Thursday, January 28, 2021
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT
Minutes
Attending: Keith Wessel, Janemarie Duh, Steven Premeau,, Heather Flanagan, Mark Rank, Johnny Lasker, Mary McKee, Matthew Brookover
With (Also Starring): David Walker, Nicole Roy, Albert Wu, Ann West, David Bantz, IJ Kim, Kyle Lewis, Matthew Economou, Shannon Roddy
T&I and Ops Updates
- There will be a Federation Manager release next week. Work continues to integrate the FM with Internet2’s IAM platform; the target for completion is around March or April.
- Contact Nicole if you’d like to participate in the current OIDC browser interaction discussions. They’re currently looking for use cases; we should ensure that R&E use cases are included. (See 2021-01-28 Browser Interactions STC - Meeting Notes - 2021-01-27.)
- Albert mentioned there have been recent discussions with eRA (Electronic Research Administration) / NIH.
- David B: Will MFA signalling be supported? Albert assumes yes, since will use NIH’s existing infrastructure.
- https://era.nih.gov
- Keith mentioned that there was interest in the IdP as a Service working group report in the recent InCommon Steering meeting. We may want to extend the comment period for the report to make sure everyone has an opportunity to express their thoughts.
International Update
TF-IAM
The APAN IAM Task Force is preparing for APAN 51, a remote meeting in the UTC +5 timezone (hosted by the Pakistan Education & Research Network & Higher Education Commission of Pakistan) that will kick off next week. As usual, the IAM track for the meeting is focused on emerging NRENs in the region. The agenda is available here: https://whova.com/web/apan1_202102/
REFEDS
The R&S 2.0 working group is making significant progress on the next revision of the R&S Entity Category. On the group’s last call, the participants reached consensus-in-principle on how to handle the identifiers issue. Scott Cantor is drafting specification text for the group to consider on the next call. Other items that have been addressed to the satisfaction of the working group on previous calls include:
- The FAQ will be revised to offer clarity on the term "affiliation" (see Research and Scholarship FAQ) and editorial changes made to the spec to make it more clear (see https://docs.google.com/document/d/1xXMvMV2_tYZBcejfVrItLlABprC7TkkTu9sRcpY22jg/edit)
- eduPersonScopedAffiliation will become a required value
- R&S will require privacy statements
- Encouraging the use of eduPersonAssurance (this will require further discussion with the Assurance Working group)
Note that the specification will go through the full community consultation process once the working group has achieved consensus on a draft.
Also within REFEDS, the Schema Editorial Board is reaching out to the federations that most strongly use the SCHAC schema (Tuakiri, Haka, RedIRIS, SWAMID, and Switch) to determine if and how they are using schacGender. That attribute is poorly defined, allowing very limited choices. The SEB would like to know if and how this is being used by anyone to help inform whether the attribute should be deprecated entirely from the spec, or the definition updated.
SeamlessAccess Update
There is quite a bit that will be discussed on the next SeamlessAccess Governance call, scheduled for Monday. The next TAC report will definitely include more information on the state and roadmap for SeamlessAccess. In the meantime, please consider the problem statement and goals for the TAC roadmap item around SeamlessAccess.
Federation 2.0 Update
The recent meeting notes imply the working group is pleased with the revised report structure, and spent some time discussing appendices and concern that adding some detail will distract and delay us even more.
Meeting notes https://wiki.refeds.org/display/GROUPS/Federation+2.0#Federation2.0-MeetingNotes
Assurance mapping analysis / NIST 800-63 to REFEDS Assurance (Kyle)
- Kyle Lewis presented his current work to determine the applicability of the RAF (REFEDS Assurance Framework, Espresso in particular) for NIH's Moderate risk services, which require NIST 800-63 / Kantara AL-2 assurance. REFEDS is self-asserted, which means that relying parties can’t determine explicitly if they are Kantara certified. this affects:
- Evidence of identity proofing measures
- Risk analysis of live photo images for biometric remote verification
- Cryptographic requirements for records protection (during verification)
- Evidence of information security controls
- Current work is to explore options to leverage RAF (along with 800-63) to satisfy 800-53 requirements.
- Eric: We seem to continue to develop frameworks that often do not meet the needs of specific service providers.
- The hope is that Kyle's work will ease things for other federal agencies.
- How do we ensure that government agencies are on board with developing frameworks to avoid surprises later? We believe there was gov’t interaction with REFEDS, but not sure how much. InCommon Bronze/Silver did have government interaction.
Status of 2021 work plan
- (We ran out of time.)