InCommon TAC Meeting 2017-07-06

Action Items from Past Meetings

[AI]  Eric to start discussion thread on how to handle term endings.  Janemarie will start a google doc with some of the summary/thinking so far, share with Eric. DONE

[AI] Janemarie will reach out to Ann and talk/go from there to finalize the proposal regarding Working Group co-chairs and flywheels. IN PROGRESS

(AI) Mark will discuss the structure of the Attribute Release working group with Steering Chair Sean Reynolds.  DONE

(AI) Tom Barton will check with Jim Basney on this, as well.

(AI) Mark Scheible will revise the Attributes for Collaboration and Federation WG charter for additional review and send it to technical-discuss. DONE

(AI) Ann or Kevin talk with Klaas Weirenga from GÉANT about a presentation to TAC meeting concerning their T&I roadmap for, say, the next 3 years? <= Deferred to August

Minutes

Members Attending: Mike Grady, Jim Jokl, Eric Goodman, Mark Scheible, Tom Barton, Steve Carmody, Kim Milford, Albert Wu

With: Dean Woodbeck, Nick Roy, Ian Young, Tom Scavo, Ann West, IJ Kim, Steve Zoppi, Paul Caskey

Action Items

(AI) TAC should review the IdP strategy document (https://spaces.at.internet2.edu/x/FgrkAg)

(AI) TAC should review the information for IdPs on the wiki and consider useful additions and revisions.

Ops Update

https://spaces.at.internet2.edu/display/inctac/Ops+Update+2017-07-06

Metadata Aggregator - working on deploying v7.1. Also two versions waiting in the wings. One will implement the new policy re: entity attributes (switching to default-allow). Beyond that, there are several modifications in the pipeline - this will likely become v8. 

ADFS Issue - Dealing with an issue with ADFS4 consuming InC metadata aggregate. ADFS4 is strict on how it parses an aggregate. If there are non-unique indexes, ADFS4 chokes. Working on that. Will also need to work with eduGAIN on resolving, as well

FM Bug - The FM dev team found an issue with creation of duplicate ACS index values in SP metadata. The FM uses optimistic record locking. When more than one person edits an SP at the same time, or one person has multiple SP edit pages open for the same SP, the problem can occur.

Standby Metadata Server Move - The standby metadata server is moving from Indiana to the data center in Los Angeles. The LA server has been deployed. Ops is working on a deployment plan on the move, including communications to inc-ops-notifications. Transition should be complete mid-August

Trust and Identity Updates

• Architects meeting in Denver in two weeks

• New project manager Erin Murtha has started

• Have hired new DevOps and Security staff members - announcements forthcoming

FM Update

• Had planned a release end of this week or early next week. The first visual evidence to customers. Because of the non-unique index issue, the release is delayed (probably two weeks to an FM release).

• Future release will allow some self service (such as execs maintaining their site admins/roles) and other changes

2018 Nominations Process

• Timeline - https://spaces.at.internet2.edu/x/SpGTBg

• Process kicks off September 1, with the roster finalized by November 9

Working Groups

• Announcements have gone to technical-discuss

• Discovery 2.0 - REFEDS steering meeting will meet July 12 concerning this year’s work plan and is expected to discuss Discovery 2.0. Should REFEDS create a working group, InCommon should participate in that. There is some urgency if something is to be done in conjunction with the next Shibboeth SP release (which will be end of the year)

• There was discussion of the RA21 project, which is addressing the same general issue. There is a pilot planned (Leif is the contact person). Ra21.org is the website

IdP as a Service

The topic of potentially providing IdP as a Service came up on the TIER Packaging Working Group call, as they discussed making Shibboleth easier and developing a GUI for Shib. This seems to be a better fit with InCommon. Several ideas/issues were discussed:

• Would it make sense for InCommon to operate such a service?

• Should InCommon develop a document to help clarify issues for campuses considering outsourcing their IdPs? Examples would be minimum expectations of the vendor, portability, support for InCommon profiles, and support for importing a metadata aggregate and/or per-entity metadata distribution. Such a document could be a cookbook and/or something that a campus could use as part of an RFP.

• Another option might be offering a “container as a service” based on the TIER Shibboleth Docker container

Reference: InCommon Software Guidelines

Reference: Technical Basics for IdP Operators from Alternative IdP WG Report: https://spaces.at.internet2.edu/display/InCFederation/Recommended+Practices#RecommendedPractices-TechnicalBasics.

The webinar covered these 9 questions:

1. Where is it hosted?

2. Is there any vendor lock in?

3. Do you have full control?

4. How easy is it to set up and what maintenance are you responsible for?

5. Can you host onsite?

6. How flexible is the solution?

7. Are statistics provided?

8. Is there support to set up 3rd party SPs?

9. Does the service have a reliable track record?

(AI) TAC should review the IdP strategy document (https://spaces.at.internet2.edu/x/FgrkAg)

(AI) TAC should review the information for IdPs on the wiki and consider useful additions and revisions.

Next Meeting - July 20 - 1 pm ET