Minutes

Attendees: Heather Flanagan, Keith Wessel, Eric Goodman, Joanne Boomer, Mark Rank, Matt Porter, Judith Bush

Reps from other groups: David Bantz, Les LaCroix

Staff: Nicole Roy, Kevin Morooney, Johnny Lasker, David Walker, Albert Wu, IJ Kim, Steve Zoppi

Status Updates - Q&A 

InCommon Ops

InCommon Site Administrators were sent a notice on 11/30 about upcoming changes to InCommon Delegated Administrator (DA) management and DA login; specific to InCommon metadata only 

CTAB

CTAB and Ops are finalizing list of entities recommended for removal on December 12. 

  • Some are no longer used. Being deleted soon
  • Some are leaving federation. Will be removed at the time of separation.

Officer election results 

  1. Keith re-elected TAC chair
  2. Heather re-elected TAC vice chair

Get things moving on 2022 TAC accomplishments report 

  1. This is a regular output of this group. This can serve as an advertisement for joining TAC.
  2. Typically, the leads of different groups write snippets for the work of said groups. This year would include:
    1. Wallety stuff? (not currently on workplan)
    2. Middlethingsy stuff (not currently on workplan)
    3. SAML Deployment profilely stuff
    4. Browser technology-y stuff
    5. HECVATy stuff
    6. EntityID creationy/namey stuff
    7. Federation testy stuff
  1. Starter doc - https://docs.google.com/spreadsheets/d/14KaJPpqbd1DbF8JCBjLDSIz-_PeHeX5ddO4b7-I4JF8/edit#gid=0

2023 work plan brainstorming 

Any items that shouldn’t carry over to 2023?

  1. Fed Testing?
    1. Crowdsourcing (community workgroup) may not be the best way to generate the actual tests. May be that community wants something to test against (but not to actually build that something).
    2. Do we have a sense of what community/cohort wants this? IdPs? SPs? Etc.?
      1. Seems to be smaller participants, including both vendors (testing their products) and institutions (trying to test integrating vendor account solutions into InCommon).

New Items?

  1. Albert put up a planning document and Keith requests that the group contribute items to that list.  
    1. Wallets should stay on the list - And impact on both federation and campuses.
    2. Middlethings - Will await discussion at TechEx before making a recommendation
    3. Seamless access?
      1. This turned into an update item as well.
      2. Work is happening in InCommon
      3. A non-profit has been formed around Seamless Access. Currently working on how I2 participates in this (Dutch) non-profit org. Work has been ongoing for a few months.
      4. How will Federation adopt Seamless Access operationally? Current assumption is that there should be one global environment that all federations share. But that brings all sorts of extra questions. 
      5. Note that the persistence features have mostly been lost (more a browser issue than a SA issue)
      6. If we go to a global instance, how is availability managed? Is there a focus on making this a common (prevalent) user experience as opposed to an option/common technology backend?
      7. May not need to be a TAC work item other I2/InC potentially bringing focused questions to the TAC as appropriate.
  2. After the group has contributed potential items, we will vote on items. Initial vote will be at the face to face.  

TechEx planning 

  1. Desired outcome of the face-to-face
    1. Meeting is Wednesday at lunch.
    2. Initial Workplan voting/prioritization planning
    3. Eric and Matt will NOT be there. Others are more likely. 
    4. No other items were suggested… Do feel free to add (communicate to Keith) if any come up
    5. Good opportunity to step back and look at the year and the year ahead
  2. ACAMP sessions we need to propose
    1. Look back at our ideas from the 9/8 TAC call about TechEx and discuss if it lends itself to ACAMP topics or sessions on the program
    2. Middlethings is planned
    3. Wallets are likely, but not clear TAC has a specific focus for this. 
    4. There is a browser session (Heather’s stuff) during CAMP
    5. Possible topic following out of Fed2.0 work
      1. Lots of focus on technology/implementation. Do we have the correct people to talk about managing the trust aspects that Federations need to trust going forward? 
      2. Issues with translating/incorporating trust into different technologies (Wallets, FederatedOIDC, Vendor eco-systems)
      3. Possible: “Trust Models: SAML/OIDC/Wallets”
    6. “Making federation easier”
    7. “Making deployments easier”
    8. Collaboration at the vendor identity ecosystem level.
    9. Azure, Google, Box, Atlassian, etc. systems all operated by “just have all your external guests register an account (or organizational IdP) with our service and we’ll handle inter-org federation”.

Email Updates

International and Browser Updates

From Heather Flanagan:

International Update
REFEDS

  • The three consultations for the attribute release entity categories are closed. The text has been updated as per comments received and the specs are in the hands of the REFEDS SC for a final vote. 
  • One consultation is still going: MFA Profile v1.1 is open until 15 January 2023 (extended to account for the holidays).
  • The next in-person REFEDS meeting is scheduled for 5 December 2022 before TechEx. We currently have 100 people 


TNC23

  • The CfP for TNC23 is now closed with over 100 submissions.


Browser Interactions
The FedID CG continues to spend time right on IdP discovery and how the browser can make sure that the relationship between the RP and IdP is appropriate and approved by the user. The higher ed use case is one of the more difficult ones to solve for here, and no decisions have been made yet. See https://github.com/fedidcg/FedCM/issues/319 and comment if interested.  There is also movement on the issue of services that use browser local storage to store information that will inform an identity authentication flow (e.g., SeamlessAccess). Another service in the Self-Sovereign Identity space called CHAPI has a similar model, and is breaking in a similar way with the death of third-party cookies. The community group will be digging into that use case on the 12 December 2022 call.

But wait, there's more! Mozilla started rolling out "Total Cookie Protection" by default back in June, and now expect that to be done within the next month or two. Their most recent release (Firefox 107) turned it on by default for Firefox on Android on 14 November 2022.

CTAB Updates

From Eric Goodman:

CTAB meeting notes

  • Reviewed membership and chair election results.
  • BE2 closing actions finalized (i.e., approved by steering)
  • TechEx planning discussions
    • “Increasing Trust and Assurance in InCommon” (Wed 12/7, 8AM local)
    • CTAB meeting (Tues 12/6, 12:10PM local)
    • CTAB dinner planning (undisclosed, ideally not cacophonic location)

T & I Operations Update

From Nicole Roy:

Quick update from the InCommon operations space, we are getting ready to enable InCommon Federation delegated admins to move to our IAM system for login to the Federation Manager. First emails will go out after TechEx.

Best,

Nicole

Next Call @ TecEx 2022 December 7, 2022

  • No labels