Page History

Attending

 Members

• Chris Phillips, CANARIE  (chair)  
• Marina Adomeit, GEANT 
• Tom Barton, U. Chicago   
• Nathan Dors, U Washington,    
• Karen Herrington, Virginia Tech     
• Todd Higgins, Franklin & Marshall College   
• Christos Kanellopoulos, GEANT   
• Les LaCroix, Carleton College  

Internet2 

• Steve Zoppi   
• Emily Eisbruch   

Regrets

• Warren Anderson, University of Wisconsin-Milwaukee /LIGO 
• Rob Carter, Duke  
• Jill Gemmill, Clemson  
• Tom Jordan, U Wisc - Madison 
• Kevin Morooney , Internet2
• Ann West, Internet2 

 New Action Item

{AI] (Christos) email CACTI with the name of the open AARC list looking at  scalability of trust network, etc.   (DONE)

[AI] (ChrisP) follow up with Les and Christos on next steps for URN / OID registry.

DISCUSSION

CACTI membership

• Welcome to new CACTI member Marina Adomeit  
  • Marina works for academic network of Serbia
    
  • Leading Trust and Identity services activity in GEANT
    
    • This will include development of Trust and Identity services
      
  • Hope to inform roadmaps for Internet2 and GEANT
    
  • Currently in planning period
    
  • Project phase divided into development and operations 

  •  CACTI hopes to feed input into 2019 planning process for Internet2 and GEANT.

  •  Kickoff for project planning in GEANT is in Jan. 2019

eduTEAMs  

• • Christos is the service owner of eduTEAMS
    
    • https://www.geant.org/Innovation/eduteams 
      
    • https://wiki.geant.org/display/eduTEAMS/What+is+eduTEAMS 
      
    •  eduTEAMS demo service     https://wiki.geant.org/display/eduTEAMS/Demo+Service
  • eduTEAMS has long history;  it was a number of individual components for scientific use cases: now integrated into one bundle
    
  • Wide target audience within research space
    
  • Long-term plans include expanding beyond just research space to broader campus space 
    
  • May discuss eduTEAMS more on  a future CACTI call, hopefully when KevinM and Klaas can be present on the call

eduPerson Transition to REFEDs 

• • Progressing: new list schema-discuss@lists.refeds.org & governance model recommendation @ REFEDS  below 
    
    • • Can suggests amendments
        
      • Consultation until Dec 10, 2018 https://wiki.refeds.org/display/STAN/Schema 
        

MACE URN OID Transition: https://spaces.at.internet2.edu/x/Sgi6Bw 

• Les reviewed the registries transition.
• URN and OID are low use items

• Some use by TIER
  

• URN registry delegated to other institutions

• Service that Internet2 recommends not using 
  • https://www.internet2.edu/products-services/trust-identity/mace-registries/#service-faq

• Les recommends looking at discontinuing the URN service for new URNs

•  In GEANT there is a new interest in URNs
  

...

...

• 1) if the requester institution is part of Higher Ed and
•  2) if the person requesting has authority to request for the institution 
  
• TomB offers to be the initial intake person for CACTI
  

...

• https://www.internet2.edu/products-services/trust-identity/mace-registries/#service-faq

...

Emerging Federated Id Challenges with cloud stories  

•  Azure, Multilateral trust with federated id, and eduroam
  
• Google apps for education, AWS IDM - distant #2, #3?
  
• Q: Is there a recommendation that Internet2/InCommon/others have? Is this topic in harmony with current activities?
  
• ChrisP shared an email with one site’s perspective on moving to the cloud
  

• CAS as a component for single sign-on, but then security concerns arose
  

• Nathan shared via email a diagram from IDP governance discussion 
  

• Governance decision is important
  
• Example Nathan shared centered on decision to use OAUTH
  
• Can be complicated and messy
  

• TomB: Global R&E Federated Access Ecosystem
  

• Maintain research networks and research  federations, 
  
• Must be inclusive 
  
• Use proxies
  

• What about using Shib IdP in Azure as the proxy?

1. • Setosa is the solution being used

...

• Discussion within AARC project . Looking a scalability, and issues coming up from real deployments
  
•  {AI] (Christos) email CACTI with the name of the open AARC list looking at  scalability of trust network, etc.   (DONE)
  

...

• •  It is a kind of proxy . Using Azure and Google federated with Shib. Different services tap in.  
  • Will also put some in cloud, primarily for redundancy. Like the diagram Nathan shared. Not sure the best solution
    

...

• • May recharter and reduce the scope and create practical deployment guides for using the GEANT extension or using Setosa or a proxy.  
  • Deployment guides could include patterns of deployment in the cloud. 
    

Reports from the Field  

...

• Q: Is there a role for CACTI to support this activity?
  

...

 2019 Internet2 Global Summit in DC

• March 5-8, 2019 in DC https://meetings.internet2.edu/2019-global-summit/ 
  
• How many CACTI members will be attending? ChrisP not attending.
  Decision: Likely no CACTI meeting at Global Summit 2019
  

Parking lot: Suggestions from Oct 30, 2018  CACTI  call

• • ask RolandH to give CACTI a talk on direction of OIDC and SAML as an informational session. 
    
  • Perhaps also Davide Vaghetti (GARR) 
    
  • Suggestion to put Nathan on CACTI Agenda  to give info on OIDC 
    

...