Minutes

Attendees:  Mark Rank, Steven Premeau, Eric Goodman, Keith Wessel, Joanne Boomer, Matthew Economou

Reps from other groups: David Bantz (CTAB) 

Staff / SME: David Walker, Albert Wu, IJ Kim, Dave Shafer, Steve Zoppi, Ann West, Andrew Scott

Scribes: Mark Rank, Matthew E.

Notes

Accepting that we have limited attendance

T&I Updates:

  • Next week is the eduGAIN Town Hall & REFEDS Meeting (Albert Wu and Nicole Roy from InCommon will be attending). eduGAIN charter and governance, SeamlessAccess, wallets are all topics of discussion.
  • Federation Manager update: Adding new elements of Baseline Expectations, e.g., bouncing emails, TLS scan trigger, URL checks.
  • TAC, CACTI, etc. are entitled to participate in the Component Architecture group. Primary focus in 2024 will be on documentation, packaging, and training in lieu of new feature development.  Steve Zoppi is actively soliciting input, specifically around the topic of “new features” should there be any items which must be delivered in 2024.

Recap / Post-mortem from TechEx

  • Matthew E - energized to work on the testing efforts. FedCM / W3C work is becoming more important because of the high impact
  • Mark Rank—what future engagement with SPs looks like? There’s a need here, too—better/stronger/targeted info for SPs that they can leverage, plus better expectations of them documenting their requirements/implementations
  • Albert W - More awareness for SP side, Federation testing and Federation Proxy WG fall into this. More and more inquiry into Federation Agencies. Best practices and expectation setting for fed agencies. For Commercial SPs, also documentation and also need to explore the subtle differences they have. “How is a vendor who is offering content vs how is a vendor offering a tool”. 
  • For F2F, what other areas? Gabor’s question about risk signaling. Matthew E, understanding – question is rooted in zero-trust architecture so that there is signaling about the compliance of the endpoint. Gabor’s desire is to have a health check signaled. There were also other discussions about zero-trust (via Albert). Albert mentioned discussion with Corey Lee (MS) about Zero Trust (aka “Conditional Access” in MS world) . 
  • Eric (from chat): It seems unlikely that most zero-trust infrastructures are going to be meaningful at a cross-organization/federation level.
  • Steve P (from chat): It's tangential, but my organization is struggling with the information we get (or don't get) during WebAuthN / Passwordless auths .... causing angst similar to the Zero Trust conversations…
  • Albert W - InC is a forum for general IAM advice – may need to develop positions and/or practices in some of these areas. What does an RP need to know from the IdP to accept the risk of access? 
  • Thread from Chat:
    • Matthew X. Economou  - Related to Albert's comments: I saw a slide from a federal government organization that sees "InCommon" as authenticating and proofing users.
    • Ann West  - We heard that from NASA/Project Luna this week, Matthew.
    • Albert Wu  - And that is kind of a good way to think of InCommon
    • Ann West - And ensure secure transaction/signing keys.
  • Andrew Scott: In the context of SIRTFI incident response procedures, how do we securely share security state info across org/state/national borders? Looking at RFC 8417. (Ann says see also REN-ISAC.)
  • Ann (from chat)—Just a side note, we also will have outcomes from the Futures2 planning that y’all have participated in. Don’t book all your work plan time just yet. ;)
  • Comments by Keith W - believes the open meeting went well.Certainly could have used more time but that isn’t unexpected
  • Other observations

Nominations / Election “Stuff”

  • Keith W - update, nominations have been pushed back to 10/13
  • Albert - 8 nominations for TAC
  • Will review candidates at the next call - goal to get info out in advance. Will use the same format as years past
  • Elections done before meeting before TG, also need to hold elections for chair and vice-chair

TAC Federation Proxy WG Start-up

  • Derek Elier offered to Keith W as the TAC liaison  (Albert will Flywheel)
  • Have at least 6 participation candidates
  • TAC will be sponsoring the WG
  • Will kick off after holidates

2023 Work Plan check-in

  • - paper for comment, need to plan what groups to comm out. Do we want to plan an office hours? Sub-group need to process comments and schedule office hours.  
  • On international side, John E. hosted ACAMP session on subject-id rollouts w/in UKFed. Opportunities there to coordinate rollout in a similar timeframe rather than InC going it alone.
  • No official closing date yet.  TechEx feedback is prompting some edits, e.g., what to send around affiliation.
  • already discussed
    • Keith and Albert talked about a test IdP: Any progress? 
    • Albert sees urgent need to stand up test IdP specifically for fed agencies looking to join InCommon, use REFEDS MFA and RAF, etc. Have been borrowing participant IdPs in the meantime, but doesn’t scale. Will likely take the form of InC itself building something dedicated here. Seeking input from TAC.  Other things like entity categories, subject-id, etc. would all benefit from testing. He sees InC moving ahead with some “v1” of a testbed. But what’s the more complete testbed?
    • Napkin Sketch - Brainstorming features for an "InCommon test IdP" (for key research/government integrations)
    • Mathew E has some tactical items. One big thing: get a comprehensive view of the relevant standards. What do we consider “good practice” – Would like to put together that index before the end of current TAC year. Fair amount of prior work can be leveraged. Also making an offer of resources (Matthew E has an internship for this space that can be used for some rapid prototypes). Maybe talk to intern. 
    • InCommon TAC 2023 Work Plan
    • SAML2Int and entity categories:
    • Federation proxies
    • Federation testing
    • Everything else on workplan is advisory. Stopping here.

Email Updates

CACTI Updates

From Steven Premeau,

CACTI held a public breakfast meeting at TechEx - Topic Slides are available at https://internet2.edu/wp-content/uploads/2023/09/20230920-CACTI-Open-meeting.pdf 

Next scheduled meeting is October 11th, with the primary topic being a discussion of NIST IR 8481 Cybersecurity for Research: Findings and Possible Paths Forward

REFEDS Browser Changes Updates

From Judith Bush,

REFEDS Browser Changes WG present at REFEDS and held an ACAMP session. Slides and notes at  https://wiki.refeds.org/display/GROUPS/Slides%2C+blogs%2C+and+videos

We heard back  from the community that we should continue to invest the time to watch FedCM develop but more to buy time to adopt future credentials models. 

The Working Group is having an asynchronous meeting on Thursdays in the eduGAIN slack. There are still community members attending the FedID community group to continue to poke at the FedCM API and gaps. Gaps continue to be met with "not a third party cookie problem, link decoration not in scope, will address complexity later." We intend to have a demo of FedCM calling an "intermediary" FedCM, eg the proxy, just to see what happens.

Next Meeting @ October 19, 2023



  • No labels