Versions Compared

Old Version 1

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

TAC Meeting 2015-10-29

Thursday, October 29, 2015
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT

Dial-in Information

+1-734-615-7474 (preferred) (use this number unless you pay for long distance)
+1-866-411-0013 (US and Canada) (use this number if you pay for long distance)

Access Code: 0139713#

eDial: http://edial.internet2.edu/call/0139713

SIP: sip:session_0139713@edial.internet2.edu

If you are on a phone lacking a mute button, you can mute your phone via eDial by pressing ##1. To unmute, press ##1 again.

Agenda

Div
stylefloat: right;
Note
TAC Minutes being taken live now!
  1. Review carryover action items below

  2. Acceptance of minutes from TAC Meeting 2015-10-15

  3. Short items

    1. Reaction to Security Contacts presentation at WISE workshop (Jim Basney)
    2. Update on the OTTO Working Group (Keith)
      1. OTTO home on Kantara: http://kantarainitiative.org/confluence/display/OTTO/Home
      2. Mailing list info: http://kantarainitiative.org/mailman/listinfo/wg-otto 
      3. Github: https://github.com/KantaraInitiative/wg-otto

      4. Keith: I mis-spoke on the call today. OTTO does have use cases, but the WG hasn’t done much of anything with them. Prior to the launch of the Kantara OTTO Working Group, a set of motivating and illustrative use case were put together by Mike Schwartz and a few others : https://github.com/KantaraInitiative/wg-otto/tree/master/docs/sources/use-cases

    3. tier-packaging – 30+ members; doodling for a call time
    4. tier data structures and apis
      1. First meeting Wednesday, Nov. 4
      2. Revising charter for inclusion in Meeting agenda email
      3. Email solicitation to Refeds for participants, if some join, add an EU-friendly 2nd meeting time
    5. FYI: Shibboleth 3.2.0 looks like it will include front-channel SLO
  4. eduGAIN
    1. eduGAIN legal update (Ann)
    2. eduGAIN technical update (Nick)
  5. Discussion
    1. recent IDPoLR email thread
    2. First draft of plan: Early Draft of a Process for Managing Assignment of Open R&S IdP Tags to Candidate IdPs 
  6. Operational Issues for TAC Consideration (Tom)
    1. Fodder for proposed TAC Ops group
  7. Adobe in InCommon: Good citizens? (see email from morning of 29-Oct)
  8. (your agenda item here)

Informational Items

  1. Research & Scholarship activity since October 15, 2015
    1. None
  2. New or updated wiki documents:
    1. Emerging Attribute Release Requirements for a future revision of the R&S spec

Carryover Action Items

  1. Steve Carmody will draft a wiki page outlining the steps involved in creating a category
  2. John Krienke will implement a policy review regarding whether SP registration of keys could be made optional. <= Ann West will review and determine whether to keep this on the list
  3. Steve, Ann, Dean and Michael will draft a proposal to address TAC member responsibilities, TAC transparency, and related processes.

  4. Steve Carmody will send email looking for a chair for the MD Distribution WG

  5. Done: Keith Hazelton and Ann West will edit the appropriate pages to make clear that URLs are as good and possibly better than URNs for entitlement values, etc. They will also add a page to the wiki that makes the case for URLs over URNs.

  6. Tom Barton will develop a WG charter re: how to coordinate incident response

  7. Paul Caskey will take charge of the goal “Making Federation Easier”

  8. Steven Carmody and Michael Gettes will develop a short white paper to document the requirements and goals related to attribute release.

  9. Those on the TAC call voted to accept the External Identities WG report. Steve Carmody will send email to the TAC list asking for confirmation from those not on the call, and also include information about next steps.

  10. Ann West will develop a service-level agreement concerning the IdP of Last Resort for Leif Johannson and UnitedID

  11. Closed: Chosen path is for IdPsoLR to join a federation that will export their metadata to eduGAIN. Keith Hazelton will follow-up on the status of a REFEDS proposal to inject an IdPoLR into eduGAIN metadata, without the IdP needing to join a federation.

