Minutes
Attending: Heather Flanagan, Mark Rank, Judith Bush, Janemarie Duh, Keith Wessel, Matthew Economou, Mary McKee, Matthew Brookover, Steven Premeau
With (Also Starring): David Walker, Albert Wu, Les LaCroix, David Bantz, Johnny Lasker, Nicole Roy, Steve Zoppi
Regrets: (none)
Status Updates / Q&A
- T&I and Ops Updates (Ann/Nic/Albert/Shannon/Dave/Johnny)
- Johnny: There was a new Federation Manager release yesterday. Nicole mentioned that they are working toward using the Internet2 IAM platform to replace local authentication. She will work with Albert to determine a time for a TAC discussion of what’s happening.
- CTAB
- Eric Goodman mentioned an ongoing discussion of the fact that there are many SPs that are not Internet accessible, so they get low SSL scores, affecting their Baseline tests.
- The use case is to test a service, not SSO to the service.
- Eric Goodman mentioned an ongoing discussion of the fact that there are many SPs that are not Internet accessible, so they get low SSL scores, affecting their Baseline tests.
Steering Summary for Deployment Profile Adoption Recommendations
- Albert provided a link to the draft document. (It currently has restricted access.) There was brief discussion, but no suggestions for changes.
HECVAT
- Mark provided an overview of the draft recommendations for SSO questions in the "lite" version of the HECVAT, which is the version currently being updated. The TAC subgroup has captured other input they've received for when the full version is updated.
- The HECVAT leans toward yes/no questions, so there is tension at times with our community's need for more detailed responses. Questions about use of eduPerson and attributes to support authorization are examples of this. Also, HECVAT's interest in SSO is broader than ours; they address bilateral federation, as well as multilateral.
- We'll want to maintain communication between the TAC and the HECVAT team.
- The timeline for the next version of "lite" HECVAT is short. The subgroup will forward the recommendations to the HECVAT team; Kevin will inform Steering. After the new HECVAT is complete, Kevin will take it to the Net+ advisory group.
SeamlessAccess + Browser Changes and impact on InCommon’s thinking about IdP discovery
- Heather reviewed recent developments
- SeamlessAccess has two (separable) pieces: discovery and persistence.
- People using only discovery will be fine.
- Persistence, though, will change. The discovery page will remember previously selections, but the SP’s button will not bypass the discovery page.
- What’s unresolved are those SPs that adopt the advanced integration strategy. It’s not known what will need to be done, as the browser vendors are trying multiple things in incubation. There’s not a standards path as yet.
- What this means for adoption, e.g., by InCommon is that the discovery interface is still valuable, but other issues are unresolved. What is known is that the behavior of the SeamlessAccess login button will not remain the same.
- The planned workshop has been postponed.
- Kevin asked if would help to engage the global NREN and/or R&E communities. Heather said a statement can't be "Don't do that." The response will be "Don't rely on third-party cookies; find another way."
- SAML does not rely on third-party cookies, but many implementations of it do.
- David W suggested that a better approach than "Don't do that," would be "How can we partner to achieve a successful transition."
- SeamlessAccess has two (separable) pieces: discovery and persistence.
EMail Updates
Federation Test Working Group
| Subject: | [TAC-InC] Fed Test WG Update |
|---|---|
| Date: | Thu, 20 May 2021 12:12:46 -0400 |
| From: | Janemarie Duh |
The update this week is there is no update. Things are jamming here.
Janemarie
International, SeamlessAccess, and Browser Interactions updates
| Subject: | [TAC-InC] International, SeamlessAccess, and Browser Interactions updates |
|---|---|
| Date: | Thu, 20 May 2021 09:14:15 -0700 |
| From: | Heather Flanagan |
International
Highlights in REFEDS includes the creation of a new group within the REFEDS Assurance working group. The REFEDS MFA subgroup which is concerned with making the MFA profile easier to understand and use. To subscribe to the mailing list please go to: https://lists.refeds.org/sympa/info/assurance-mfa-subgroup
Registration for the 42nd REFEDS meeting, scheduled for June 16, is now open: https://events.geant.org/event/580/
SeamlessAccess
One of the more useful pieces of information coming out of SeamlessAccess this month is information on the click-tests that asked users to figure out, with no additional prompting, what to click on to get access to an article via mockups from four separate publishers implementation of SeamlessAccess. The feedback from this was particularly powerful and provides useful insight into how to make the UX for logging in to a site better, regardless of whether a site is using SeamlessAccess or not. See the Click Test Research Report at the bottom of the User Research Insights page: https://seamlessaccess.atlassian.net/wiki/spaces/DOCUMENTAT/pages/28966993/User+Research+Insights
Also in the SeamlessAccess world, a pair of two-day workshops for federation operators has been rescheduled to June 28 and 29 for Asia-Pacific federations, and July 1 and 2 for European and American federations. If you would like a link to register for either event, please contact heather@seamlessaccess.org
Browser Interactions
This area has been ramping up in terms of discussions and activity. The W3C Privacy Community Group had a virtual f2f this week discussing several of the proposals regarding improving privacy on the web. This discussion has focused on several of the proposals, but not all, and not necessarily in context with each other. More information, including a link to the notes, are available here: https://github.com/privacycg/meetings/tree/main/2021/05-virtual
The WebID project in the W3C Web Incubator Community Group (WICG) is holding a workshop next week to talk about the balance of federation with privacy, and the browser's role in that balance. The four major browser vendors (Google, Mozilla, Apple, and Microsoft) will be there, and several of the larger identity providers (Google, Microsoft, Facebook, and Apple) will present on day one. Day two will focus more on discussion. Participants must be a member of the WICG; joining the WICG is free. More information is available here: https://github.com/WICG/WebID/blob/main/meetings/2021/25-26_May_2021.md
Heather Flanagan — Translator of Geek to Human
https://sphericalcowconsulting.com
Federation 2.0
| Subject: | [TAC-InC] Fed2.0 WG Update |
|---|---|
| Date: | Thu, 20 May 2021 16:17:04 +0000 |
| From: | Bush,Judith |
I missed the meeting, but it seems the Fed2.0 did get a draft CAMP proposal in and continued work.
judith
CACTI Update
| Subject: | [TAC-InC] CACTI Update |
|---|---|
| Date: | Thu, 20 May 2021 12:59:29 -0400 |
| From: | Matthew X. Economou |
Dear all,
At the May 11 CACTI meeting, Judith Bush and Tom Barton related the work of the REFEDS Federation 2.0 Working Group. Major discussion points included the need for:
- Advocacy and representation
- Leadership and outreach
- Access control and trust
- Protocol independence
Best wishes,
Matthew