InCommon TAC Meeting Minutes - June 25, 2015
Attending: Keith Hazelton, Steve Carmody, Ian Young, Chris Misra, Scott Cantor, Jim Jokl, Mike LaHaye, Steve Olshansky, David Walker, Paul Caskey
With: Tom Scavo, IJ Kim, Walter Hoehn, Ann West, Nate Klingenstein
Action Items from this meeting
(AI) Ann West will develop a service-level agreement concerning the IdP of Last Resort for Leif Johannson and UnitedID
(AI) Keith Hazelton will follow-up on the status of a REFEDS proposal to inject an IdPoLR into eduGAIN metadata, without the IdP needing to join a federation.
(AI) David Walker will summarize the recommendation for registration information for entities registered by InCommon Stewards
The minutes from the June 11, 2015, meeting were approved.
Federation Interop Working Group
Walter Hoehn joined the call and has agreed to chair this working group. He said his immediate order of business is to distribute a call for participation. There was discussion about the scope of the group and how widely to cast the net for participants.
- Walter will send a note to the participants list
- Ann will send a note to the affiliates list
- Roland Hedberg is interested in participating. Ann Harding and Nicole Harris from REFEDS will be contacted about the group and that Roland is interested, and whether they would like another representative, or if Roland’s participation is sufficient
- There was discussion about inviting a Net+ vendor
In terms of scope, Ann mentioned that the end results should include that the working group define a testing mechanism for participants to know if they are doing the right thing, and that the WG develop clear requirements for interoperability. There was discussion at the latest REFEDS meeting about a combined approach for testing and for a testing facility for IdPs and SPs.
IdP of Last Resort Working Group
Leif Johansson of SUNET is involved in the UnitedID service, which could be a candidate as an IdP of Last Resort. He has reviewed the WG requirements for an IdPoLR and believes UnitedID is close, but does not quite meet all of the requirements. Ann has discussed ramifications for support and delivery, should InCommon adopt UnitedID as an IdPoLR. Leif asked for a service-level agreement (SLA) to document the InCommon expectations (AI) which Ann will do. Leif also would like a proposal to REFEDS for such an IdP to be included in eduGAIN metadata but not be part of any individual federation. (AI) Keith Hazelton will follow-up on that.
InCommon Steward Model
David Walker discussed the status of the InCommon Steward model, which is underway with MCNC. See the wiki for details of the issues under discussion (https://spaces.at.internet2.edu/display/inctac/Metadata+for+the+InCommon+Steward+Model).
The model allows for a regional to take on some of the registration authority tasks from InCommon and allow their constituents to join InCommon. The Steward would be responsible for K-12 entities, but in some cases the Steward organization name will not match the domain name. For example, the Steward is MCNC, but the domain name is DPSNC (Durham Public Schools). This is important to InCommon because the entity DPSNC will show as being registered by InCommon.
David and Jim Jokl outlined three options for listing the registration information for such metadata and asked TAC for opinions. Those options are:
- We decide that there is no significant difference between "ownership" and "authorization." The Registrar ID is set to https://incommon.org, like all existing InCommon-registered metadata.
- We decide there is a significant difference. The Registrar ID is set to https://incommon.org, but we also add a new metadata element to all InCommon metadata to indicate whether an entity was registered under the "ownership" policy or the "authorization" policy. This could be a registrationPolicy element, entity categories, or something else we decide is appropriate.
- We decide that there is a very significant difference, so much so that a different registrarID (e.g., https://steward.incommon.org) should be used. In order to interfederate Steward-registered metadata, InCommon would need to submit it separately from other InCommon metadata, as if it came from a different federation.
This was discussed in the New Entities WG and Jim Jokl proposed that it would be best to choose “A” unless there is reason to believe that the regional is not following the Registration Practices Statement. The TAC consensus was to move forward with A, ensure that everything is documented properly. (AI) David will send a summary to the TAC email list for any response.