Attending: Michael Gettes, Tom Barton, Mark Scheible, Tom Mitchell, Janemarie Duh, Scott Cantor, Kim Milford, Albert Wu
With: Dean Woodbeck, David Walker, Nick Roy, Ann West, Ian Young, Paul Caskey, Tom Scavo, IJ Kim, Steve Zoppi
Minutes from April 14 meeting
See this wiki page: https://spaces.at.internet2.edu/display/inctac/Ops+Update+2016-04-28
- Report on incident response re: the metadata signing failure on March 21, 2016. Will have the new process implemented by the end of the week. The process is documented on the ops update wiki page
- Report on incident response to the bad characters in metadata incident March 22, 2016. Will deploy the Shibboleth Metadata Aggregator v0.9.1. Will filter literal CR characters from imported metadata and from metadata sourced from the federation manager
- Report on incident response to lost entity descriptor on April 12, 2016. Person approving metadata clicked a number of buttons that resulted in the issue. Adjusting the interface and hardware to prevent a recurrence. The solution is documented, but implementation has not yet started.
- Interfederation Technical Policy
- The Ops Advisory Group recommends the adoption of these rules (which are already enforced by the FM software - this syncs the import process to what we already do in InCommon)
- Implement a whitelist of entityID prefixes: “http://”, “https://”, “urn:mace”
- Blacklist the following entityID prefix: "urn:mace:incommon"
- Filter all imported IdP entities with an endpoint location that is not HTTPS-protected
- Filter all imported mdui:Logo elements (not entities) with a URL that is not HTTPS-protected
- Need TAC input on these items (this will be done via the TAC email list
- Filter all exported SP entities with an endpoint location that is not HTTPS-protected
- Filter all imported SP entities with an endpoint location that is not HTTPS-protected
Per-entity WG Charter
Draft Carter is here: https://docs.google.com/document/d/1wDgZXT-ia97QHoeN5b1LLQvHJ2qi06SrjVHx0WHMtTE/edit
The consensus is to give provisional approval on the charter.
(AI) Nick Roy will resolve the comments currently in the Google Doc and inform TAC about any changes he makes. Once this is finished and distributed to the TAC email list, the charter approval will be considered final.
There was discussion about developing a priority-setting process that would allow for community input and ongoing communication and outreach.
There was a suggestion that the REFEDS work planning process could serve as a model. The REFEDS staff initiates the annual process through an open call for community suggestions for work items (and providing a template for the submission of such suggestions). There is also a process for feedback and prioritizing. The staff then distills the list into a proposed work plan, which goes to the steering committee for final action. There is generally a REFEDS F2F meeting as part of the cycle.
There are a couple of key differences between REFEDS and InCommon - the scale of the operations and also InCommon have responsibilities to operate a federation. Such a process would need to dovetail with Internet2 and InCommon planning exercises.
There may mean there will be two different work streams -- one related to TAC and its role, and the other related to overall InCommon priorities. InCommon staff would need to develop a way to harmonize these. This would also likely mean that TAC would need to move to an annual planning process for determining topics for working groups. If it fits with the Internet2 planning cycle, TechEx might be a good place to kick off such work each year.
(AI) Steve Zoppi, Michael Gettes, and Mark Scheible will develop the strawman for this planning process and report back to TAC on May 12. Steve will coordinate the effort.
TAC will meet at the Global Summit (the meeting is scheduled for Tues, May 17, 9-11 am, at the Chicago Downtown Marriott.
Thursday, May 12, 1 pm ET