Minutes

Attendees 

Judith Bush; Keith Wessel; Heather Flanagan; Eric Goodman; Steven Premeau; Marina Krenz; Derek Eile; Joanne Boomer

Reps from other groups: David St Pierre Bantz (CTAB)

Staff / SME: David Walker; Steve Zoppi; Albert Wu; Kevin Morooney, Dave Shafer, Nicole Roy

Scribes: Judith, Eric, Steve

Agenda Bash + request for notable working and advisory group updates

Albert asks for minutes approvals

T&I/Ops update: none

Kevin M asks for feedback – Trusted CI is soliciting feedback on its proposed 5 year strategic plan. Follow up in Slack.

Update from Judith:

• Demo https://www.youtube.com/watch?v=uI1nFFKHecY
• New model assumes that your IdPs are pre-authorized to your browser. You can’t select the IdP as part of the login flow. 
• (This would include things like Duo MFA challenge that is redirected from the IdP)
• Lots of stuff can break from this. 

(5 min) Updates from Quarterly cross-chairs meeting

Of note:

• Elections are coming up and we will be opening up nominations (before our next TAC call) in a couple weeks. Shortly after TechEx (Keith is uncertain) we will have time to review the nominees. Some discussion about how nominees' information will be gathered: Interviews? Questionnaire? Video statement? There will be  a new web platform for the process, with some streamlining.
• There is a “This Old House” style review looking at all InCommon processes and what needs to be modernized to addressed. Comments and feedback welcome.
• The process document may inform next year’s agenda, please consider and communicate with Heather & Keith 

(10 min) Draft charter for next Federation Proxies WG

• Taking the report "Formalizing the Role of Federation Proxies within the InCommon Federation,"  (that includes policy proposals for addressing Federation Proxies) to Steering next meeting, just before TechEx. Assuming the report is accepted, we want to have a working group charter approved so that we can get participation at TechEx.

• Thoughts
• Fine charter, relevant while looking at CILogon and evaluating use
• https://docs.google.com/document/d/1b6lGOb-OlaVSjFrmpkuR0NGhDAgNVynvXtLFqppt1Nw/edit
• Also proposed to run this by CTAB for comment (as it’s turning into policy as much as technical discussion)
• With no other comments, we accept this as a charter.

(remaining) SAML2Int report out | next steps

• (reminder) Looking to prep this for TechEx presentation
• Deployment Guidance for * Access Entity Categories
• From the SAML2Int  deployment spec went to the three entity categories because of a common consideration on the implementation and adoption of subject identifiers. 
• The doc does two things: how to interpret and support these as entity IDs -AND- advocating offering these as attribute bundles. There are recommendations for implementation of the attributes.
• The one doc will be expanded and cross linked as wiki pages so there isn't a narrative flow. 
• There are three dimensions
  • We add eduperson entitlement because affiliation isn’t authorization, but affiliation is frequently (mis) used for that purpose.
• The entity categories
• The roles of federation, SP, and IdP implementers
• The attributes themselves
• Request: is the interpretation of the attributes accurate? Note that for subject identifiers complete guidance on migration is not complete.
• Goal to be able to discuss at TechEx to announce the direction – eg (requiring) support for deployment profile, entity categories.
• Another goal: create demand for subject IDs 
• Discussion about handling affiliation, etc.

Email Updates

International Updates

from Heather F:

International

• In case you're in budget mode and want to know what conferences are happening and when in 2024, this list may help: https://github.com/fedidcg/meetings/wiki/2024-List-of-Identity-and-Related-Conferences

REFEDS

• The consultation for the REFEDS Assurance Framework v2.0 was extended to run through 15 August. Please take a moment to review the materials and add your comments to the consultation page. Note that a note that indicates support is entirely welcome; it lets the group know the material has been seen.
• The next REFEDS meeting will be concurrent with the eduGAIN Town Hall in Stockholm October 10-11. Registration is now available: https://events.geant.org/event/1428/

Other news

• Did you see Google's announcement that they'll be turning off third-party cookies for 1% of all Chrome users starting in Q1 2024? (See https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/ and https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline) . This is going to give Google necessary information on how badly things will break, but it will also make for what looks like intermittent, irreproducible errors for support teams. Make sure your librarians know about it!

CACTI Updates

from Steven P:

CACTI is next scheduled to meet next Wednesday, August 16th.  Current agenda for the meeting includes the following main topics:

1. Discussion and approval of final report of the Linking SSO Systems Working Group (with Etan Weintraub and Brian Arkills, co-chairs)
2. Report-out on next steps for RADIUS security from the eAC (Rob Gorrell) 
3. Next steps with NIST
4. Brain-drain / community challenges open discussion

CTAB Updates

from Eric G:

CTAB discussion this week had two main foci:

1. An update from (and discussion about) the Cross-Chairs meeting about how InCommon engages with campus communities.

• Many thoughts about how it might be appropriate to change some of those engagement approaches/processes InC users to engage with members.
• Discussion was lively, but it also sounds like there was a formal document outlining the discussion to come, so I won’t try to replicate the detail here.
1. Next steps for Federation Maturity.

• Three areas appear to have jumped to the top of the “priority list” for focus here (based on discussions during previous weeks):

1. Entitlement management
2. Federation Suport/value for smaller (non-R1) schools
3. SaaS providers’ conflicting models for identity (relative to InC model)

• Discussion on the call focused on Entitlement management.

1. Key takeaway was that there are still questions about what the goal state of any Entitlement practice would be.
2. We all understand the general idea of “making access management better in a federated environment”, but specific use cases we are trying to solve (with detail about what we are looking to get out of the solution) could use better clarification.
3. (There was lots of other discussion here as well, but I think that was the biggest point of agreement)

Next Call @ August 24, 2023