory webinar took place a month ago, with 113 attending and just 5-6 questions. Three of the four planned open office hours have been held - all three have been lightly attended (5-6 people per instance). Not really any questions or feedback on the increase during the first two. On the third one, there were a couple of questions about the size of the increase (in percentage terms).
The questions have informed the FAQ, which has expanded.
There was discussion about the lack of any negative feedback. If Steering moves ahead with the proposal in April, the next time we may get negative feedback is when invoices are mailed in November. It was suggested to document the outreach efforts in case of questions in November. AI FOR DEAN). Technical people might be on board, but what happens when procurement gets the invoice in November.