Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

CACTI call of Tuesday, Sept. 17, 2019

 

Attending

Members

  • Chris Phillips, CANARIE (chair) 
  • Rob Carter, Duke   
  • Todd Higgins, Franklin & Marshall College   
  • Tom Jordan, University of Wisc - Madison    
  • Christos Kanellopoulos, GEANT    
  • Matthew Economou, InCommon TAC Representative to CACTI 

Internet2 

  • Emily Eisbruch  

Regrets

  • Marina Adomeit, GEANT
  • Warren Anderson, University of Wisconsin-Milwaukee /LIGO 
  • Tom Barton, University of Chicago   
  • Nathan Dors, U Washington  
  • Jill Gemmill, Clemson  
  • Karen Herrington, Virginia Tech    
  • Les LaCroix, Carleton College  
  • Kevin Morooney, Internet2  
  • Ann West, Internet2   
  • Steve Zoppi , Internet2   
  • Nick Roy, Internet2 
  • Jessica Coltrin , Internet2  

 DISCUSSION

  •  Internet2 TI staff at a retreat this week, staff attendance is likely to be thin
  • OpenID Connect Foundation Meeting and Internet Identity Workshop 
    • (week of September 30, Nick and Steve likely to miss Oct. 1 CACTI meeting)
    • Steve and Nick are attending - please let us know if there are topics you'd like brought up in either venue. 
      • Looking forward to Nordunet meeting and Hackathon. There will some activity there around OPENID Connect. 2020 CACTI Membership Process

  • Christos: update from GEANT: 
    • there is ongoing work on finalizing OPENID connect model for Shibboleth.
    • Some work still required. 

CACTI Membership Recruitment  

    • What should we say about CACTI in the solicitation to the community for new members?
    • Members with terms ending at the end of 2019 to be contacted about desires to stand for re-nomination with reply by Sept 30.
    • Determination of membership needs (types of representation sought or desired)
    • Solicitation to be sent to InCommon Participants list, REFEDS list, EDUCAUSE IDM list on October 1. Nominations will close on October 15.


Continue prioritizing CACTI FIM4R recommendations

  • Kevin has reported that the recent FIM4R meeting at FERMILAB was excellent. Good exchange of info https://indico.fnal.gov/event/21374/
  • CACTI need to build on last CACTI call outcomes focusing on the 5 areas we highlighted with datapoints from mini-FIM4R (see pre-reads)
    • infrastructure, services t'o end users, software dev, infrastructure as  a service, and outreach and education
    • Focus of conversation: to identify high priority items/quick wins in the above areas.
    • Already identified large scale items challenging to achieve unless building blocks in place

    • What are the next 3 things to focus on? 
    • How can CACTI best provide advice to Internet2 Trust and Identity and recommend top priorities out of FIM4R?
  • GEANT Approach
    • Christos: GEANT is creating charter for The AARC Engagement Group for Infrastructures (AEGIS), which comes after AARC, to focus on blueprint architecture
    • GEANT has the architecture, but some of the tooling is missing, this is a gap
    • GEANT hopes to provide more solutions that can be used out of the box 
    • GEANT has funding communities that directs the right people (those providing support to researcher) to the GEANT staff  that has worked on solutions
    • Success stories in Europe : Eduteams and EGI, tools the users can use without too much difficulty https://www.geant.org/News_and_Events/Pages/GEANT-and-EGI-join-forces-to-support-science-and-innovation.aspx
    • within GEANT, there is focus on infrastructure, try to target those who help researchers do their work
  • Evangelism
    • Need to do more Evangelism, we need to get in front of developers and tell them what to do
    • We need ambassadors to the bioinformatics developers conference, or Red Hat Conferences
    • SAML2INT is helpful, we need to be able to provide more guidance around SAML assertion, many developers are not doing anything with the list of groups
    • Matthew: we don’t wait for researchers to come to us, we go to the researchers
    • Researchers want to be able to gather data in a seamless friction-free way, they don’t want to hear about SAML. 
    • Best strategy is  to leverage researchers who have benefited from IAM solutions and use their stories to evangelize to the broader researcher communities.
    • Researchers need a better understanding of how to “plug into” and integrate
  • Working Groups
    • Did CACTI ever work out the reporting relationships from the Working groups that CACTI oversees and how to get good info flowing to CACTI?
    • TomJ:  TIER is in maintenance mode, Campus Success Program has spun up, could be CACTI should “catch up” on the new working groups and relationships
    • CACTI does not have as good a  grip as might be desired on the state of the components.
    • SteveZ has emphasized the architectural design story is what is most important to the community, not the individual components. 

  • The goal of Component Architects group is to advise with regard to Federation and InCommon members. 
  • CACTI could highlight where the focus should be to help the research community (eg, IDP as a Service, or proxy as an emerging strategy).
  • Software stack and also set of practices are essential.
  • CACTI should be reviewing roadmaps from across international organizations, GEANT, AARC Blueprint, etc.  

  • Availability of Guidance to the Community
    • How well does info flow from the websites and wikis to interested community members on what the recommendations are?
      • This is a challenge, hard to find the recommendations
      • Do we need more recommendations easily available from InCommon website and wiki on how services should run?
    • There’s a lot of support in IDP side for how to own and operate  the IDP, but less on the SP side, Harder to provide advice for Service Providers
    • Some emphasis around COmanage, Satosa, Grouper, maybe MidPoint
    • A group is trying to provide more info on the Service Provider side
    • The tools are flexible, but we need service providers to support external authorization 
    • How far should we go on guidance? Put resources towards services or towards integration layers?

  • Keycloak
  • Domestication
    • There were discussions in COmanage circles around domestication
    • There is a higher question, how to change the world so we don’t have to GO BACK and get things domesticated. 

Topics being tracked

  • New chrome SameSite policy for session cookies affecting the SAML HTTP-POST binding
    Background: 
    https://lists.refeds.org/sympa/arc/refeds/2019-07/msg00010.html
  • TAC is tracking and formulating thoughts on it.
  • Scott Cantor believes there is very little impact from this, but load balancers where cookies contain relay state will be a much bigger problem.
  • Nick tested again on 9/11/2019 with Shib IdP, SP, Ping Federate SP, Satosa and could not reproduce any issues.
  • Consider this issue "closed" for now?
    • Same Site Chrome browser update cause grief (Nick or maybe Nathan?)
    • ID Pro (Chris has next touch point)

  • Next CACTI Call: Tuesday, October 1st, 2019