TAC Meeting 2016-09-01
Attending: Tom Barton, Mark Scheible, Keith Hazelton, Jim Jokl, Steve Carmody, Michael Gettes, Janemarie Duh, Tom Mitchell, Scott Cantor, Kim Milford
With: Nick Roy, Ann West, Kevin Morooney, Dean Woodbeck, Tom Scavo, IJ Kim, Mike LaHaye, Paul Caskey, Steve Zoppi, David Walker, Ian Young
(AI) Steve Carmody will communicate to InCommon Steering the decision to create an IdP-only production aggregate.
(AI) Nick will discuss this default-allow attribute import concept with Rhys Smith at the UK Federation and determine if we can take a common approach.
(AI) Steve Carmody will draft an agenda for the Sept. 28 F2F for TAC to review.
(AI) Dean will look into stickers/tags for TAC for TechEx name badges.
(AI) Janemarie will draft a note (and share the draft with TAC) to send the EDUCAUSE IdM list and the InCommon Participants list asking about top priority vendors for such deployment guides.
Approval of Past Minutes
Minutes from Aug. 4 and Aug. 18 approved
- Related to the July incident when the federation info pages on web stopped working, a Nagios plug-in has been developed to prevent such outages - this could also be applied to other dynamic web pages. Testing now.
- Sirtfi proof of concept - development work is done and tested internally. Have not deployed the Federation Manager software updates, but the intent is to do so later today (Sept. 1, 2016)
- Ops Advisory Group recommends importing the REFEDS security contact and the Sirtfi entity attribute. Ian has updated the tooling and testing has taken place. Not yet deployed. Will do so after the Federation Manager update completed (from above). Only those entities participating in the proof of concept will have their security contacts changed (to the REFEDS contact). We will want to do a coordinated communication campaign about Sirtfi and also security practices in general.
Per-Entity Metadata WG Urgent Request
The working group has made an urgent request for InCommon to produce an IdP-only aggregate, to resolve reported problems from some SPs. While creating new aggregates is something not taken lightly, it is understood that there are unsolved problems with both discovery and memory issues due to the large size of the aggregate. Creating this aggregate is an acceptable short-term solution, so InCommon Ops has recommended creation of a production-quality, IdP-only aggregate to be published at a permanent location.
TAC recommends this solution, as well, and (AI) Steve Carmody will communicate this decision to InCommon Steering.
Default-allow for the import of entity attributes
There has been discussion, most recently on the REFEDS list, about allowing the import of entity attributes by default (which is a change for InCommon). Most federation operators have a more relaxed approach to both entity attribute import and the import of eduGAIN metadata in general. The recommendation is that InCommon change its policy to allow the import of entity attributes by default, understanding that there will be a “deny” list of entity attributes with known problems. The UK Federation is considering a similar approach.
This would allow the community to create and deploy such attributes without intervention by InCommon (or other federations). We would need a policy about any conflicts that arise.
Export of such attributes is a separate problem and one that needs to be addressed, as well.
(AI) Nick will discuss this default-allow import with Rhys Smith at the UK Federation and determine if we can take a common approach.
Nick also suggested keeping a list of backlogged topics that will require working groups. This discussion gave rise to two:
- IdP Discovery in a per-entity metadata world
- Entity Attribute enhanced use in the community - use cases, needs, strategy, direction, etc. (allowing self-assertion, tagging of entities you don’t own, etc.)
Agenda for TAC F2F on Sept. 28
Some potential topics:
- 2017 planning - what do we think will be the next set of issues?
- Working groups - Reports and discussion. For this item, it might be helpful to invite Scott Koranda and Keith Wessel, since they are chairing current working groups
- What are the threats to InC and federation?
- Each person submit the one thing they really care about
- Closing the gaps (potential fee increase)
(AI) Steve will draft an agenda for TAC to review.
TAC members should keep in mind, while in conversations at TechEx, that we will need several new members for 2017. (AI) Dean will look into stickers/tags for TAC for TechEx name badges.
Should chair selection be offset from new members? Should TAC elect its chair before the end of 2016? Or 3-6 months into 2017? No consensus was reached.
IdP/SP Deployment Guides for Specific Vendors
This was discussed during the TAC community update webinar. (AI) Janemarie will send a note to the EDUCAUSE IdM list and the InCommon Participants list asking about top priority vendors for such deployment guides. She will send a draft of the message to TAC first.