Versions Compared

Old Version 1

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

TAC Meeting 2016-05-17 - F2F at Global Summit

Tuesday, May 17
10:00 am ET | 9:00am CT | 8:00am MT | 7:00am PT

Dial-in Information - NOTE - One-time access code for this meeting

+1-734-615-7474 (preferred) (use this number unless you pay for long distance)
+1-866-411-0013 (US and Canada) (use this number if you pay for long distance)

Access Code:  0193652#

eDial: http://edial.internet2.edu/call/0139713

SIP: sip:session_0139713@edial.internet2.edu

Pre-read Materials

The following background materials were provided to InCommon Steering Committee and the TIER Community Investor Council in advance of the 4 hour meeting on Monday May 16.

Div
stylefloat: right;
Note
TAC Minutes being taken live now!

Agenda

  1. Review carryover action items below
  2. Quick Items
    1. V2 to V3 Discussion Conclusion (notes from the discussion)
  3. Summary from monday's joint Steering/TCIC meeting (Ann, Steve Z)
  4. Evaluate, prioritize TAC 2016 Work items
    1. Possible tools for managing our work (Steve Z)
    2. Prioritize our tasks
      1. DRAFT Task list
      2. InCommon 2016 Interim Priority Setting Spreadsheet - TAC View

Ann's note (IC Planning)

We had an important meeting last week with three cios/one architect to talk about trust and identity and our analysis of the resources needed to address the external requirements/requests and internal support and development needs. It was illuminating, to say the least.

We’ll be continuing this conversation at the global summit, engaging a broader group there, but the urgency to move faster and increase sustainability and trust is palpable. Internally, we’re working on better planning so we don’t commit to doing something we can’t follow through on. That’s producing things like the draft documents that Nick sent you last week, and reading between those lines, you can see what the resources are. 

 So this is a request, really a plea, to help us provide two major things: codify at least for now, what practices organizations must support AND help us look towards the federation of the future. Below are three-ish things you can push to make this happen.

 Work items

  • Gold Star  Program – While the AAC is working on identitying some simple statements that we can use to make stepwise progress towards replacing the POP (Tom B is TAC rep on that committee), I request that the TAC continue working on my request from last year (that yielded the fed interop profile) to provide clarity on required vs recommended practices. 
    • Rationale: 1) InCommon Central is hearing two diverging opinions: BE flexible on what we require to enable organizations to support their business needs versus BE more definitive on what’s required and hold participants to that standard to enable increased collective trust and progress towards easing interoperability. The TAC is in a perfect spot to lead that community discussion and determine the appetite for conformance vs flexibility. 2) Anecdotally, it’s not clear what our practices are. Jim B, for instance, said he sends links to 9 different wiki pages to those looking to set up new VOs. 3) New diverse participant mix needs clear guidance on what to do. They don’t have time for experimentation. See #2. 
  • OIDC – Participant requirements and use cases for OIDC .
    • Rationale: We’re getting “When you support OIDC…” push from members of the community, but I don’t see a list of use cases and analysis behind the participant vs federation requirements. There are multiple gaps in federation support and I’m not understanding the trade offs here vs methodologies to support other non-web needs. Again, the TAC as the community architecture group for InCommon is in a perfect spot to engage the community on the use cases and gaps. 
  • MDQ – Participant side of MDQ and ramifications on idPs and Sps as well their requirements for the service. 
    • Rationale: One reason eduGAIN worked so well is that we had  clear documentation for participants and worked with you extensively to understand their needs. The TAC is well suited to engaging the community to understand the impact on the participants regarding MDQ and help us design processes and documentation for them and advocate with software projects (if needed) to support specific features. 
  • Membership – Finally, given this the first year under the new charter, remember the TAC must solicit and on-board new members this fall. This takes more time than you think.
Process
As we did last year, the TAC and InC Central priorities should be interleaved and presented along with AAC to Steering for their review. We’ll talk about our list at the TAC meeting next week. As you move forward in your ideas, remember you did this last year and you could start with the items on the list that aren’t yet finished:  https://docs.google.com/document/d/190rL7-K5X1ez0fNOacmz9IfoarbGrHj7YDPtVSbnFdw/edit 
On a recent call with Jim B, I learned about ORCID’s community planning process which I believe is spot on and where InCommon (and Trust and Identity) needs to go. See: http://support.orcid.org/forums/175591-orcid-ideas-forum From my point of view, this provides the transparency into how to submit ideas, get initial feedback about it’s popularity across the participants, prioritize, execute and report out. Excellent stuff. 

