Attending: Janemarie Duh, Keith Wessel, Judith Bush, Mark Rank, Matthew Brookover, Mary McKee, Eric Kool-Brown, Eric Goodman, Matthew Economou
With: Les LaCroix, David Walker, Ian Young, David Bantz, Nick Roy, Jessica Fink, Ann West, Steve Zoppi, Shannon Roddy
Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework.
Public Content Notice - TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.
(AI) TAC members - Please review and comment on the draft Encryption Migration to GCM Proposal
(AI) Janemarie will reach out to Tom Barton, Matthew, Heather & Ann, the five of them will determine a plan to address the NIST 800-63-4 call for comment
T/I and Ops Updates
- Minor patches made to the new version of the Federation Manager to fix some bugs
- Need to update middleware libraries for our integration with Cloud HSM for metadata signing. Ian Young is helping with that.
- Filtering some uses of the OASIS SAML Subject Identifiers from eduGAIN due to misuse of requested attributes (rather than the defined entity categories) for signaling
- First GCM default use by a Shib IdPv4 that caused interop problems. Probably need to accelerate deployment of this plan: https://docs.google.com/document/d/13I8-9nBxR9lFlRr92RDUelcRGrZfWqB4VbREpINhDrw/edit#heading=h.ssume2nc5ny7 Please review and comment.
- Shib IdP 4 switch to more cryptographically secure mechanism
- Syntax issue with email contacts in metadata
International Report & Seamless Access updates
The 3 proposed entity categories from Seamless Access are on the REFEDS wiki. The proposal is for the REFEDS Schema Editorial Board to take on the ongoing stewardship of these categories. There will be two sessions to learn about the proposed entity categories (June 30 and July 1- calendar invitation files are available on the wiki page listed above). There will be an eight-week consultation period (July 1 - August 26). If ratified, these will be curated by REFEDS.
Reminder: NIST 800-63-4 call for comment
- Assurance levels will come back into play
- Tom Barton is our rep on the Kantara review board
- These specs would affect InCommon and participants when they interact with federal agencies
- Baseline + MFA would go a long way towards meeting their concerns
- (AI): Janemarie will reach out to Tom Barton, Matthew, Heather & Ann, the five of them will determine a plan to address this
- We will have a call on July 2 since most people will be around
Prioritizing Deployment Profile WG recommendations
Keith drafted a proposed approach for deploying SAML subject identifiers in InCommon.
- Promote subject identifiers to IdPs as the wave of the future
- Add it to the Federation Manager and allow SPs to start requesting it
- They are in the IdP attribute resolver in Shib now - so this isn’t asking for a lot of work
- When there is a reasonable adoption level (or need to raise the stakes), consider adding this to Baseline and stop talking about the old identifiers
- The document also includes transition considerations
- Matthew E - Would encourage IdP operators to release both old and new identifiers for a period of time, to allow SPs to adjust scripts and operational procedures