Attending: Steven Carmody, MIchael Gettes, Tom Mitchell, Mark Scheible, Janemarie Duh, Jim Jokl, Chris Misra, Scott Cantor, Keith Hazelton, Tom Barton, Walter Hoehn, Kim Milford, Albert Wu
With: Ian Young, Mike Lahaye, Tom Scavo, IJ Kim, Paul Caskey, Nick Roy, David Walker, Ann West, Dean Woodbeck, Steve Olshansky
(AI) Kim Milford will send the REN-ISAC process to the TAC email list.
(AI) Nick Roy will develop a process document for an Ops Advisory Group, rather than continue with drafting a charter, describing the creation and operations of the advisory group.
(AI) Tom Scavo and Nick Roy will bring more information on the extension of the per-entity metadata pilot to the next meeting.
Steve Carmody, Chair; Jim Jokl, Vice Chair
Minutes from Feb. 4 accepted
Full report/outline at https://spaces.at.internet2.edu/display/inctac/Ops+Update+2016-02-18
- The next key date is March 15, when the fallback aggregate will be synced with the main aggregate. There have been a few issues, but not many.
- With a doubling of the metadata, we expected to see a doubling of the network usage, which has happened. Looking at increasing the bandwidth out of the Ann Arbor office.
- Shibboleth Metadata Aggregator - We have been running Shibboleth MDA 0.9.0 for a month and no issues.
- Steve Carmody extended thanks to the operations group and to Ian Young for their work in making eduGAIN happen.
Roland Hedberg is leading two workshops the week of Feb. 22 (two-day workshops) on OIDC in Denver.
There is an interest in another session later in the year.
Recent Duo Incident
After the Duo outage, there was a long thread on the participants list. Several campuses have (or will) contributed recommendations on what to do in such cases in the future. https://spaces.at.internet2.edu/display/InCCollaborate/Duo+Security+Outage+-+Responses+and+Planning+for+Future
IdP of Last Resort WG
This REFEDS working group has launched. Twelve on the email list so far. https://wiki.refeds.org/display/GROUPS/IoLR
What will be the successful outcome of the WG? Part 1 - develop a well-defined process with multiple federations implementing. Part 2 - have 3-4 IdPs deploy an unaffiliated IdP. Also talk about portable identifier idea.
Subject Matter Experts
Considering putting some parameters around this.
- Are there terms? Annual renewal? If no term length, a re-up on an annual basis?
- Should there be a maximum number? (probably not, but don’t want too many).
- What are expectations for attendance? (should be on the email list, see the agendas, attend when they like, but encouraged to attend when a topic arises that fits within their skill set)
- How to identify and appoint subject matter experts?
REN-ISAC has technical liaisons - advisory or guidance - have two currently - (AI) Kim Milford will send the REN-ISAC process to the TAC email list.
Try to keep this lightweight and easy to administer. Also, keep it flexible and keep away from formality.
The appointment of three subject matter experts were approved:
- Ian Young (UK) - did technical infrastructure for the UK federation for its first 10 years. He is the primary author of the metadata integrator that InCommon uses. Also is a contractor for InCommon to get the software into production.
- Steve Olshansky (Internet Society) - Works for ISOC in the identity space. Was involved with Internet2 middleware for a number of years.
- David Walker - Working on several items with InCommon. Was at Univ of California campuses and at the UC Office of the President. Led the creation of UCTrust
Ops Advisory Group
Nick presented a draft charter of an ops advisory group. This would be formed by ops (basically a group of SMEs) and any communications with TAC would come through the ops report during TAC meetings. The group will be charged with providing operational guidance, advice, problem-solving and general subject-matter expertise to InCommon Operations. Since there would be security concerns discussed by this group, minutes would not be published.
There was discussion about when something would go to the advisory group and when it would go to TAC. Generally, if an idea is not yet baked, it would go to the advisory group, then would go to TAC with some sort of write-up or formal recommendation. Also, if something would have a significant impact on participants, it would go to TAC.
(AI) Nick will develop a process document, rather than continue with the charter, describing the creation and operations of the advisory group.
Per-Entity Metadata Pilot
This pilot is scheduled to end March 1 (it has been extended before). Tom Scavo presented a proposal to extend the pilot until September 1, 2016. The purpose would be to reconfigure the MDQ-beta server to consume the preview aggregate, and also to expand the pilot to include the UK federation. Background on the pilot is at https://spaces.at.internet2.edu/x/3w7kAg (child pages of this wiki page includes lessons learned and additional information). Note that OTTO is also interested in this approach. (AI) Tom Scavo and Nick Roy will bring more information to the next meeting.