October 10, 2019

Attending: Heather Flanagan, Les LaCroix, David Bantz, Matthew Economou, Eric Kool-Brown, Eric Goodman, Janemarie Duh, Keith Wessel, Mary McKee, Matthew Brookover, Judith Bush, Mike Grady

With: Dean Woodbeck, Nick Roy, Albert Wu, Jessica Coltrin, IJ Kim, Steve Zoppi, Ian Young, Kevin Morooney, Ann West, Scott Cantor

Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework.

Public Content Notice - TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.

Action Items

AI: TAC members should review the nominations page and consider nominating someone

T&I and Ops Updates

Nick attended the OpenID Foundation workshop and the Internet Identity Workshop last week.

  • Presentation from George Fletcher (early SAML work), now at Verizon Media, on the same site issue with Chrome and Safari
  • Discussion at IIW with Roland and others regarding the OpenID Connect federation draft and next steps
  • IIW notes will be posted at https://internetidentityworkshop.com/past-workshops/

Working Group and Collaboration

  • OIDC Deployment - Jessica and Eric Kool-Brown will begin drafting a report
  • REFEDS Federation 2.0 (Judith) - Still plugging away
  • IdP as a Service (Mary) - Planning to send a proposed framework to the email list to generate discussion about recommendations
  • CACTI (Matthew) - Discussion about expanding use of Baseline outside of InCommon (other federations). Prioritizing recommendations for FIM4R. 
  • CTAB (David) - Firmed up discussion on how to proceed with the next version of Baseline (presentation at TechEx). Recommendation will likely include SIRTFI, error URL, appropriate endpoint encryption.

Prioritizing Deployment WG Report recommendations

  • TAC members will receive a survey including each of the working group recommendations. The survey will ask for a rating of 1) importance for InCommon to implement and 2) difficulty for your institution to implement.

2020 TAC Membership

  • Nominations close on October 15
  • TAC will spend time during the next meeting to review the nominees

Support for separate signing and encryption certs in metadata

  • Albert provided a presentation, including a wireframe of how this might be represented in the Federation Manager
  • One rationale for this is the different attack vectors that have emerged against certificates - so having separate certificates could help mitigate these risks
  • Suggestion - make it possible for an IdP to add an encryption key, but de-emphasize that option
  • Albert will revise the wireframe of the interface based on the feedback from this call

SimpleSAMLPHP WebAuthn module

  • Scott Cantor joined for a discussion about WebAuthN support in Shibboleth


Next Call October 24 

1 pm ET / Noon CT / 11 am MT / 10 am PT

  • No labels