Minutes - February 16, 2017
TAC Members Attending: Tom Barton, Mark Scheible, Tom Mitchell, Eric Goodman, Albert Wu, Janemarie Duh, Keith Wessel, Chris Misra, Steve Carmody, Jim Jokl, Mike Grady
Others Attending: Ann West, Dean Woodbeck, Nick Roy, Tom Scavo, Kevin Morooney, Ian Young, Paul Caskey
Minutes from 2/2/17 were approved via the wiki.
Tom Scavo provided the Ops Update and will pose questions via the TAC email list:
Relaxing requirements on domains in IdP endpoints. Specifically:
Should the domain in the entityID continue to be owned by the IdP operator in all cases?
If requirements are relaxed, how will the endpoint locations be validated (if at all)?
Should all protocol endpoints in SP metadata be HTTPS-protected?
Status of migrating security contacts to the REFEDS format.
Shib Consortium Update
Steve Zoppi provided an update on the Shibboleth Consortium activities. There is a proposed 25% fee increase which received only mild pushback from a couple of members. In addition to this fee increase, the consortium will present a longer-term plan on sustainable funding and attracting new members. Consortium discussions have also included “fair use” and communicating about the need for funding. Our conversations about this will also need to include the need for sustainable funding for InCommon and TIER.
Internet2 Trust and Identity Update
Ann West announced that Internet2 Trust and Identity is posting three jobs: DevOps, Security System Admin, and a Project Manager. These will address some of the key shortcomings addressed in last year’s Ops Review. This is a first step. There are other gaps to fill that are not necessarily technical. More on that to come.
Kevin Morooney touched on the community meetings held last summer, and one of the themes of funding for sustainability. The November 2016 InCommon fee increase was just the first step, but the conversation about future fees will take longer and provide additional opportunities for community input.
Nick Roy said that changes in the Federation Manager are coming quickly, perhaps in the next three weeks. These changes address the more critical shortcoming; there will be additional changes coming that will likely need TAC input.
Mark Scheible reported that the Per-Entity Metadata Working Group report was accepted by InCommon Steering. InCommon Operations will now develop a plan for architecture, communications, and rollout.
TAC Transparency/Community Involvement
One goal in this area is to make the information about the TAC and its work more available and easier to find.
Dean Woodbeck has reorganized the TAC wiki, making the front page open to all (https://spaces.at.internet2.edu/x/Swk). The space now includes a public area and a private area. Once this is more complete, we will communicate to participants. It was suggested that the wiki page also include a list of upcoming meetings, a way to contact TAC, and that the approval process for minutes move more rapidly.
Starting in October 2017, the TAC work plan process will become more formal and kick off at TechEx with a community discussion. For this year, the intent is to post a draft of the 2017 TAC work plan and gather input, finalizing things by the end of March. TAC members are encouraged to review the individual plan items and make comments and suggestions (or provide a +1).
There was discussion about the need to begin to integrate this planning process with REFEDS work, to ensure compatibility (and that there isn’t duplication of effort). It was suggested to submit the TAC plan as a REFEDS consultation. There was also a suggestion to add a column to the work plan that reflects where the work should happen (e.g. REFEDS, TAC, Ops, etc.).
Future work plans, then, will likely be a multistep effort, with a way for the community to identify and prioritize work items, with TAC refining that list and aligning with REFEDS and other efforts.
Mike Grady asked if there is a process for designating a federating software as appropriate for use in InCommon (like Shibboleth and Simple SAML are now). CAS version 5 may fit the bill, but is there a way to test or certify that? No such process exists now. Rainer Hoerbe and Roland Hedberg are writing a program that would test against an interoperability profile, to be released as part of FedLab, but that is not yet complete.
TAC DIscussion List
(AI) For the next TAC meeting, there will be a proposal about whether to have an open TAC discussion email list.
TIER Packaging Update
(AI) Mark Scheible will add this to the top of the Information Items for the next meeting