InCommon Technical Advisory Committee Meeting Minutes
Thursday, April 24, 2014
Attending: Steve Carmody, Tom Barton, Keith Hazelton, Jim Basney, Ian Young, Nick Roy, Jim Jokl, Scott Cantor, David Walker
With: Dean Woodbeck (scribe), Tom Scavo, Joe St Sauver, John Krienke, Nate Klingenstein, Ann West
Action Items
(AI) John Krienke will implement a policy review regarding whether SP registration of keys could be made optional.
(AI) Steve Carmody and John Krienke - Take to Steering for a policy discussion the issue of maintaining/guaranteeing the strength of the trust fabric through proactive scanning and probing of entities on behalf of the federation and its participants.
(AI) Steve Carmody will discuss with Chris Holmes any legal issues he sees regarding moving toward the REFEDS R&S definition
(AI) Scott Cantor will continue to push discussion of the Affiliation-Based Access category and a library services category (proposed by SWITCH) and represent the TAC’s support for both.
(AI) Ann West will bring up with the InC-Student working group the issue of R&S attribute release and its relationship (or not) to students who invoke the FERPA opt-out.
(AI) Keith Hazelton and Jim Jokl will lead a discussion about the proposed IAM Test Bed on the TAC email list.
Heartbleed
Tom Scavo pointed to a “lessons learned section at the bottom of the Heartbleed wiki page that he has been maintaining: https://spaces.at.internet2.edu/x/-4DYAg
There was discussion about the InCommon policy to require SPs to register private keys even if they don’t use the keys (which means they likely will not take care of the keys). Could this be an optional requirement? (AI) John Krienke will implement a policy review.
There was discussion about the appropriateness of InCommon scanning endpoints that are in the federation metadata looking for vulnerabilities in cases like the Heartbleed problem. There were discussions about this with members of TAC, Steering, and others at the Global Summit, as well as with Internet2 attorneys. InCommon does not have a mandate to do such probing, but it could be beneficial to the federation and its participants. Perhaps there needs to be a policy that is more directive about the federation doing such scanning on behalf of the community when there is a clearly defined benefit for doing so. This is also part of InCommon’s right (and responsibility) to ensure the reliability of the trust framework.
(AI) Steve Carmody and John Krienke will take this to Steering for policy development
R&S Process
Ann West reviewed the new approval policy for proposed R&S SPs that was just approved by Steering’s External Relations and Governance Subcommittee. Staff will review all R&S applications and, if there is no question about the SP’s eligibility, staff will approve the application. If there are questions, the application will go to TAC for a one-week review period. If there are still questions after that, the TAC chair will take the issue to Steering.
R&S Gap Analysis
Tom Scavo compared the REFEDS R&S specification with the InCommon spec. There are some differences, mostly minor. The TAC consensus is to migrate the InCommon spec so that it matches the REFEDS spec, if at all possible. Otherwise, there would need to be an InCommon R&S tag and a separate REFEDS tag. (AI) Steve Carmody will take this up with Steering member Chris Holmes (associate counsel at Baylor).
Affiliation-Based Access
Steering has approved the Affiliation-Based Access (ABA) category with the goal of also nudging the international conversation. There are currently REFEDS discussions about the ABA category, and a proposed Library Services category (from SWITCH (https://refeds.terena.org/index.php/Entity_Category_Library
TAC consensus is to push forward on both of these categories through REFEDS. (AI) Scott Cantor will represent this TAC consensus in REFEDS discussions.
Other Entity Categories
Jim Jokl discussed an interest in determining actual use of the R&S category; specifically if universities are releasing the R&S attributes for students who have exercised the FERPA opt-out. While it does not seem as if such attribute release is covered by the opt-out, it would be nice to have opinions from FERPA experts. Ann suggested engaging with AACRAO on this issue and (AI) she will bring it to the attention of the InC-Student working group, which meets tomorrow.
IAM Test Bed
(AI) Keith Hazelton and Jim Jokl will lead a discussion about this on the TAC email list.
Next Meeting
Thursday, May 8, 2014 – 1 pm ET, Noon CT, 11 am MT, 10 am PT