Page tree
Skip to end of metadata
Go to start of metadata

TAC Meeting Minutes - April 26, 2018

Attending: Matt Brookover, Michael Grady, Albert Wu, Mark Scheible, Eric Kool-Brown, Keith Wessel, Judith Bush, Eric Goodman

With: Nick Roy, IJ Kim, David Walker, David Shafer, Kevin Morooney, Steve Olshansky, Dean Woodbeck, Steven Zoppi, Ian Young, Shannon Roddy, Ann West

Ops Update

  • Deployed some bug fixes on the federation manager this week

  • Working on delegated admin items in the FM

  • Working to deploy FM in AWS

  • Security - got about 135 responses with interest in the security vulnerability email list and wiki. Discussing holding a Zoom meeting with Shannon and Scott Cantor.

Internet2 Trust and Identity Updates

  • Kevin - attended KINBERcon - presented with Bill Thompson - discussed Campus Success Program, Baseline Expectations, SIRTFI, Shib IdPv3

  • Kevin - also attended MAX (Mid-Atlantic Crossroads) meeting - mostly networking

  • At Global Summit - Klara Jelinkova and Kevin co-moderating a 50-minutes session in the executive track (sort of state of the union and dialogue about sustaining TIER efforts)

  • Ann - posting two positions - 1) Federation service manager, 2) second-level support engineer

  • Review the Trust and Identity project portfolio

International Updates (from Heather Flanagan)

  1. APAN 46 will be in Auckland from August 5-9 (winter) and early bird registration is open. This is a great opportunity to interact with the growing number of identity federations in the Asia-Pacific region.

  2. The REFEDS 2018 Work Plan is being finalized, and we're opening up a call for one or two WG chairs for the proposed Federation 2.0 WG. The IoLR WG is also going to switch chairs shortly; you'll see some revitalization in that group soon.

  3. The next REFEDS meeting is Sunday, 10 June in Trondheim, next to TNC 18. It'll be a full and useful day. I'm not sure if/how we'll be handling remote participation.

  4. RA21 has a free workshop happening this week in Philadelphia. The highlights will be on the User Experience work and the output of the Security and Privacy reviews of the pilots.  Registration is still open, including for remote participation.

Working Group Updates

Attributes for Collaboration and Federation

  • Finalizing recommendations white paper

  • Looking at process for community consultation/review

SP Onboarding


  • Ongoing review of use cases

Deployment Profile

  • Community consultation ends May 7

  • Comment period for OASIS Identifier Profile also ends May 7

  • Will meet the week after Global Summit to review comments from the consultation

  • Implementation profile (chartered by TAC and led by Walter Hoehn) has been ratified by Kantara

  • Start considering next steps and whether TAC will charter (or recharter) a new WG

Discussion of ADFS and other ‘long tail’ deployments

Chris Phillips came to the last meeting and discussed an ADFS Toolkit that makes it easier to work in a multilateral federation. Chris and Nick Roy also discussed key rollover concerns. Challenges remain - and we have observed some recently with some unplanned key rollovers by groups using software that does not handle key rollover correctly.

Site admin at Maxient - works with 300 IdPs - enumerated several challenges working with IdPs. Nick reviewed some of the challenges of InCommon staff working with individual participants.

A next step may be the development of an InCommon Profile that would sit on top of previous work (like the deployment profile). This would involve gathering requirements from multiple audiences, especially REFEDS/eduGAIN.

SWAMID is a partner with CANARIE on the ADFS Toolkit. SWAMID expects that soon 50% of its participants will be running ADFS. If this is the case there and elsewhere, the community needs to engage vendors to discuss the issues.

Ann - Various divisions of Internet2 had a call with Microsoft to explore where things are today. Microsoft seems interested in working with Internet2’s cloud services, network, and trust/identity. They know what is going on re: the Kantara profiles. They need to see business gains or losses resulting from ADFS issues to help drive changes to ADFS.

InCommon Test Federation

There is growing interest in those wanting to test the federation, test configurations, and more generally a need for pre-production mode for use by the Federation Operator (as well as participants). Steve and NIck discussed the scope (emphasize - this is not a production place - there is basically zero trust here).  See Nick’s write-up and please make comments in the document:

There were several comments during the meeting, which Nick has incorporated into the document.

Next Meeting - Thursday, May 24 - 1 pm ET

  • No labels