Minutes

Attendees: Keith Wessel, Joanne Boomer, Steven Premeau, Eric Goodman, Derek Eiler, Mark Rank, Judith Bush

Reps from other groups: David St Pierre Bantz (CTAB)

Staff / SME: David Walker,  Albert Wu, Ann West, Kevin M., Dave Shafer

Scribes: Joanne Boomer, Eric Goodman

  1. Agenda Bash + request for notable working and advisory group updates

    1. Update on Futures work - internal staff kickoff tomorrow. Meeting with Steering and then coming back to us on how we can participate.
    2. Certificate Service update - if you are interested or have strong opinion of service please volunteer to participate.  Will survey community for most used use cases.  Using this to develop a program with Sectigo and business opportunities.

  2. Request for feedback - Proposal For a Change to Use of Certificate Pinning in InCommon Metadata Signing Processes v0.3

    1. When publishing metadata we have to retrieve unsigned metadata, we have relied on certificate to trust metadata.  Moved up the chain to the intermediate cert, but they are changing that now, so will change this approach completely. Instead use its own certificate to sign metadata.  Message level encryption between unsigned metadata in database and document that will be signed with the cert that we use to validate.  This is strictly internal for the two systems that exchange the unsigned metadata.
    2. Comments: Good that you’re using Amazon key management service. Elegant use of Amazon AMS service.  
    3. No concerns from TAC, approved.

  3. Thoughts from the NIST presentation at CACTI (open discussion)

    1. NIST is actively working on it and received a lot of feedback and held two additional workshops yesterday.
    2. Looking at emerging technology and how it’s affecting Remote proofing
    3. Connecting with their international counterparts, i.e. work coming out of the EU and attempting to align.  Some recognition that these standards need to be on par with one another to be scalable.
    4. They don’t feel they have the authority/power to direct federal agencies on how to implement this.  They view themselves as a body to provide guidance but not enforce it.
      1. This has historically been a problem with NIST standards.  The fact that they are calling it out is progress.
    5. CACTI? Discussion - comments about good engagement. Verifiable credentials. 
    6. Ann had a conversation with NIST about engaging with the community at TechEx, and they and/or other NIST folks may try to attend.

  4. TechEx Prep (Keith)

    1. Face-to-face meeting - traditionally have used face to face to look ahead to next year, but it will only be September.  What should we talk about and should we consider having it open.

      1. Futures as part of community engagement
      2. Having it open could also be good as a semi-recruiting tool (in the sense that potential candidates can participate and get a sense of what the meetings and work are like)
      3. Could be good timing to get community input on workplan review (2023) and planning (2024). 
      4. Agenda: Recap what we’ve been working on and get feedback for next year.

    2. combined committee update session

      1. https://internet2.edu/2023-internet2-technology-exchange/program/abstracts/#scalablefederation
      1. Session Abstract:
      2. Presenting updates and potential changes with CTAB.
      3. Giving context on what CTAB and TAC do and how they relate to the rest of the InCommon community. 
      4. Talk about underlying themes across items instead of just work packages.  Help those that haven’t been involved get a sense of what’s going on (i.e. SP middlethings).  Underlying thread of re-examining federation to make sure it’s still relevant with what’s coming.
      5. Touch on what we’ve had been doing with work plan and how it meshes together.  
      6. What are the things we need to pay attention as a federation/community in the next 5 years.

    3. entity category / SAML2 deployment guidance 

      1. https://internet2.edu/2023-internet2-technology-exchange/program/abstracts/#entitycategories 
      1. Session Abstract:
      2. Mix of what are these 3 entity categories & why they exist & original concept. Pal introducing categories as an editor.
      3. TAC - talk about deployment guidance of these entity guidance within the federation.
      4. Subgroup has concluded recommendations for entity categories, so they will be ready for TechEx.  Discuss at next 

    4. Recruiting

      1. Nominations for next year will be opened up in August until beginning of October
      2. See commentary about about a F2F session’s utility in recruiting
    5. ACAMP
      1. Entity categories
      2. Protocol agnostic/decoupling

Email Updates

CTAB Updates

From Eric G.:

Two main topics covered in the 2/25 CTAB meeting

  • Discussion around CACTI/NIST IAM Roadmap
    • This was really a discussion of the CACTI discussion, so most of the relevant detail should be in the CACTI update
  • Discussion of top priorities in federation maturity
    • Good conversation; most of the detail will be captured in the larger agenda.
    • A lot of focus on what aspects of RE/Mesh federations provide capabilities vendors realistically need and value (as compared to emerging vendor models of IAM email-based integration)
    • This was mostly focused on interop/best practices/evolving directions for supporting IAM integration with SaaS vendors.

CACTI Updates

From Steven P.:

(Once again, I thank the CACTI scribe(s), as I was pulled in too many directions last Wednesday to occupy a zoom square during the meeting.)

In their meeting last Wednesday, CACTI spent half of the meeting in a conversation with six representatives from NIST (to which TAC was invited, and recapping is on our agenda today).

The other half of the meeting was spent with Sara Jeanes, the product manager for eduroam and the certificate service, regarding the future of the certificate service.

If you have strong opinions on the certificate service volunteer (or risk being volunteered) for the service advisory group - https://incommon.org/news/incommon-certificate-service-advisory-group-launch/

"Browser Changes" Updates

From Judith B.:

In keeping https://wiki.refeds.org/display/GROUPS/State+of+browser+privacy+evolution up to date, we have added information about “Google's Web Environment Integrity API “ and added a section about “Robot identification” under privacy initiatives.

Phil Smart has provided a new demo of the UX of FedCM linked from the https://wiki.refeds.org/display/GROUPS/Slides%2C+blogs%2C+and+videos page at the top.


2023-07-27

YouTube video (48 s)

Philip Smart  Chrome Canary 117 demo of FedCM requiring the new user's sign-in status to be set by the IdP origin .

Folks are making progress on making it easier to test and experiment with FedCM: hope to eventually have pointers to deployed environments and docker repositories. See  https://wiki.refeds.org/display/GROUPS/Testing+and+experimenting+with+FedCM

Next Call @ August 10, 2023



  • No labels