Attending: Keith Wessel, Heather Flanagan, Judith Bush, Matt Brookover, Eric Kool-Brown, Mary McKee, Jessica Coltrin, Matthew Economou, Mike Grady, Eric Goodman
With: David Walker, Shannon Roddy, Dave Shafer, James Babb, Steve Zoppi, Ian Young, Ann West, Kevin Morooney, Albert Wu, IJ Kim
Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework
Public Content Notice - TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.
Trust and Identity Update
Global Summit - InCommon hosted a room to provide information about all things InCommon (federation, software, certificates, eduroam)
Fee Change - discussion in hallways and at the PAG meeting - things still seem positive about the change
Outreach and Training Plan - Being well received - cycle from BaseCAMP to Advance CAMP and training on the software components
Baseline Expectations - Quite a bit of positive response - both from InCommon participants and from other federations, which may consider similar programs.
COmanage - There were many discussions about, and interest in, COmanage. Need to increase the runway on existing resources and skills - and to expand the software’s capabilities. Discussion about how to get people to adopt.
MDQ - Have sent invitations for the technology preview.
REFEDS Distinguished Engineer program - Applications will be accepted through March 15. There has been quite a bit of interest from the APAN region, thanks to promotion by Terry Smith through the TF-IAM group. A call for mentors will go out after the application window has closed.
REFEDS meeting @ TNC19 - https://wiki.refeds.org/display/WOR/20190616+-+REFEDS+Annual+Meeting+topic+proposals. A rough list of proposed topics is coming together, and we’re already looking at a fairly full day with just these proposals. Nicole Harris is working on a first draft of an agenda. If you have any topics, please contact Heather Flanagan or Nicole.
TF-IAM and APAN 48 - The next APAN meeting will be held in Malaysia from July 22-26, 2019. The TF-IAM is a strong IAM group; it’s worth going if you can.
Working Group Updates
OIDC Deployment - Looking at logon.gov OIDC implementation and their example applications. They are doing some interesting things. Charter has been revised and published; (AI) Eric Kool-Brown will send the link to the TAC email list. (AI) TAC members review the revised charter prior to the next call.
REFEDS Federation 2.0 - We have the time and room at TNC19 arranged for the face to face to develop scenarios: Jun 20 9:00-17:30 EEST (eastern european daylight time). Continuing work on how and what to ask in our information gathering, with a little redirection to better meet the future focus and open nature of gathering information for scenarios. Almost have the agreement with the scenario facilitator complete, but not yet at a point to share that person’s identity.
IDP as a Service WG - There is a comment on the proposed charter about the working group being more prescriptive on attribute release policies. Should the service be required to support InCommon profiles, adhere to Baseline Expectations, and other InCommon best practices? When developed for an InCommon participant, those things should be turned on by default. One approach - assume that InCommon is providing the service. What would the specific requirements be?
TAC/CTAB/CACTI collaboration Update
CACTI will next meet on 3/19, Jessica will update us on the 3/28 TAC call
CTAB update - Eric Goodman is liaison to CTAB. He attended the last meeting. One observation is that CTAB assigns work to their group (such as assigning people to follow-up with schools on Baseline Expectations). Also, David Bantz will be the CTAB liaison to the TAC. (AI) Janemarie will send David an invitation to join.
Response to Attributes for Federation and Collaboration and Streamlining SP Onboarding WG Recommendations
Albert created a document has a response to these recommendations. Main topics:
- Reinforce commitment and support for research and scholarly collaboration
- Strengthen trust and interoperability in federation
- Improve communication, online content, interaction, and services
This document will be taken to Steering as an information item. Perhaps have a webinar on the recommendations and what has been done to date - with WG chairs/TAC/staff.
WebAuthN and FIDO2 - Impact on Federation
Exploration: Impact of W3C WebAuthn (https://www.w3.org/TR/webauthn/) and FIDO2 (https://fidoalliance.org/fido2/) [no more passwords] for future of Federated SSO. WebAuthn is a browser-based authentication. With the FIDO specs, you can use a token. Potentially the traditional SSO process we use could become obsolete. Some questions to consider (at a future TAC meeting)
- Should Shibboleth provide native support for FIDO2?
- Are there other considerations?
- Is this a opportunity for TAC/CACTI collaboration: impact assessment and recommendation to Shib, federation, and?
Duke has a pilot of a WebAuthn process with Shibboleth.