  12. Steve Zoppi, Steve Carmody, and Paul Caskey will come back to TAC in two weeks with a proposal concerning "making Shib easier;" specifically about how to leverage work already done through TIER to attract schools and individuals willing to commit to development help.

  13. Tom Scavo will ensure that “per-entity metadata” is in the 2016 TAC work plan.

  14. Tom Barton will sketch some comments about how to approach the proposed draft TAC charter.

  15. TAC is asked to provide feedback on the draft charter for the Containerization/East of Deployment Working Group and ensure that it meets the needs of the federation.

  16. Tom Barton will develop a recommendation as to whether the TAC working group chartering process would be a useful process for developing a containerization working group in conjunction with TIER.

  17. Steve Carmody will talk with those who brought the containerization WG concept to TAC and seek a tighter scoping of the concept.

  18. Tom Barton will talk with Chris Hyzer about potentially participating in a containerization working group.

Minutes

Attending: Steve Carmody, Keith Hazelton, Ian Young, Scott Cantor, Tom Barton, Jim Basney, David Walker

With: Dean Woodbeck, Nate Klingenstein, Nick Roy, Tom Scavo, IJ Kim

Minutes from Oct 15 were accepted

Security Contacts in Metadata

Jim Basney recapped his Security Contacts presentation at the WISE workshop (regarding security contacts in metadata). The workshop included NREN and cyberinfrastructure people from Europe. The general response was that they need the security contact information and believe is it worthwhile to have this in metadata. There was also discussion about the need for  periodic revalidation, given that about 10% of the information goes stale in any given year. One option would be to require revalidation once a year or have the federation operator send an email to each address to make sure it is still active.

...

FYI, there are 99 out of 577 organizations that have security contacts in InCommon metadata (about 17%).

Update on the OTTO Working Group

Keith Hazelton presented an update on the OTTO working group in Kantara. The basic idea is to extend the notion of federation and metadata to the OAuth world (e.g. UMA, OIDC). They would like to learn from the lessons of the SAML community, particularly regarding federation metadata. The group has some concerns about the use of the metadat query protocol, but Scott mentioned that the protocol was designed to be extended to query mechanisms. Keith will discuss this with Ian. There are still a number of tasks ahead related to scaling, the use of JSON, and other technical issues and decisions.

TIER Working Groups

  • the packaging group is searching for a call time - about 30 people interested

  • the data structures and APIs group has its first meeting November 4. The charter is being revised and REFEDS was informed; if some REFEDS members join, an EU-friendly second meeting time will be considered
  • TIER working groups can be found via this listing: https://spaces.at.internet2.edu/display/TWGH/TIER+Working+Groups+Home

Shibboleth Info

  • Shibboleth 3.2.0 looks like it will include front-channel SLO

  • Tom Scavo reported that the federation manager supports logout endpoints. There was a discussion about creating documentation


eduGAIN

  • Steering will vote on Participation Agreement changes on Monday, Nov. 2. Official notification will go to participants on Nov. 12, then there is a 90-day period before the changes take effect (Feb. 10, 2016).There is a reverse chronological listing of technical tasks here: https://spaces.at.internet2.edu/display/inctac/eduGAIN+Technical+Update+2015-10-29
  • Key technical dates:

    • Nov 20- new FM user interfaces allowing for opt-in/opt-out

    • Jan 11 - ops begins eduGAIN migration process

    • Feb 11 - eduGAIN fully operational


There is consideration being given to Introduce a new production aggregate, idps-registered-by-incommon.xml. The simpleSAMP.php SP (which is used by eduroam-US) cannot filter metadata like can. The new aggregate would allow an SP to to restrict activities to just InCommon IdPs. There is a question about whether the federation operator should do this, or give SPs a tool to do this themselves. We also want to be sure to accommodate other organizations that add entity tags (like UC Trust).

IdP of Last Resort

There was discussion about a method of migration, should individuals start with one IdPoLR and want/need to change to another. This and other challenges, plus a plan for dealing with those, is here: https://spaces.at.internet2.edu/pages/viewpage.action?pageId=92472003

Next Meeting - November 12, 2015 - 2 pm ET