InCommon TAC Meeting Minutes - July 9, 2015
Attending: Tom Barton, Michael Gettes, David Walker, Ian Young, Scott Cantor, Steve Carmody, Mike LaHaye, Paul Caskey, Nick Roy
With: Dean Woodbeck, Tom Scavo, IJ Kim, Nate Klingenstein
Action items from this meeting
(AI) Nick Roy will send a note to TAC with a review of his meeting with Chris Phillips and thoughts on the Canadian federation’s Shibboleth installation tool.
(AI) Nick Roy will develop a small group to assess and discuss issues and concerns around TLS and the trust framework.
Action Items from the last meeting
(AI) Ann West will develop a service-level agreement concerning the IdP of Last Resort for Leif Johannson and UnitedID
(AI) David Walker will summarize the recommendation for registration information for entities registered by InCommon Stewards [DONE]
Minutes from the last meeting were approved
Tom Scavo reported on the result of a test he ran against the InCommon and eduGAIN metadata to determine the number of IdPs running Shib IdPv2 (see the PDF or Google sheet). The result shows about 77% of InCommon IdPs on v2. There were questions about the accuracy of the results, which rely on the deprecated /idp/profile/Status endpoint rather than /idp/status. Ian believes the UK federation has many more IdPs operating v2 than the percentage shown on the test results. Tom will continue to explore methods for determining the number of Shib v2 and v3 IdPs in the federation.
eduGAIN Intent Statement
Ann asked for feedback on the eduGain Intent Statement, which was recently approved by the eduGAIN Policy WG and is aimed at CIOs and high-level execs to explain the benefits and rationale of joining eduGAIN. Steering will consider approval of this document at its August meeting. There is also a communications plan (for Sept 2015-March 2016) under development, as well as an FAQ and a list of questions for organizations to consider as they consider eduGAIN participation. The intent statement, revisions to the InCommon Participation Agreement and revisions to the FOPP will be made public, with a community review period, leveraging a web-based forum for comments and questions/answers. This will be a very open and transparent process.
The MCNC K-12 pilot is intertwingled with this. There is currently K-12 information in eduGAIN, although it is not tagged as such. InCommon will work through that with eduGAIN. InCommon staff have been discussing how to communicate about the K-12 issues at the same time as eduGAIN without confusing or conflating the issues. Staff will share an outline of a communications plan with TAC.
Relaxed Attribute Release Policies
Development of relaxed attribute release policies to enable collaboration is the #1 priority on InCommon’s 2015 goal list. Making progress on this will require multiple parallel efforts. Steering has approved a policy and TAC and staff need to develop an implementation plan (which might include development of additional service category tags, sample blanket release policies, and other items). There may also be an opportunity to leverage the LAARP work and work already done by the Canadian federation. Given the other priorities this fall, the approach may be to develop the implementation plan, but defer any major push until the first part of 2016. (AI) Nick Roy will send a note to TAC with a review of his meeting with Chris Phillips and thoughts on the Canadian federation’s Shibboleth installation tool.
Metadata Signing Certificate and Fingerprint
Nick brought up a question about InCommon’s approach for distributing the metadata signing certificate and fingerprint in light of recent TLS and PKI security issues. Is a TLS-protected web site still good enough? How does this affect the basis for our trust framework? (AI) Nick will develop a small group to assess and discuss these issues and concerns.
Next Meeting July 23, 2015 - 1 pm ET