TAC Meeting October 11, 2018
Attending: Keith Wessel, Mark Scheible, Eric Kool-Brown, Matt Brookover, Mike Grady, Keith Wessel, Heather Flanagan, Janemarie Duh, Judith Bush, Kim Milford, Eric Goodman, Tom Demeranville
With: Dean Woodbeck, Nick Roy, Dave Shafer, Ann West, Ian Young, David Walker, Kevin Morooney, IJ Kim, Steve Zoppi
InCommon Federation Update
Federation Manager outage this morning (10/11) - hardware failure. Was corrected in a short amount of time. TSG will provide an incident report
Two new InCommon staff members - Albert Wu (federation manager), James Babb (technical support)
Code of conduct update
Assurance framework will be announced at the REFEDS meeting
SIRTFI - More discussion at REFEDS - registry requirements to go out for consultation soon
Working Group Updates
OIDC Deployment (Eric Kool-Brown) - Discussed Shib plug-in for OIDC and relationship between that and OAuth and the potential to provide authorization server capability. Also discussed reporting plans for TechEx.
Deployment Profile - No outstanding edits in SAML2int, other than some clarifications for references to identifiers draft (at OASIS right now). Working on the final report. Have a slot on the REFEDS agenda for clarifying logo requirements. Getting ready to coordinate moving this to Kantara.
Streamlining SP Onboarding WG (Janemarie) - The final report is in the document repository - http://doi.org/10.26869/TI.98.1
Federation 2.0 (Heather) - Likely to come up at REFEDS and a proposed ACAMP session.
Recruiting potential TAC members at TechEx
Particularly interested in potential TAC members in one these areas:
Value of Federation (vis a vis competitors)
There was discussion on the competition or threats to the InCommon Federation. The Shibboleth UI should. There is also a proposal for an IdP as a Service working group, which would also address some of the start-up issues. Still smaller schools and those that federate with few services may find other options easier to use.
OpenAthens has joined the UK federation and is joining InCommon. They act as a hub for libraries with an approach of “bring us your identity provider and we will act as an interface for configuration.” Tom Demeranville worked at OpenAthens 10 years ago said the company provides a centralized hub, but also offer IdP and SP software that is Shib and SAML compliant. They also offer a cloud service that is configurable, and they run a federation.
One point in InCommon's favor is the trust aspect of the federation. Federation participants, or potential participants, may also find value if we offered a proxy. This may be a gap that InCommon could fill. One example is SWAMID, which charges service providers that do not work well with a multilateral federation and proxies for them.
InCommon would look at IdPaaS as a business decision. A proxy helps some, but not smaller schools that don’t have anything set up. That’s where an IdPaaS would help.
Another benefit to InCommon is that anyone can connect to anyone. The community develops policies and requirements that facilitate communicating and collaborating with one-another. InCommon also addresses the specific needs of the community (for example, R&S, BE, SIRTF).
Another possibility would be to combine the Federation Manager and Shibboleth. Particularly with the Shib UI,m the two are moving closer together.
One last discuss point was communications and support. Typically commercial providers have sales teams and support engineers (at a cost) and invest heavily in communicating (particularly to those at higher levels of an organization).
The new Federation 2.0 working group will provide the arena for this discussion to continue. The charter for this REFEDS group is here: https://wiki.refeds.org/display/GROUPS/Federation+2.0
TAC F2F is Wednesday at lunch
CACTI open meeting Thursday at lunch - opportunity to see how we might collaborate and/or align efforts
(AI) Dean will provide an email to TAC with side meeting opportunities (CACTI, CTAB, etc)