Prioritization of Work Plan (Comments on 2022 Plan)

TAC had some lofty goals this year and did a good job on many of them. Keith would like to have a little more focus in 2023 to have more impact. (Reference 2022 Work Plan)

Comments on this year’s work plan

Mark -  The number of items was a little larger than optimal. Some were overlapping. Personally, he didn’t have a lot of time. The amount of time we have collectively to dedicate to things is shrinking.

Joann - Still trying to figure it all out. Seems like a good approach to focus on a few items.

David - TAC work plan is reviewed by CTAB. It’s valuable to have all things of genuine interest/passion on the work plan. Some you may have to differ action on, but it’s important to have them on the plan. 

Steve P. - We were a little aspirational. As we were forming the plan last year, we thought a few items would progress faster than they did. 

Judith - Work items fall into two camps: 1) current status quo and 2) future looking. We did give a lot of attention to the future items (wallets & browsers). I think we prioritized correctly. 

Heather - To Do lists are hierarchical based on deadlines and resources. She doesn’t feel qualified to comment on the operational tasks.

Matthew - I tend to be overly ambitious. I tend to prefer to shoot for the moon and temper my expectations as time moves on. When you start figuring out what to do, you don’t know how big the item is. My tendency is to rescope as needed. If InCommon doesn’t mind that approach, then cool. They may prefer a more conservative approach.

Kevin (uses work plan a lot when speaking to external audiences) - If we measure it in terms of steps, it was a half-step aggressive. There’s something to be said for an inventory of items that matter and actions taken against the inventory that matter. There’s a lot of information in the TAC work plan that guides other entities and bodies. I would advise bodies like this to do one less thing instead of one more thing. It would be better to do 4 items thoroughly than attempt 5. 

Steve Z. - When I look at TAC’s work plan compared to CACTI and Steering minutes, what strikes me is that the level of complexity and connectedness has increased exponentially over the last four years. It’s hard to know if you have overshot until you know what others have planned. Coordination is difficult. There are more interdependencies. It’s hard to tease apart these items. All the easy stuff is done.

Albert - TAC has always relied on the community to do the work. We’ve had less of that this year (e.g. spinning up working groups, etc.). We have far fewer volunteers (Steve). This might be an opportunity to look for more cross-collaboration with other groups.

Keith got the general sense that people felt that the work plan was manageable but needed more prioritization.

Top Three Priorities for 2023

(Reference InCommon TAC 2023 Work Plan Items)

Keith

Make federation more valuable (theme for 2023)

1. Wallets 
2. Browser changes (what role InCommon can play)
3. Continued work on deployment profile adoption

Heather

Make federations work for today and tomorrow

1. Browser changes
2. Wallets

Judith

Looking at work for current deployment and steering them to move forward

1. Wallets (threat)
2. Browser changes ( a way forward)
3. Subject identifiers

[Steve Z. - prioritizing vs. sequencing; Some items are interdependent on others; For example, browser is a predecessor task that may resolve others. What the order of things should be comes from TAC rather than his team deciding. Our response time is 18 months.]

[Albert - Each work item needs to be categorized along the spectrum (e.g. creating subject identifiers is different than deploying them across the federation.]

Steve P.

Thinking about the tactical; tasks/items achievable in 12 months

1. Entity Categories
2. Subject Identifier
3. Deployment Profile 

*High-level of HECVAT work expected this year.

David B. 

Don’t think we’re going to steer what browser owners are going to do. 

1. Browsers - How do we change the way the federation works given the push towards a more consumer-oriented browser environment? 
2. Wallets - In what ways will InCommon need to change to preserve the core values of InCommon in a world where people want to use wallets?

[Smaller institutions with small IAM teams need help from InCommon to determine the easiest way to incorporate new services as an IDP operator.]

Joanne

We should have a list of items that we tackle this year and say done. And we need another list of other items that we’re monitoring. (e.g. I can’t see us spending the whole year talking about wallets.)

[Steve Z. - What is the end game you’re looking for in the discussion about wallets? Mark - What are some use cases, so we can look at a plan for implementation? Immediate needs for me that would resonate with a CISO or a registrar. Wallets are the solution to an existing problem.]

Mark

1. Browsers - The window for us to influence API browser specs is very short.
2. Deployment Profile
3. The Middlethings discussion (practical guidelines for operators) 

Matthew 

1. Browsers 
2. Deployment Profile - need consensus from identity and service providers on data requested and released
3. Federation Testing - potentially very hard; there are parts of it we can do to at least check certain kinds of compliance items.