Minutes

Attending:  Mike Grady, Matt Brookover, Matthew Economou, Keith Wessel, Judith Bush, Janemarie Duh, Mary McKee, Eric Kool-Brown, Eric Goodman (eventually)

With: Ian Young, Les LaCroix, Nick Roy, David Walker, IJ Kim, Ann West, Dave Shafer, Albert Wu, Jessica Coltrin

Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework.

Public Content Notice - TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.

Action Items

(AI) TAC members should review/approve the minutes from the last meeting.

(AI) There is a thread on technical-discuss concerning use of signing and encryption certificates in metadata. TAC members should provide input on the list, if interested. (AI) Albert will add this to a future TAC agenda.

(AI) Janemarie will contact Dean regarding details for the TAC meeting at TechEx.

(AI) Jessica will contact Nathan Dors re: OIDC WG closing activities.

(AI) Mike Grady, Eric Goodman, and Keith Wessel should inform Janemarie regarding their interest in renomination.

(AI) TAC members should consider possible TAC nominees.

Trust and Identity Update

  • Using Splunk to understand MDQ adoption. Currently 8 root DNS zones that account for all of the MDQ traffic. At least two are large infrastructure providers AWS and vltr.com. Can also see geolocation, unique host names, top queries, top client host names. Of the entities being queried, the Internet2 IdP is most queried far and away. Likely because Internet2 staff are in the wiki constantly and the Satosa proxy uses MDQ.
  • There are requests from participants for changes to the Federation Manager. These kinds of requests have diminished over time with the work on the FM.
    • A reseller for ServiceNow in Germany has requested the German federation publish URLs that will take you to a German language website. This is supported in metadata, but that is not supported in the FM. The plan is to add that to the 2020 Federation Manager roadmap and will likely survey the participants regarding the priority for this.
  • Have only allowed dual-use certificates (valid for signing and encryption). SPs also have the option of an additional encryption certificate to support single log-out. There have been a couple of requests to set any kind of key types, including one or more key types for both IdPs and SPs. We want to ensure we would do this to ensure interoperability and ease of maintenance. (AI) There is a thread on technical-discuss and would welcome TAC input on the best way to do this, including designing the interface. (AI) Albert - add this to the next TAC agenda.

Working Groups and TAC/CTAB/CACTI collaboration Updates 

OIDC Working Group - (AI) Jessica will contact Nathan Dors about the next steps for closing out this working group.

REFEDS 2.0 - No significant news from the Federation 2.0 working group, which continues to discuss the implications of the different scenarios that have been developed.

IdP as a Service - The working group has started publishing survey results to the wiki. The group has also discussed deliverables (also available on the wiki). Up next: discuss feedback from survey and define the minimal viable product for an IdP as a Service.

CACTI - CACTI discussed BaseCAMP and were happy with the outcome. There was discussion about the planned training for COmanage and midPoint. There is also discussion about considering Collaboration as a Service.

CTAB - Continuing discussion about Baseline Expectations v2. CTAB is forming sub-groups to spell out each additional potential addition to BE. The plan is to distribute a document in October for community consensus, then discussion at TechEx.

TAC at TechEx

There will be a quorum of TAC members at TechEx, so TAC will proceed with a face-to-face meeting. (AI) Janemarie will follow-up with Dean on the scheduling of the TAC meeting at TechEx.

Potential ACAMP Proposals from TAC:

  • Deployment Profile Working Group next steps
  • Test federation
  • How to standardize the message to vendors about federation. For example, would adding something to HECVAT help? Standard RFP language? Educating procurement offices?
  • Does InCommon need to be more explicit and prescriptive in integrations?

2020 TAC membership

Three terms expire this year: Mike Grady, Eric Goodman, and Keith Wessel. There are no term limits, so all are eligible for renomination. (AI) Those with expiring terms should inform Janemarie regarding their interest in renomination.

Jessica will distribute the call for TAC nominations with a comprehensive call for nominations for all InCommon advisory and governing groups.

TAC has two additional vacancies to fill (Jessica Coltrin joined Internet2 and Tom Demeranville resigned). The intent is to fill one this year one next year to balance the membership regarding when terms expire. Thus there are four seats to fill for 2020. (AI) TAC members should consider good people to nominate.

Work Plan

There was discussion about the TAC work plan for the balance of 2019 and for 2020.

  • Proposal - Schedule the Deployment Profile Working Group 2.0 work for later in 2020. Key players of the last Deployment Profile work are involved with the current Kantara work and may not have time for this. 
  • IdP as a Service work will continue
  • Badging subgroup work continues
  • Test Federation - Chris Phillips has expressed interest in TAC pursuing this. Nick Roy said dependencies involved in this work are being captured now, particularly with implementation of the Internet2 Collaboration Platform. TAC will spin up a working group to define the requirements for a test federation during the first part of 2020.

Parking Lot - potential working group items

  • SAML SP frontend (SP Proxy) - there is a two-hour session at TechEx on this topic
  • ADFS as an IdP - this will discussed on the next call

Next Call September 26 

1 pm ET / Noon CT / 11 am MT / 10 am PT


  • No labels