Minutes

Attendees: Judith Bush, Heather Flanagan, Keith Wessel, Derek Eiler, Joanne Boomer, Eric Goodman, Steven Premeau, Matthew Economou

Regrets: Mark Rank

Reps from other groups: David Bantz, 

Staff / SME: Albert Wu, Ann West, Kevin Morooney, Steve Zoppi, Nicole Roy, Dave Shafer, IJ Kim, Johnny Lasker, David Walker, Andrew Scott

Scribes: Judith Bush, Matthew Economou

Top of Meeting Mentions

I2 component architects asked TAC to review / provide feedback in its 2024 proposed Statement of Work for the InCommon Trusted Access Platform.. 

Thank you to the three people who sent in updates:

• Sirtfi contact training – this is the tabletop exercise. Contacts verified.

FM Demo - Operationalizing BE updates

Johnny Lasker is on a tour to demo the operationalizing baseline expectations, adding features to ensure long term trustworthiness of the data.

Currently, you only know something is wrong with entity metadata if you look at it – no feedback or alerts if something changes or drifts. You can see the latest encryption in prod. Now there is a metadata health tab to check through metadata. It shows the outcome of a scan that occurs over night prioritizing recently changed data and then hitting the metadata with the least recent scans. End users can also trigger a scan.

Then there will be “are you there” emails for contacts and deliverability. 

 There is a wiki page that can explain scores. The new pages will show the history (reveal trends). 

Questions: Derek Eiler operates ~5 idps with the same contact information: the test will check a unique email once and the populate elsewhere., 

Question: Do you put all your SPs in InCommon? The “This Old House” doc suggests shifting the SA responsibility so that departments can more easily manage their own SPs. Also, we need to finish the migration to MDQ and retire the aggregates. Also we need some way to get partial collections like all IdPs that support R&S. What might we need to do to extend or standardize MDQ?

TAC Nominations and Elections

Now moving to discuss the pool of nominees for TAC elections. (Judith and Heather terms are up  and moving on;  Steve P term’s is up but nominating to continue; Eric is stepping down as part of his retirement. Leaves us with six)

Remainder of the call devoted to review of nominations.

Email Updates

CACTI Updates

From Steven P.:

In their October 11th meeting CACTI covered:

• A brief recap / review of TechEx
• NIST IR 8418 (Cybersecurity for Research: Findings and Possible Paths Forward)
• The group had an extensive discussion during the meeting. 
• The end result / action from the discussion was the creation of a shared NIST comment template document that will be formally submitted by the October 31, 2023 NIST deadline.

CTAB Updates

From Eric G.:

CTAB Meeting high-level topic overview:

• Working group updates.
• RAF 2.0 and REFEDS MFA profile both completed (MFA FAQ still under edit) and review processes ongoing.
• SIRTFI training (for Point of Contact) starts next week
• Johnny presentation on Fed Manager changes (will be shared in TAC meeting today as well)
• SUNET/eduGAIN/REFEDS Meeting (Stockholm) Debrief
• https://wiki.geant.org/display/eduGAIN/eduGAIN+and+REFEDS+Town+Hall+2023
• Wallets, Assurance, Metadata-related signaling, AuthZ in the current federated environment, othser
• REN ISAC/CISA/NSA discussions related to new IAM guidelines
• Interesting docs
• Doc notably asserts that OIDC/OAuth is “better and more secure than” SAML (without explaining reasoning)
• Recruitment/Election work
• CTAB Workplan 2024 discussions

Possible groups

• AuthZ workgroup (same topic as referenced under SUNET/eduGAIN/FEFEDS
• Baseline Expectations 3 – is there a need, and what would be included?
• RAF 2 implementation guide

International Updates

From Heather F.:

International

• The list of conferences relevant to identity continues to grow. Heather Flanagan is keeping an informal list of the ones she's hearing about here: https://github.com/fedidcg/meetings/wiki/2024-List-of-Identity-and-Related-Conferences. If you know of others that should be added, please let her know.
• Work is underway for a Global Identity Interop Summit, an invitation-only event that will bring together regulators, technologists, and identity-related not-for-profit representatives from around the world. The goal is to share knowledge and build a commitment that government-issued digital identities needs to be globally interoperable. This day-long meeting will be held in Paris in conjunction with TrustTech.

REFEDS

• The new MFA v1.2 Profile and the RAF v2.0 are both in process for ratification. The REFEDS SC is in their voting process now, with votes due by October 25.
• Slides from the REFEDS meeting held in Stockholm on October 11 are available online. This meeting focused largely on updates from federations around the world. The next REFEDS meeting will be held in conjunction with TNC24 in Rennes, France. Exact date TBD.
• The 2024 Work Planning effort for new REFEDS activities is underway. If you have ideas for what you'd like to see the REFEDS community work on, or if you want to indicate support for items already proposed, please add your thoughts to the planning page. Input is due by the end of this calendar year.

OIDC

• If you are following the evolution of the OIDC stack, you'll be interested in the next Implementer's Draft, currently out for public review, for the Shared Signals Framework. "This Shared Signals Framework (SSF) enables sharing of signals and events between cooperating peers. It enables multiple applications such as Risk Incident Sharing and Coordination (RISC) and the Continuous Access Evaluation Profile." See the OpenID Foundation website for more detail.

Next Meeting @ November 2, 2023