Minutes

Attendees: Bjön Mattson; Keith Wessel; Matthew Economou; Andy Morgan; Kathy Wright; Derek Eiler; Jeffrey Crawford; Jim VanLandeghem; Joanne Boomer; Grady Bailey;

Reps from other Groups: Les LaCroix (CACTI),, David Bantz (CTAB)

Regrets:Ann West, Kevin Morooney;

Staff / SME:  Andrew Scott, Albert Wu, Eric Goodman; Steve Zoppi

Scribes: Jim V, Kathy

Updates

T&I operations:

  • Scheduled maintenance for Federation Manager tonight
  • Q: Changes with federation manager - Each of the jira issues is a link. Is that for internal development use, or public.
    • A: Some are public, some are not. Primarily, developers see this content most.
  • InCommon Discovery service recommended by TAC in late 2022. Work to move towards something more modern.

Notes

  • InCommon discovery service. An early service from InCommon, but today’s version is aging and we are looking to replace it due to some issues.
    • Service providers embed a link to authenticate. It remembers the institution you come from, so you don’t have to use the pull down every time.
    • UX includes a chooser to choose your IDP. Then you sign in and MFA, and you are able to authenticate using the IDP you chose. 
    • Choices includes everything published in EDUGain or InCommon Federation. 
    • Three Modes. Standard, advanced (highly customized), and moderate, which is what we are using right now. 
    • The main challenge is that the top 5 services that use it hit us hard. Our infrastructure and code wasn’t designed to handle. Generates a lot of client side traffic. Large download and it's a problem for low bandwidth. 
    • It is older - user experience and accessibility problems. 
    • Seamless Access - A joint effort between GEANT and I2 with a number of publishers. Idea is to create a friendlier and more accessible discovery experience. Tailored to multilateral federation. A demonstration was performed to show its features. 
    • Plan is to replace our aging service using a minimalistic approach. Planned for the first half of this year on replacing the service and migrating orgs and SPs that are currently using the InCommon Discovery Service.
    • Seamless access can be used as a discovery service today. The other path is to go through the InCommon side. 
    • Seamless access had two parts - the back end API. This is used by the discovery service. We have no plan to host our own part of this. Its a global infrastructure delivery network today. No reason to host our own copy today. The front end piece we are going to host ourselves, because we don’t want to cause those applications to have to do work. We are putting up a page to mediate that experience. Running into some challenges with browsers, and currently working through them. We need this to be 24x7 mission critical, so we want to make sure it's ironclad. 
  • Futures 2:
    • It recommends a well known, planned strategic process for innovation, as well as InCommon taking a larger leadership role in the community. I do have a few general comments, though:
    • I read quickly, but I didn't spot mention of the fact that InCommon's "ecosystem" is really part of a global ecosystem and how that affects 1) who we consider stakeholders in the planning processes for InCommon, and 2) InCommon's role in the global ecosystem.
    • The report emphasizes technology product strategy, not much about policy and process. All three are necessary for federation. It may not be a big deal, as we have considered all three historically, but it probably should be mentioned.
    • I would have mentioned fostering trust as an important aspect of what InCommon does, but that's me.
    • This is a good chance to grab bleeding edge activity and direct it in a way that is beneficial to the global federations. 
    • This is aspirational and directional, but not detailed in terms of the how. What about OIDC and Zero Trust for example. 
    • Might need to add an item in the work plan to help flush out how we can help the community talk about this? 
    • Document aspires to have InCommon be a strategic leader in Higher Ed & Research in general. This is an InCommon Futures report, not just an InCommon federation report. 
    • Key Points from Chat:
    • Modernizing IAM structures and processes: People are looking at Gartner and other consultants that don’t know Higher Education. Having the Information in the Higher Education Specific space referenceable is important, because they don’t understand students and try to treat them as customers. Companies and the industry don't really address Higher Ed Specific needs. 
    • Future of InCommon/Internet 2. Would be nice if there is a consolidated resource about institutions. We have a wiki page where we maintain a list of pure institutions. 
    • Could there be a Internet 2 spinoff to be an industry analyst for Higher Ed. E.g. like a gartner for Higher education. 
  • Work Plan:
    • Might make sense to publish the first half and then update it in mid year. 
    • Federation Testing work
    • Deployment Guidance for * Access categories and SAML2Int
    • Federation Proxies (from middlethings last year). 
    • Device Security
    • Would be nice to split the work plan up into the first and second half of the year. 

Email Updates

International Updates

From Albert W.,

GEANT T&I Incubator Demo

GEANT hosted a virtual meet up show casing the various T&I Incubator projects this week. I don’t have the recordings (yet). In the meantime, these were the demo topics and links to each project’s home page:


TIIME Conference

TIIME (https://tiime-unconference.eu) is Europe’s ACAMP-style IAM unconfernece. It is happening next week in Copenhagen. FIM4R and REFEDS will both host side meetings at the event as well. REFEDS in particular will be working on its 2024 Work Plan (https://wiki.refeds.org/x/BoAZDQ; sign in might be required). Keep an eye out.


Next Meeting @ February 8, 2024



  • No labels