Date: Fri, 29 Mar 2024 08:43:05 +0000 (UTC)
Message-ID: <1397649076.7717.1711701785312@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7716_1361791799.1711701785311"
------=_Part_7716_1361791799.1711701785311
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
InCommon Technical Advisory Committee Meeting Minutes=
h2>
March 5, 2015
Attending: Tom Barton, Scott Cantor, David Walker, Ian =
Young, Jim Jokl, Nick Roy, Jim Basney,
With: Tom Scavo, Dean Woodbeck, Steve Zoppi, Ann West, =
IJ Kim, Nate Klingenstein
New TLS Vulnerabi=
lity
https://fre=
akattack.com/=E2=80=A8
https://www.smacktls.com/#freak
There was discussion about the new TLS vulnerability =E2=80=9CFREAK=E2=
=80=9D that has been commented on this week and whether InCommon operations=
should probe whether any SPs export ciphers in the TLS handshake. The cons=
ensus was that we should inform the community prior to doing such a scan an=
d outline the benefits. This will be considered by the proposed best practi=
ce working group.
2015 Projec=
ts and Priorities
A small group has been meeting to sort through proposed priorities and d=
evelop some programmatic concepts and themes. Ann anticipates presenting a =
draft to the Steering Program Subcommittee on March 9.
=E2=80=9CUsing Other Software=E2=80=9D wiki page
Tom Scavo reported that the page has been edited after discussion on the=
participants list concerning the calling out of Active Directory. Tom will=
follow up with the participants list.
https://spaces.at.in=
ternet2.edu/display/InCFederation/Using+Other+Software
REFEDS=
R&S Migration Strategy
Tom Scavo asked for comments on the wiki page he has developed concernin=
g InCommon=E2=80=99s strategy for migrating to the REFEDS R&S category.=
https://spaces.at.internet2.edu/display/inctac/REFEDS+R=
andS+Migration+Strategy
New Entiti=
es recommendations
https://spaces.at.internet2.edu/display/NewEntities/Recommendations=
Jim Jokl presented the recommendations developed by the New Entities Wor=
king Group. Among the highlights:
- The anticipated multiple sources of new entity metadata should not chan=
ge metadata distribution practices
- InCommon should continue to provide a single production metadata
- It is anticipated that InCommon will continue to operate under one Regi=
stration Authority practice
- InCommon should sufficiently annotate entity metadata so that IdP opera=
tors and SP owners can maintain current federation behavior in the short te=
rm and subsequently make informed policy decisions as needed
- InCommon should start to place metadata generated by the Quilt Ini=
tiative for K12 entities into the single InCommon aggregate subject to some=
conditions
- There will be several kinds of entities and some may not have signed th=
e InCommon agreement directly
- If the legal organization does the equivalent of signing the PA, the re=
gistrar will be listed as InCommon
- If the organization has not signed the PA, the attribute might be stewa=
rd.incommon.org or x.regoinal.net, depending ont eh situation
- We need an attribute for underage users
- InCommon should take no special action on proxy metadata entities
- Need to make sure no one is proxying around the PA
- InCommon should provide members with a mechanism to insert additio=
nal entity attributes into the metadata to support relationships with other=
entities and organizations within InCommon and other federations.
- Unverified attributes =E2=80=93 InCommon takes no action beyond includi=
ng the attribute in metadata
- Verified attribute =E2=80=93 InCommon will need a method for documentin=
g who is asserting attribute.
- InCommon should start importing eduGAIN metadata
- Publish a cookbook for how to do Shibboleth configurations to keep curr=
ent behavior while moving to the new procedure
- InCommon should allow any authorized Site Administrator to introduce me=
tadata into the InCommon production aggregate=E2=80=9D
- The entity descriptor will be tagged with the registrar ID of the organ=
ization that submitted the metadata
- The entityID must be an absolute URL whose host part is rooted in a reg=
istered domain owned by the organization that submitted the metadata (as de=
termined by the whois database).
- Default attribute release
- Education and outreach is needed to support new entities and we need to=
push on releasing an attribute set by default
In summary:
- Metadata distribution is orthogonal to the source of content
- We need to recognize an increasing variety of producers of entities dis=
tributed through the metadata
- For different kinds of use cases, we need ways for metadata consumers t=
o distinguish the types of metadata coming through the distribution channel=
(eduGAIN, Quilt, K-12, a single university, etc)
Next Meeting - March 19, 2015 =E2=80=93 1 pm ET
------=_Part_7716_1361791799.1711701785311--