TAC Meeting 2014-10-02
Thursday, October 2, 2014
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT
+1-734-615-7474 (preferred) (use this number unless you pay for long distance)
+1-866-411-0013 (US and Canada) (use this number if you pay for long distance)
Access Code: 0139713#
If you are on a phone lacking a mute button, you can mute your phone via eDial by pressing ##1. To unmute, press ##1 again.
- Please review carryover action items
- InCommon Certificate Service SHA-2 update (Joe)
- A Survey of InCommon Participant Support for R&S
- "The State of Tier"
- IC-Steering-ERG-eduGAIN Working group, punch list (contains AIs for TAC)
- Update on Educause meeting (Ann)
- (your agenda item here)
- Research & Scholarship activity since September 18, 2014:
[inctac:MediaCore] applied for R&S on September 16, 2014 \[inctac:*ON HOLD*\]
- Dash Staging Instance was approved for R&S on September 20, 2014
- Dash was approved for R&S on September 20, 2014
- Syracuse University supports R&S as of September 23, 2014
- University of California-Los Angeles supports R&S as of September 25, 2014
- We are looking forward to our 100th R&S IdP! (There are 98 R&S IdPs right now.)
- LIGO is now consuming a global IdP aggregate hosted on mdq-beta.incommon.org.
- (your info item here)
Carryover Action Items
- Steve Carmody will draft a wiki page outlining the steps involved in creating a category
- John will discuss with TAC how the Google OpenID Gateway might be operated and/or funded
- TAC will develop a recommendation for the potential necessary resources for eduGAIN implementation.
- John and Steven will review the Phase 2 Recommendations and propose to TAC a list of items that need to be addressed as a result of accepting the Recommendations
- John Krienke will distribute a list of outcomes related to the MD-Distribution recommendations
- John Krienke will implement a policy review regarding whether SP registration of keys could be made optional.
- Steve Carmody and John Krienke - Take to Steering for a policy discussion the issue of maintaining/guaranteeing the strength of the trust fabric through proactive scanning and probing of entities on behalf of the federation and its participants.
- Scott Cantor will continue to push discussion of the Affiliation-Based Access category and a library services category (proposed by SWITCH) and represent the TAC’s support for both.
- Ann West will bring up with the InC-Student working group the issue of R&S attribute release and its relationship (or not) to students who invoke the FERPA opt-out.
- Tom Scavo and Tom Barton will work on making available to campuses the InCommon scripts used to identify SP’s with endpoints that are not compatible with SHA-2.
- Keith will draft a IAM Testbed working group charter for the next TAC meeting.
- TAC members will review the original strategic priorities document and propose priorities for the rest of 2014.
- Tom Barton, Chris Misra, and Nick Roy (should he accept), and one or two members of Assurance Advisory Committee (AAC) (should they accept) will develop a list of first steps that InCommon might take vis a vis future security issues like Heartbleed.
- Steve Carmody will contact Nick Roy and the AAC leadership about participating in the Heartbleed group.
- Steve Carmody will initiate the process of developing a working group to deal with the larger gateway and interfederation issues.
- Steve Carmody will compare the priorities spreadsheet discussed today with the original TAC document on InCommon strategic priorities and call out major differences
- Scott, David, and TomB will reformulate the text in section 7.2 of the FOPP. The group will also look at the text in section 9 in light of the Google Gateway and eduGAIN but that may be deemed out of scope initially.
- Ann will keep TAC in the loop with respect to the Steering group working on eduGAIN policy issues.
- InCommon staff will go back to the drawing board and discuss possible paths forward with respect to REFEDS R&S and eduGAIN.
- Steve C. will send a note to Nicole Harris asking that she accept proposed changes through the end of August.
- John K. will ask Comodo about moving to support SHA2 in the other CAs, specifically to meet a Microsoft deadline of January 2016.
- John K will ask the Metadata Distribution Working Group if they will reconvene and make a recommendation about the first step in deploying per-entity metadata.
Attending: Steve Carmody, Ian Young, Nick Roy, Chris Misra, Jim Jokl, Scott Cantor, Keith Hazelton, Jim Basney, Steve Olshansky
With: John Krienke, Nate Klingenstein, Tom Scavo, IJ Kim, Joe St Sauver
Joe St Sauver gave an update of the certificate service move to SHA2
- SHA2 deployed for SSL/TLS
- Some issues with the way Microsoft interprets SHA 512 intermediate certs, so using SHA 384.
- Activated for client certs
- Comoto working on activation for extended validation certs
- Code-signing certs – can have either SHA1 or SHA2 but not both. Moving to SHA2; those needing SHA1 can obtain by asking Comodo for an exception
A survey was sent to site admins and execs regarding use/potential use of R&S and deployment of global R&S. Tom Scavo presented the results to date and is working to analyzing those and responses to open-ended questions.
There was a discussion about TIER – specifically about two documents linked from the agenda:
TAC members are encouraged to send questions and comments to the TIER architects list to spur discussion.
Steering has developed an eduGAIN working group. Steve Carmody and Warren Anderson have joined to represent the technical side. There is a punch list that will include items for TAC to discuss. https://spaces.at.internet2.edu/display/incinterfed/eduGAIN+Punch+List
Next Meeting – October 16, 2014
2 pm ET / 1 pm CT / Noon MT / 11 am Pt