Date, Time, and Location

Thursday, July 14, 2022
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT

Minutes

Scribes: Eric, Mark, Joanne


  1. Intellectual Property Reminder  - All Internet2 activities are governed by the  Internet2 Intellectual Property Framework.
  2. Public Content Notice  - TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.
  3. Call for scribe volunteers ( 2 per call) - recording / transcription available - Joanne / Mark
  4. Agenda Bash + request for notable working and advisory group update
  5. Status Updates - Q&A (10 minutes)
  • T&I Ops: No updates
  • SP Proxy Discussion: 
    • We said we were going to pick this topic up after TNC. 
    • It’s after TNC 
    • There was discussion in another forum (UC Trust) about Proxies/applications aggregated behind the same front end (Eric G) – will likely evaluate when submitting 
    • Informal Workgroup to be convened
    • Goal to deploy a position paper by TechEx
  • Update on Deployment Profile value proposition (Mark R)
    • Draft ready, tries to capture high-level the comments that have authored so far.
    • https://docs.google.com/document/d/1HnCmY-2_JZy8myR2np8CmPTpIJrhjPnRT88j-3n0I_Y/edit#
    • Needs additional input, specifically on call to action
    • Ann - doesn’t specifically address Service Providers
    • Deadline for TAC - By July 22nd -  in terms of narrative, everyone read, suggest and make comments in the next week.  Then Mark will get it ready for our next call.
    • Call to Action may take more time, but need ideas.
  • TAC working meeting for TechEx
    •  Want to put a face to face on the schedule - call for working group meetings is coming up.
    • Propose workshop for Deployment Profile testing
  1. (5 min) Request from Duke to review its plan to assert subject-id (Mark R)
  • https://docs.google.com/document/d/1L4L7RSL1xw4STQ6xOmjKdMgarSvDxSfPNx24IKdrMoA/edit
  • Duke has a proxy fronting several SP and using the proxy to federate those SP.
  • Need to be able to accommodate Duke’s asserted profile, but also allow for Social Logins.  Social logins don’t have EPPN’s, but they do issue a likely stand in for subject identifier.
  • Would like a second opinion before they start asserting identifiers as once they do they are stuck with them.
  • Eric - ok as long as asserted by Duke IdP, but if you start creating pseudo-subject ID’s (in the proxy) for people coming from other IdP’s.
  • David - good to have internal identifier within an IdM to be used only internally.  If this is that identifier you’re putting some restrictions on the identifier. Adds an extra constraint on something that previously was only used internally.
  • Steven - is intent unique identifier would follow requirements of eduPerson Unique ID.
  • Eric - Subject ID is case sensitive, unique ID is not case sensitive.  All subject ID’s will work as unique ID’s (but not the other way around).
  1. (35 min) All things about digital identities (Heather) (PPTX Slides)
  • HF self-asserts not an expert
  • Generally lots of unknowns but there is an opportunity  
  • (Get Heathers Preso ??) - yes, available for the minutes
  • The problem statement
    • End user focused
  • Definitions 
    • DID (see preso), w3 standard 
    • VC (see preso) – DID with Envelope - authentication method - some politics for adoption (Google/Mozill/Apple? objected)
    • Wallet (see preso sorta) – poorly defined, many different understandings. The construct to store end user VC’s 
  • Use cases
    • Driver’s license mandated by EU
    • Others (see preso)
  • The ecosystem is being built
    • How big of step for R&E to consider
    • Trust (business process) framework is not there and different from the cryptographic trust
    • The “big red button” issue – how do you take VC/DID away – no good practice at this point
  • Asks
  • TAC Discussion
    • Observation (EC) – technology talks about what to put in the VC . Seems == to SAML assertion, Issuer == IdP, Verifier == SP, Verifiable Data Registry is the “new stuff”.
    • Talking about the NREN as Authentication Source/Attestation Provider slide from the Geant deck
    • Verfiers/SP’s will faced with here’s a credential, I can show you the DB the verification.  But you’re still faced with who is the issuer and do I trust them.
    • There are other institutional ID’s (like roars) 
    • Federation can answer the question, who signed this thing.
    • The thing that is not in here is revocation… but that is not an issue in the SAML model.
    • Isn’t this just digital certificates?  It’s how it is presented.  I.e. bouncer at a bar, device that just says is this person 21.
    • Wallet key recovery, online storage, 
    • Is there enough here for Incommon to provide technical advice and recommendations.
    • Working group to gather requirements from the community? 

Emailed Updates

International Update

From: Heather Flanagan
Date: Thur, July 14, 2022

REFEDS

  • SIRFTI v2 was approved by a unanimous vote of the REFEDS SC. The website will be updated with the v2 of the spec shortly.
  • The next REFEDS meeting will be held on Monday, 5 December, adjacent to the Internet2 Technology Exchange.

SeamlessAccess

The WAYF Entry Disambiguation Working Group recommendations and problem statement have been published on the SeamlessAccess website. See https://seamlessaccess.org/learning-center/challenges-federated-wayf/

Browser Interactions

The FedID CG is working on several flowcharts that indicate which project (e.g., First Party Sets, Shared Storage Access, Federated Credential Management, etc) fits in which part of the authentication flow. The group continues to meet weekly, and will have two sessions at the upcoming W3C TPAC in Vancouver, BC.

Wallets and Federation

Heather Flanagan is giving a short presentation on DIDs, VCs, and Wallets on the TAC call, 14 July 2022.

CTAB Update

From: Eric Goodman
Date: Thursday, May 19, 2022

I missed all but the discussion of the TechEx meeting attendance due to a conflict, so I don’t have a lot of detail here. I’ll defer to David to fill in any key pieces that I didn’t summarize well:              

  • A mid-year check in on the CTAB work plan
  • Discussion of status of BE2/closeout
  • Appears to be in the stage of notifying entities that haven’t responded and escalating for potential removal.
  • Any actual actions along those lines to be submitted to Steering first.
  • Review of the current version of the BE TLS Proposal (i.e., “how to handle operationally track and enforce the BE2 TLS requirements – specifically those related to SSL Lab grades”)
  • Discussion of who will be attending TechEx in person (related to scheduling potential in person meeting)


  • No labels