 Items

Carryover Action Items

  1. Paul Caskey will take charge of the goal “Making Federation Easier”

  2. Steven Carmody and Michael Gettes will develop a short white paper to document the requirements and goals related to attribute release.

  3. Ann West will develop a service-level agreement concerning the IdP of Last Resort for Leif Johansson and UnitedID

  4. Steve Zoppi, Steve Carmody, and Paul Caskey will come back to TAC in two weeks with a proposal concerning "making Shib easier;" specifically about how to leverage work already done through TIER to attract schools and individuals willing to commit to development help.

  5. Tom Scavo will run a comparison of the 47 SAML1-only SPs in the InCommon with the SAML1-only SPs currently in eduGAIN metadata.

  6. Steve Carmody will follow up with spinning up documentation around Duo deployment best practices, may be homed in MFA interop WG

Minutes

Attending:
Walter Hoehn, Michael Gettes, Tom Barton, Steve Carmody, Keith Hazelton, Scott Cantor, Janemarie Duh, Mark Scheible, Kim Milford, Jim Jokl, Albert Wu, Tom Mitchell

With:
Mike Zawacki, Nick Roy, Paul Caskey, Ann West, Steve Zoppi, Kevin Morooney, IJ Kim, Mike LaHaye, David Walker

Action Items

(AI) Nick Roy will write up strawman incident response proposal for handling vulnerable deployments listed in metadata, enumerating types of vulnerability classifications and the incident procedures for each, share with TAC for review.  Note that this strawman should include an education component and also any supporting material


...

(AI) Steve Zoppi will create accounts (at bugs.internet2.edu) for members of TAC and include them in the relevant project(s).

Shib v2 to v3 Discussion

There was discussion among a smaller group, then the full TAC, concerning ramifications of IdPs not upgrading to Shib v3 and InCommon’s role in encouraging upgrades. For example, should outdated IdP software cause any security or other types of threats, what is the federation’s plan?

It appears that the FOPP allows InCommon to develop an incident response policy that includes circumstances under which federating software may have its entity descriptor(s) removed from federation metadata (see the PA and "Software Guidelines" in the wiki). However there is a question whether the FOPP does allow this, or if it would need to change to accommodate this.

...

  • There are potentially two topics here: 1) out of date software, and 2) software actively causing a security problem. If we address 1), it should be for all types of software, not just Shib

  • An incident response plan will provide a process to address issues, and demonstrate to the community that we are prepared.


Joint Steering, TCIC Meeting

The day prior to the TAC meeting included a joint meeting of the InCommon Steering Committee and the TIER Community Investor Committee (TCIC).

...

  • Steve Zoppi - This space has changed significantly in the last 18 months. The importance assigned to trust/identity by Internet2 is the hiring of a dedicated VP. We’re in a dramatically different world, but we’re also facing changes in expectations from campuses. We’re in the next phase here, analogous to a tech startup going from release to sustainment of product. 

  • Paul - We need to be clear about our value proposition. For example, if I’m an SP why wouldn’t I just go join a free UK federation and get included in the metadata aggregate for free? We need to have messaging to address that. 


TAC Work Items

There was a discussion about evaluating and prioritizing the 2016 TAC work items, in relationship to the other processes, including TIER and InCommon overall priorities and how the landscape has changed. It will also be helpful to understand resource availability when setting priorities. Note there are two lists referred to below. One is the InCommon Priority Worksheet, developed by InCommon staff. The other is the draft TAC work list.

Some comments:

...

(AI) Steve Zoppi will create accounts (at bugs.internet2.edu) for members of TAC and include them in the relevant projects.

Next meeting

Thursday, May 26, 1 pm ET