Minutes

Attendees: Keith Wessel, Joanne Boomer, Derek Eiler, Eric Goodman, Marina Krenz; Matthew Economou; Steven Premeau, Matthew Porter, Mark Rank, Heather, 

Reps from other groups: David St PIerre Bantz (CTAB); Les LaCroix (CACTI)

Staff: IJ Kim, Steve Z, Albert Wu, Nicole Roy, Kevin

Scribe: Matthew E; Joanne; Eric

Status Updates

InCommon Operations:

  • Federation manager update yesterday

T&I:

  • Community exchange next week
  • BaseCAMP coming up in the summer (enrollment is open)

CTAB:

  • Reviewing workgroup updates (most of which have also been discussed in TAC) w/ focus on REFEDS MFA, REFEDS Assurance Framework, Sirtfi, and IIW

SAML2Int group updates/discussion

  • Group is starting from data side of the the three entity category worksets, specifically anonymous access (eduPerson scoped affiliation and schacHomeOrganization)
  • How to fill in gaps between attribute definitions and usage in practice?
  • What are the expectations of IdPs and SPs when using those values?
  • Reviewing pairwise ID next time
  • What’s acceptable as the domain component of a scoped attribute?
    • IdPs can use more than one scope and set the domain at their discretion
    • What domains should an IdP use for SCHAC Home Organization (single valued, so Highlander rules—there can be only one, so which one does a university system’s IdP choose)?
    • International compatibility?
    • What can SPs realistically expect for eduPerson Scoped Affiliation?
    • Likely a bigger deal for pairwise ID due to accuracy and persistence requirements of that identifier
    • Scenario becomes more likely as shared services proliferate
  • Still aiming for presentation at Technology Exchange in September

Workplan

  • To be reviewed next meeting

Certificates and Signing in FM

  • This entire section should be reviewed by Nicole to confirm level detail provided is not inappropriate
  • Operational issue where InCommon Ops wants TAC’s approval
  • Should not change trust model or federation security posture
  • Discussed details of a modification to the technical aspect of the metadata signing process:
    • Reviewed the process whereby the is for the FM signing process to ensure the provenance of the unsigned metadata (which has been modified/uploaded by the Metadata/FM Admin) when it goes about the process of loading that unsigned metadata it to sign it with its own certificate. 
    • Much discussion of the technical details.
    • No objections raised within TAC to moving forward with the proposed changes. 

FedCM Hackathon Q&A + IIW updates

  • See notes from our most recent meeting: IIW April 2023 Planning
  • Most important change was getting Google and Mozilla to understand that trust does not begin/end at top-level domain name.
    • E.g., can’t put metadata pointers at _well-known.example.com because actual practice entails multiple authoritative subdomains for multiple services.
  • The FedCM issue 4 modal was good enough to handle proxying.
  • R&E is the only community engaging!
  • Possible FedCM PoC work with Mozilla?  Some APIs shipping in Chrome

Email Updates

CACTI Updates

From Steven Premeau: 

In their last meeting, CACTI:

International Updates

From Heather Flanagan:

General

It’s conference season in the identity world! From the Internet Identity Workshop through to TNC23, the identity community in general and the higher ed community in specific have a lot going on. The following GitHub wiki page is being informally maintained to track the different conferences in our space: https://github.com/fedidcg/meetings/wiki/List-of-Identity-and-Related-Conferences---2023

REFEDS

Are you going to TNC23? Are you intending to attend REFEDS 46? Have you noticed that this time, we’re at the end of the week and not the beginning??? Nicole Harris and Heather Flanagan are building the agenda for the meeting now, and expect to cover such topics as the Microsoft federation changes as well as various community updates. The agenda is in progress here: https://refeds.org/meetings/46th

Next Call @ May 18, 2023