TAC Meeting Minutes - August 20, 2015
Attending: Steve Carmody, Ian Young, Jim Jokl, Keith Hazelton, Jim Basney, Scott Cantor
With: Tom Scavo, Dave Langenberg, Paul Caskey, Nate Klingenstein, Nick Roy, David Walker, Ann West
(AI) Steve Carmody: For next meeting - schedule an agenda item concerning TAC response to the REFEDS proposal Academia category.
The minutes from August 6, 2015, were accepted.
Tom Scavo provided a written Ops update with three topics:
- Metadata Query Server
- HTTP Compression
- Upgrading the offline laptop (which stores private metadata signing key)
Tom asked for feedback regarding HTTP compression on the metadata server. With the import of eduGAIN metadata, the aggregate will exceed 30MB; with compression, it will be about 5MB. Scott asked if the plan was to enable HTTP compression on the preview aggregate first. It is not known if this is possible given our current metadata configuration, so more research is needed.
R&S Question - CSWARM Application
The R&S application from CSWARM raised a policy question. The SP intends to implement R&S, but will likely be hidden from DNS lookup and will federate with three IdPs. The R&S criteria do not prevent this, but Tom Scavo will follow-up with the SP to see if federation and R&S is right for them.
OpenID Connect Support for Shibboleth IdPv3
Dave Langenberg (University of Chicago) joined the call to discuss this issue, as Chicago has contracted with UNICON to develop such support in order to use a secure token service for mobile and web services. UNICON will build OpenID Connect support for IdPv3 (much as there is CAS support built in). The scope for the initial implementation can be found in the README (homepage) at the GitHub project site. Chicago’s use cases include:
- AuthN from mobile apps
- AuthN to web-services with a token-based solution like OAuth (which you get for free with OIDC).
- Enabling students to create mash-up apps/services from "public" web-services (students want to do things like connect things the professor evaluations app with the course registration app.)
- Providing an "easier" mechanism for deploying federated SSO than making a user learn how to install a SAML SP.
Both Chicago and Unicon would like to have something to show at TechEx in October. Also, the first requirement in the scope of work is that the Shibboleth project accept this for inclusion into the Shib code.
Three documents have been shared for feedback. TAC is encouraged to provide any feedback on the Google docs.
Ann reported that Steering has assembled a legal advisory group to provide any feedback on the proposed Participation Agreement. It is unlikely that this will be finished prior to the August 31 Steering meeting. Communications will start on September 1 and focus on education. When Steering approves the revised Participation Agreement, a 90-day period will begin for comment, and the PA will go into effect at the end of the 90 days.
IdP of Last Resort
The Italian federation is proposing a federation of last resort to join eduGAIN, and it includes an IdP of last resort. Keith has been in touch with the administrator and it looks to meet most of the requirements set forth by the InCommon IdP of Last Resort Working Group. Keith has started drafting an evaluation of idpopen.garr.it agains the IdPoLR WG Requirements. Nick will follow up with the Italian federation to see if anyone from Italy plans to attend the REFEDS meeting at TechEx.
REFEDS Proposed Academia Category
This proposed new category, Academia, is documented on the REFEDS wiki. Some of the questions discussed by TAC are:
- the REFEDS text refers to granting degrees at level 6, which would exclude community colleges.
- how difficult would it be for federation operators to implement this? InCommon could potentially use Carnegie classes.
- how will this affect the Steward Model?
On the September 3 call, TAC will discuss whether a coordinate response from TAC is required (the input period ends Sept. 23).