InCommon Technical Advisory Committee Meeting Minutes
Thursday, June 5, 2014
Attending: Michael Gettes, Scott Cantor, Chris Misra, Steve Carmody, Ian Young, Jim Jokl, Keith Hazelton, Tom Barton, Paul Caskey, Steve Olshansky, David Walker
With: Ann West, John Krienke, Nate Klingenstein, Dean Woodbeck, IJ Kim, Tom Scavo
Chair Steve Carmody welcomed Steve Olshansky, identity lead at ISOC, to the TAC.
- (AI) Tom Barton, Chris Misra, and Nick Roy (should he accept), and one or two members of Assurance Advisory Committee (AAC) (should they accept) will develop a list of first steps that InCommon might take vis a vis future security issues like Heartbleed.
- (AI) Steve Carmody will contact Nick Roy and the AAC leadership about participating in the Heartbleed group.
- (AI) Steve Carmody will kick off an email discussion concerning standing up a working group around the technical issues involved with interfederation.
- (AI) Steve Carmody will start an email discussion re: the wiki page on issues involved with InCommon offering a Social-to-SAML gateway as an operational service.
Tom Scavo reported on his work to contact SAML-1 only SPs. Only a handful have not responded. Most deployments are using the production aggregate, a significant number are old and will be removed from metadata, and only one is not compatible with SHA-2 and will be upgraded by the end of June.
There was a security advisory concerning OpenSSL this morning. Scott reported that Shib will be patched by the end of the weekend.
Working Group Status Updates
The new working groups (external identities and alternative IdPs) are included in Steve Zoppi’s budget requests. JaneMarie Duh (Lafayette) has agreed to lead the Alternative IdPs WG, wkth David Walker as flywheel and support.
Chris Holmes (member of Steering and associate counsel at Baylor) responded to the TAC memo concerning Heartbleed and whether InCommon could take a more aggressive role, should it choose to do so. He believes there are some things InCommon could do under the current Participation Agreement, but suggested that TAC propose some specifics, should we wish to pursue anything.
TAC discussed the possibilities of trust marks or tags, working with a group like REN-ISAC, and other issues. (AI) Tom Barton, Chris Misra, and Nick Roy (should he accept), and one or two members of Assurance Advisory Committee (AAC) (should they accept) will develop a list of first steps that InCommon might take in this area. (AI) Steve Carmody will contact Nick Roy and the AAC leadership.
Interfederation Working Group Update
Steering has asked John Krienke to provide a list of changes needed for the Participation Agreement and the Federation Operating Policies and Practices to enable interfederation. There are a number of technical issues involved, as well. (AI) Steve Carmody will kick off an email discussion concerning standing up a working group around the technical issues.
The AAC is interested in developing a POP replacement (perhaps Bronze) that would be more standardized. At the AAC face-to-face in April, they developed a rough draft of what a POP replacement might do. This led to a discussion about trust marks and the potential for further community assurance profiles (light-weight and likely self-asserted).
Steve Carmody created a wiki page with a list of issues to discuss concerning InCommon offering a Social-to-SAML Gateway Google gateway as an operational service. (AI) Steve will start an email discussion on the topic.
Thursday, June 19, 2014 – 1 pm ET / Noon CT / 11 am MT / 10 am PT