Minutes
Attending: Matthew Brookover, Judith Bush, Janemarie Duh, Matthew Economou, Heather Flanagan, Eric Goodman, Steven Premeau, Mark Rank, Keith Wessel
With (Also Starring): David St. Pierre Bantz, IJ Kim, Les LaCroix, Johnny Lasker, David Walker, Ann West, Albert Wu, Steve Zoppi
Regrets: (none)
10/7 TAC call canceled due to CAMP week.
Status Updates - Q&A
- T&I and Ops Updates
- There was a successful FM release yesterday.
- Nicole will send more information via electronic mail.
- NIH's eRA started requiring MFA on 9/15.
- The next REFEDS meeting is next Thursday, before CAMP.
- There was a successful FM release yesterday.
CAMP planning / Review Work Plan item progress, and what to say at CAMP
- Tune advisory group presentation content
- Soft launch of Deployment Profile Adoption page
- https://spaces.at.internet2.edu/display/FEDERATIONPREVIEW/adopt-saml-deployment-profile
- Also in next newsletter, likely in November
- Federation testing
- IdPaaS
- This is part of upcoming Catalyst program
- There’ll be a Zoom-based social platform available, which could be used to talk about IdPaaS and Catalyst
- Catalyst program can be put on ACAMP agenda for more discussion.
- HECVAT
- Mary will get some teasers of the issues to Keith.
- Call for nominations
- Nomination page should be open before CAMP
- Soft launch of Deployment Profile Adoption page
- What does TAC want to get out of CAMP/ACAMP, ie, what topics do you think are important for TAC to engage the community on during CAMP/ACAMP?
- Deployment Profile Adoption
- ACAMP session to get feedback? From past experience, there’ll likely be interest.
- We’ll want to guide the discussion to get what we want out of the discussion. (prioritization, clarity, etc.)
- Subject ID
- Fold up under profile adoption.
- Federation Testing
- WebAuthn?
- Discovery (Seamless Access)
- Say TAC is looking into discovery services with SeamlessAccess as an option.
- Also ask for thoughts about what's needed.
- Others?
- Refer IdPaaS to Catalyst
- Heather will have a session about browser interactions.
- HECVAT
- Mention this as work in progress
- Identify possible 2022 work items?
- Be on the lookout for emerging issues, pain points, trends, etc.
- Deployment Profile Adoption
Revised Federation Testing Group charter
- The charter is now focused on testable statements in deployment profile
- Develop implementable test criteria from the statements
- Action: Access to the revised charter was inadvertently restricted until the call. Everyone please look it over and raise any objections by end of day Monday, 9/27/2021.
IdP Migration Best Practices / SP Use of IdP Entity ID
- Indiana U lost access to CILogon (and, presumably, other SPs) after changing its entityID from URN-style to http-style.
- This is an ongoing issue for other institutions
- May be increasing, due to (for example) Azure migrations.
- Migration to Azure AD, Okta, or other commercial solutions is a strong driver but not the exclusive one. As Albert commented, it is challenging to do an enterprise IdP 2.0 as a "big bang" and many of the changes are the result of parallel deployments to transition SPs from one environment to another.
- How should we cope with this?
- To be continued...
EMail Updates
International, SeamlessAccess, and Browser Interactions updates - TAC 23 September 2021
| Subject: | [TAC-InC] International, SeamlessAccess, and Browser Interactions updates - TAC 23 September 2021 |
|---|---|
| Date: | Wed, 22 Sep 2021 11:21:37 -0700 |
| From: | Heather Flanagan |
International / REFEDS
43rd REFEDS meeting - Registration is open (https://refeds.org/meetings/43rd), scheduled for 30 September 2021. Current plans are to focus exclusively on REFEDS Strategic Planning, R&S 2.0, and identifier transition plans, and over 100 people have registered so far. Please register!
Open Consultations
- Entity Category Consultation - Personalized Entity Category - consultation opens 20th September 2021
- Consultation - REFEDS Strategy - consultation opens on 21st September 2021
SeamlessAccess
The product roadmap is always available to the public: https://seamlessaccess.org/services/
Browser Interactions
A new presentation by Vittorio Bertocci has been made freely available by the organizers of the EIC. He's a great presenter, and does justice to the topic. https://www.kuppingercole.com/watch/eic2021-bertocci-browser-features-identity-protocols
Fed 2.0 Report
| Subject: | [TAC-InC] Fed 2.0 Report |
|---|---|
| Date: | Thu, 23 Sep 2021 15:19:32 +0000 |
| From: | Bush,Judith |
Keith asks, “How on earth did we get to late September already?” I sure don’t know and I am horrified at the date.
In the Fed 2.0 last meeting we appear to have come to consensus on the “first step” recommendation wording. We’re clearing things up and hope that we will be sending out to REFEDS by Wednesday nest week.
judith
CTAB update
| Subject: | [TAC-InC] CTAB update |
|---|---|
| Date: | Thu, 23 Sep 2021 16:43:13 +0000 |
| From: | Eric Goodman |
This is a little lazy in that I’m following the outline of the CTAB draft minutes, so most of what’s here will be discussed in more detail there.
--- Eric
Working Group Updates
- R&S 2.0 Working group updates and discussion
- I.e., is this actually making things simpler, or more complicated? Will it encourage more IdPs to participate or throw up their hands?
- Seems like this category and “consent for release” are both attacking the same problem from different directions.
- A decent amount of discussion around Personalized Entity Category (consultation ongoing)
- Eric (me) threw in a tangential discussion similar to the comments I put in the TAC Slack channel.
- TAC updates (hopefully I don’t need to repeat those here!)
- REFEDS Assurance Working Group updates
- REFEDS MFA working group
- The logic is that any local “exceptions” you grant may not be inline with REFEDS MFA expectations, so using different AuthnContexts keeps the politics distinct.
- Also raises the “is this making things simpler or more complicated?” question
- (I was a bit of a contrarian on the call…)
- Eric (me again) and David B both called out that the emerging recommendation is to NOT use REFEDS MFA internally at your institution.
CTAB Business
- Reviewed the Community Dispute Resolution Process
- Originally raised in the context of SSL Lab grades and “what do we do if an org doesn’t meet the BE2 reqs?”
- Turned into a general review of the overall process.
- BEv2 office hours
- Another session on 9/28
- Likely there will be some sort of session at CAMP/ACAMP
- Discussion of how we want to manage/track Endpoint Encryption disputes that may arise (now, or potentially whenever SSL Labs updates their grades)
CACTI update
| Subject: | [TAC-InC] CACTI update |
|---|---|
| Date: | Thu, 23 Sep 2021 13:03:49 -0400 |
| From: | Matthew X. Economou |
Announcements:
- InCommon Federation Manager application move to AWS scheduled for on Wednesday, September 29, after metadata signing. 5 p.m. PT.
- Eduroam’s backend is being upgraded. Part of upgrade will move its administration functions into the FM.
Deployment guidance discussion points:
- Likely need for another community survey to find out what kind of guidance it needs.
- TAC and CTAB may be able to offer advice on how best to accomplish that survey.
- Next step is to develop a working group charter.