Minutes

Attendees: Eric Goodman, Mark Rank, Judith Bush, Matt Porter, Matthew Economou, Joanne Boomer

Reps from other groups: David St Pierre Bantz (CTAB)

Staff / SME: Nicole Roy, Kevin Morooney, David Walker, David Shafer

Scribes: Judith Bush, Mark Rank

Updates

  • Canceling July 13 TAC meeting (concurrent with base camp)

  • No Agenda bashing

CTAB:

  • Discussion on Operationalizing Baseline Expectations
    1. BE Operations Worksheet:
      https://docs.google.com/spreadsheets/d/1vpnHA3Tb2pPnehudX7y1g0aDn4f__97XECQrKRjSUao/edit?usp=sharing 
  • Reviewing REFEDS Assurance Profile v2
    1. Consultation is out
      https://wiki.refeds.org/x/AQDOCw 
    2. Similar to previous version, but not 100% backwards compatible 

T&I and Ops update:

  • Intermediate cert is now in place to bootstrap metadata signing
  • Base Camp coming up
  • CACTI first meeting of the Verifiable Credentials Working Group was today
  • Kevin: Heather and Nicole were also at the TNC meeting, which was very good. TNC had a more global reach in the past but now has a more European focus.

REFEDS / Browser Changes

Blog post and Notes are our regarding last REFEDS meeting

Judith with update for Browser Changes:

As browsers continue to threaten the cross-site methods used in authentication protocols to fight navigational tracking, we see that R&E community investment in testing as a way to have a strong influence in the evolution of these changes. The two issues currently unaddressed by FedCM (were we to use it as a signal to allow SAML protocol transactions) are

  1. IdP picking from a list – and the  massive scale they need to support for our in our community, –  and
  2. the hops that are implemented in many authentication flows involving hub federations, federated proxies, and proxies bridging non-compliant IdPs into the federation.

CTAB from Eric : see the in process documents

  1. BE Operations Worksheet:
    https://docs.google.com/spreadsheets/d/1vpnHA3Tb2pPnehudX7y1g0aDn4f__97XECQrKRjSUao/edit?usp=sharing 

REFEDS Assurance V2 is out for consultation, separately from the MFA Consultation. New profile is similar but not entirely backwards compatible  because of government profiles. This will match more closely with government/regulatory profiles.

SP Middlethings/Federation Proxies

About a year ago (See https://docs.google.com/document/d/1RwWn2oXJqa3YwFF_vKuTsqoJkLQ7BJ9hYFOUStbJ1IY/edit  – a document that framed the beginning of the discussion) We were addressing some of the challenges in federation participations and grew more aware of the challenges of SP Middlethings.

The TechEx community provided some push back on SP Middlethings being an issue (per the framing document).

We now have a working group report using “Federation Proxies” (using a term from NIST). See report: https://docs.google.com/document/d/1b6lGOb-OlaVSjFrmpkuR0NGhDAgNVynvXtLFqppt1Nw/edit 

More prevalent usage in Europe as federation proxies. These are mediating, changing, viewing the information. This introduces the trust issues.  The technological issues have been solved, it is more policy clarity. There ARE recommended actions for policies. There is less threat from the Research & education community – commercial ventures may have different values. There may also be a threat of erosion of fees if a proxy fronts organizations that might otherwise be members of the federation. 

Do usecases align with “The AARC Blueprint” virtual organization model? Should that be highlight? (EduCause) Should “The AARC Blueprint”  be called out? See “insight 2” – “The AARC Blueprint”  offers technological solutions – See also “insight #3”.

With commercial SPs – eg: SPs that are contracted with the specific members of the federation – how do we make clear who is really the federation member, or a platform that (SAAS) is licensed by a federation member.  This is a policy arena, and may be outside of TAC. 

There are opportunities for bad actors in this space without policy guidance. Baseline may be where these policy issues are addressed. 

Can both documents be accepted? No objections. We accept this work.

The TAC does not believe the framing document needs consultation (in particular given it’s discussion at TechEx)

Would the TAC recommend a community consultation for the final report?  

Steering would be involved after a consultation. 

Mark Rank and Judith think the report recommendations are advice to make other decisions that then should go out for consultation. Perhaps this should go into InCommons Futures? – Say on current trajectory  -and- include in the futures process.

This should definitely go to steering now. We should share this with CTAB (in particular) and CACTI for feedback.

Next steps: Keith Wessel will circulate to CTAB and CACTI, also ask to put on August Steering agenda.

Then TAC may follow up on the recommendations.

Any TNC /REFED highlights?

Heather facilitated an Evolving federation session , recordings online

Nicole’s focus was on eduRoam. “Mobility day” slides. Some InCommon opportunities in the eduRoam space. The Verifiable Credentials conversations were high level.

Mary McKee was also at TNC and notice the change in tenor to be more European focused, less global. Also, there was a  passkey discussion – Apple doing “interesting” things?

Email Updates

International Update

From Heather F.:

TNC23

REFEDS

Conferences


  • No labels