Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

InCommon Steering Committee Meeting - July 11, 2016

...

Dial-in Coordinates

(734) 615-7474, or
(866) 411-0013
PIN: 0139418#

Live minutes taken at: https://docs.google.com/document/d/1CGULcgtisSZcxViKoBtGgexz36aM99dLipCODUMSqG4/edit#

Agenda

...

...

Attending: Ann West, Michael Gettes, Von Welch, Susan Kelley, Pankaj Shah, Melissa Woo, Steve Carmody, Sean Reynolds, Ted Hanss

With: Nick Roy, Dean Woodbeck, Ken Klingenstein, Kevin Morooney

Action Items

(AI) Ann West will distribute a proposed resolution for the development of the InCommon Incident Response Policy and Procedures and Reporting Document , distribute that by email to InCommon Steering, for a vote via Wisegate.

June Minutes

Approved via Wisegate

InCommon Ops Review

Nick Roy provided an update on the InCommon Ops Review, an extensive process conducted in the summer of 2015, reviewing and prioritizing all of the aspects of InCommon operations. Steering has previously reviewed and voted on these priorities; this is a review and update.

...

This will result in a report for Steering, and will also be shared with key registrars in the AACRAO community to determine next steps. The purpose of this first step is discovering what people do; not promoting any particular policy.

InCommon Path Forward

Kevin provided background on the “deep dive” and “path forward” meetings which will wrap up this month. In May, a few community members reviewed all of the issues facing Trust and Identity in Internet2. Meetings in July are focusing on TIER (already completed) and InCommon (to be completed this week). Among other issues, the InCommon meeting will touch on:

...

InCommon management will combine the assets from all of these meetings and prepare the findings, to be shared with InCommon Steering and the TIER Community Investors Council at the September 26 meeting at TechEx.

Proposed Change - Federation Operation Policies and Practices (FOPP)

Steve Carmody brought forward a proposal from the InCommon TAC for a change in section 10.3.1 of the FOPP, giving InCommon management the authority and scope to act when the security of Federation services or the trustworthiness of the published metadata file might be impacted. One concern is with the large number (about 70%) of identity provider providers still operating Shibboleth IdPv2, which goes end of life on July 31, 2016. After that time, there will be no security updates. While there have been no problems to date, it seems prudent to be prepared.

...

Info
titleResolution: Change in FOPP

Michael Gettes moves moved and Melissa Woo seconded approving the proposed change to the second paragraph of section 10.3.1 of the FOPP. The motion passed unanimously. The second paragraph of Section 10.3.1 now reads:

If InCommon suspects any compromise or negligence on the part of a Participant, it will make reasonable efforts to contact Participant to resolve the issue. In the case of a significant security incident that poses an unacceptable risk to InCommon or other federation participants, InCommon may take immediate remediation actions commensurate with the impact of the incident.

(AI) Ann West will distribute a proposed resolution for the development of the InCommon Incident Response Policy and Procedures and Reporting Document, distribute that by email to InCommon Steering, for a vote via Wisegate.

...

...

August 1, 2016 - 4 pm ET