Minutes
Attending: Mark Rank, Heather Flanagan, Janemarie Duh, Keith Wessel, Eric Goodman, Mark Rank, Mary McKee, Matthew Brookover, Matthew Economou, Steven Premeau
With (Also Starring): David Walker, Les LaCroix, Albert Wu, David Bantz, IJ Kim, Ann West, Steve Zoppi
Regrets: Judith Bush
Status Updates
- International Update, SeamlessAccess, and Browser Changes Updates
- Working and liaison group updates - including 2021 plan items
- Fed Test WG Update
- Federation 2.0
- CTAB (Eric Goodman)
- CTAB will be at tabletop SIRTFI exercises with REFEDS, REN-ISAC, maybe others
TAC nominations
- The deadline has been moved back to 11/2
- We currently have three nominations for TAC membership.
- There will be three open seats for next year (to maintain current 10; could go to 13)
- We’ll discuss candidates in the next TAC meeting (on 11/4).
Federation Testing Group
- We have a number of interested participants now. (See the Fed Test WG Update.) Janemarie would like to designate a new sponsor for next year (since she is not renewing her TAC membership for next year).
- It’s not necessary, but past groups have benefited from having a TAC member as a co-chair.
Reminder: It’s October. Time to revisit the Discovery Service conversation
- Draft proposal to Steering is linked in agenda’s pre-read section: Discussion: Next Steps for InCommon Discovery Service.
- We will check in on this during the next TAC call.
CAMP/ACAMP readout - what did we learn on our CAMP-ing vacation?
- Eric Goodman mentioned conversations about proxies. In general, people question their impact on trust.
- People tend to put new services behind existing proxies to avoid the overhead of dealing with IdPs for attribute release, etc.
- It seemed that a lot of this questioning is based on observed behavior of local institutional SPs, rather than necessarily observed federation behavior.
- Mark Rank: Some guidelines for proxy operators would be useful.
- ACAMP discussion: https://docs.google.com/document/d/1CTY9cMKgd-G7wbg9Q3RKbIpAWg9G2_enHTk3yHnU_7s/edit
- There were several others.
- Primary issue is multiple services behind a single proxy.
- Multiple applications that comprise a single service behind a single proxy (or a single SP) isn’t really a problem.
- The VO (e.g., LIGO) architecture described in AARC is proxy-based.
- Should this be a candidate for next year’s work plan?
- We should consider this.
- Maybe describe how to address multiple use scenarios for proxies (e.g., Azure identity service) that don’t involve abandoning Shib (or Azure)
- Partner with CACTI?
- Mark and Mary mentioned that the decisions about Shib vs. Azure vs. Okta are business decisions, not technical.
- It’s often the case that it’s not appropriate for all of a person’s identities (e.g., social IDs) to be linked for all services.
(if time permits) IdP Migration Best Practices / SP Use of IdP Entity ID
- There wasn't time.
EMail Updates
International, SeamlessAccess, and Browser Updates
| Subject: | [TAC-InC] International, SeamlessAccess, and Browser Updates - 21 Octobe 2021 |
|---|---|
| Date: | Thu, 21 Oct 2021 07:44:10 -0700 |
| From: | Heather Flanagan |
International Update
TNC22 (13-17 June 2021, Trieste, Italy)
The Call for Proposals is open until 30 November 2021 for sessions, and until 15 February for demonstrations. Have a great idea? Please submit it! https://connect.geant.org/2021/10/12/tnc22-call-for-proposals-is-now-open
REFEDS
The REFEDS meeting generated excellent discussion, and Nicole Harris captured a summary in a blog post. A link to a recording of the meeting is included in that post.
Open Consultations
- Consultation - REFEDS Strategy - consultation opens on 21st September 2021 (closes 25th October 2021)
- Consultation - Federation 2.0 Report - consultation opens on 5th October 2021 (closes 1 November 2021)
Recently Closed Consultations
- Entity Category Consultation - Personalized Entity Category - the working group is scheduling a meeting to handle the comments received.
Microsoft Higher Ed Conference
The Microsoft HiEd 2021 conference happened this week. Recordings are available and include Heather Flanagan and Pamela Dingle as keynote speakers discussing the "Future of Identity." More information is available here: http://microsoft-hied.org/Agenda/agenda2021
Authenticate Conference
This week also saw the Authenticate conference, organized by the FIDO Alliance, happening in Seattle and online. Microsoft's new passwordless option for commercial customers featured heavily. It is a conference worth watching.
SeamlessAccess
The product roadmap is always available to the public: https://seamlessaccess.org/services/
Browser Interactions
There are many proposals in development for how to handle different aspects of the privacy + browser problem. Heather Flanagan is going to organize another flash Mob event to discuss each, but to summarize:
- First Party Sets - https://github.com/privacycg/first-party-sets
- a mechanism to allow organizations to each declare their own list of domains, to allow user identity to span related origins
- CHIPS (Cookies Having Independent Partitioned State) - https://github.com/WICG/CHIPS
- a mechanism to indicate to user agents that these cross-site cookies should only be available in the same top-level context (top-level site or that site's First-Party Set if it has one) that the cookie was created in
- Storage Access API - https://github.com/privacycg/storage-access
- provides a means for authenticated cross-site embeds to check their blocking status and request access to storage if they are blocked
- Login Status API (was isLoggedIn) - https://github.com/privacycg/is-logged-in
- inform the browser of the login "state"
- Federated Credential Management API (was WebID) - https://github.com/WICG/FedCM
- solving for death of third-party cookies specifically in the context of federated identity
Fed Test WG Update
| Subject: | [TAC-InC] Fed Test WG Update 2021-10-21 |
|---|---|
| Date: | Thu, 21 Oct 2021 11:03:29 -0400 |
| From: | Janemarie Duh |
Time does fly.
As you have seen, the announcement went out to the participants and educause IAM lists. This resulted in only two new list members plus Judith. That puts the list at 12 members, but three are us:
awu@interent2.edu - - standard (direct reception)
bjorn@sunet.se - Björn Mattsson - standard (direct reception)
bushj@oclc.org - Judith Bush - standard (direct reception)
kristi.wall@uga.edu - Kristi Wall - standard (direct reception)
lee@keyvoms.org - Craig Lee - standard (direct reception)
nroy@internet2.edu - Nic Roy - standard (direct reception)
onyemaechi.nwokolo@lsuhs.edu - Onyema Nwokolo - standard (direct reception)
roland@catalogix.se - Roland Hedberg - standard (direct reception)
rwood@infoedglobal.com - Roger Wood - standard (direct reception)
tammar.ajam@cerner.com - [Tammar] [Ajam] - standard (direct reception)
tzeller@sphericalcowgroup.com - Tom Zeller - standard (direct reception)
vsowmya@udel.edu - [Sowmya] [Shankar] - standard (direct reception)
So, we are back to asking the question, does this group have enough air under its wings for takeoff? It's got Roland and Tom Zeller. I only know one other person. The membership is very low on people from .edus.
I am comfortable with nine members. The important question for me is, will any of them step up to be the co-chairs? I can pose the question to the list asking and see what the response is.
Janemarie
Federation 2.0
| Subject: | [TAC-InC] Fed2.0 and probable absence |
|---|---|
| Date: | Thu, 21 Oct 2021 15:12:31 +0000 |
| From: | Bush,Judith |
Fed 2.0 is in consultation, we welcome your thoughts - https://wiki.refeds.org/display/CON/Consultation+-+Federation+2.0+Report
I’m hoping to attend, or attend and multitask, but may need to get a document wrapped up before an afternoon meeting.