Regrets: Judith Bush, Mary McKee
(AI) TAC members - Review updated metadata practice statement by August 15.
(AI) Janemarie will take the Chrome SameSite policy issue to REFEDS.
Intellectual Property Reminder
All Internet2 activities are governed by the Internet2 Intellectual Property Framework.
Public Content Notice
TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.
T&I and Ops Updates
Congratulations to Jessica in her new role at InCommon/Internet2.
Trust and Identity Hackathon to be held with the NORDUNET meeting in Copenhagen. Six or so different tables/ideas. Ideas include MDQ services, SATOSA, OpenID Connect federation. Considering doing something like this at TechEx. See https://wiki.refeds.org/x/AwauAg
InCommon has signed an MOU with the Coalition for Seamless Access (formerly known as RA21). GEANT will run the technology. The next step is to define the pilot. From the InCommon perspective, this approach was designed for a specific set of service providers. We’d like the pilot to address whether this will work for all service providers. Will be looking to the TAC to drive this pilot with the community. (AI) Albert - Add this to a future TAC agenda.
Working Groups and TAC/CTAB/CACTI collaboration Updates
OIDC Deployment - Nathan Dors (chair) has found that there isn’t enough experience to work on a deployment guide. Unless the charter is revised, his recommendation is to close the group and revisit this in a year. REFEDS version of OIDC working group is being closed and the discussion moved to OASIS (https://openid.net/wg/rande/).
CTAB - Have distributed a request for input on the next round of Baseline Expectations. Looking for input by the end of the month. The community consensus process will be used to develop the next round of Baseline, based on a proposed set of requirements from CTAB. Now essentially at 100% compliance with BE. Removed 9 entities - all were inactive. Only one IdP does not meet BE, and that one is a ServiceNow test IdP that is not active.
There was a discussion in June with Brett Bieber and Jon Miner from CTAB re: displaying information about entities and organizations that is readily available. Nick Roy and Steve Zoppi have discussed this with the development team, but nothing in detail. This group will continue to meet and discuss: 1) What information will be included in the near term, and 2) how will this be displayed so it is useful but not overwhelming, and 3) long-term plan.
TAC membership for 2020
Recruiting timing - We’ve used TechEx as a discussion location, but that will not work this year given the lateness of the meeting. Jessica is creating a standard process for all InCommon advisory groups, based largely on what TAC has already done. The TAC process is on the wiki.
Leif presented on this topic at TNC. Google and others are planning to go ahead with WebAuth and login flows using a password will look strange to people. Leif advises not talking about MFA but talking about strong authentication. This has implications for the REFEDS profiles.
How should we proceed with this discussion? Janemarie discussed this with Chris Phillips, chair of CACTI. (AI) Janemarie will post in the TAC list to discuss how to proceed with the topic. The REFEDS working plan for next year will be developed soon. Proposing this topic might be good since this is a worldwide federation problem.
Chrome: SameSite policy issue
Janemarie compiled a short primer on the issue (that has been a thread on REFEDS). Chrome is moving towards a setting that tries to prevent promisuous cookie sharing across sites. In SAML, this affects RelayState in AuthN requests. There has been inconsistent experience - some have seen things break, some have tried and have been unable to break things. This is an interfederation problem. (AI) Janemarie will take this to REFEDS to suggest they create a wiki page to track services and results of testing.