InCommon Technical Advisory Committee Meeting 2015-05-28
Attending: Steve Carmody, Chris Misra, Tom Barton, Scott Cantor, Ian Young, Jim Jokl, Keith Hazelton, David Walker, Steve Olshansky
With: Dean Woodbeck, Tom Scavo, Steve Zoppi, Nate Klingenstein
The minutes of May 14 were approved.
IdP of Last Resort Working Group
Keith Hazelton reviewed the final draft report of the IdP of Last Resort Working Group. Here are highlights and comments section-by section.
Executive Summary - The WG approach was to look at primarily research SPs with users that cannot get to the service for whatever reason - for example, their institution does not have an IdP deployed and/or federated. The requirements listed in the WG report are from the perspective of the R&S community and represent the ideal situation, from their point of view.
Scope and limits of proposed service - This section should not be read as suggesting any relaxation of standards or guidance from InCommon. The IdPoLR is also not intended to be a replacement for, or easier alternative to, a campus IdP.
Requirements - To veteran IdM folks, #6b and #7 may seem like basic SSO, but the WG wanted to make sure that these are addressed.
- need to tighten up language in some of the requirements.
- need to address, up front, why just pointing people at Google is not a good option, particularly for research services.
- a user story will appeal to CIOs (“my star researcher wouldn’t access this collaboration tool and had to get a Google account to do his/her job”)
Draft Charter for Federation Interoperability Working Group (Nick)
This proposed charter <https://spaces.at.internet2.edu/display/inctac/Federation+Interoperability+Working+Group> is of a smaller scope than that originally envisioned (that is, to have a “meta” WG that would collect the work of other WGs and consolidate)
The charter includes two options:
- Sept 2015 – A framework for assessing SAML software compliance with requirements at each of the benchmark levels (bronze, silver gold) and some initial requirements for achieving the benchmark at each level.
- Dec 2015 - A full set of specifications aligned with each benchmark level, for community review
- Sept 2015 - A framework for assessing sponsored partner SAML SP deployments for interoperability with a broad set of member IdPs. A prerequisite for this may be the specification of a recommended set of IdP configuration parameters that will be targeted for interop - for example, daily refresh of federation metadata, configuration of attribute release to both the InC and REFEDS R&S entity categories, and deployment of Shibboleth IdP v2.latest
- Dec 2015 - A full set of specifications for sponsored partner SAML SP configuration aligned with the assessment framework. Examples include support for encrypted assertions, daily refresh of federation metadata, requirements for IdP discovery, error handling and display, IT service desk information display on error, etc.
This WG would support two InCommon priorities <https://spaces.at.internet2.edu/download/attachments/87756288/DRAFT-Prioritized-2015-Goals.pdf?api=v2>:
- #13 (also shown as “B”) - Verification of Participants and Corporate Support Partners adoption of entry level practices (Catalyst Program)
- #2 (also shown as “A”) - IdP/SP Practice Requirements
Nick will add these sections:
- Strategic alignment - write the charter so that it is closely aligns with InCommon priorities.
- Problem statement - problem to be solved and the audience being targeted - who is responsible for solving the problem
Next Meeting - June 11, 2015 - 1 pm ET