Notes and Action Items, AAC Call of 7-June-2017
- Brett Bieber, University of Nebraska (chair)
- Joanna Rojas, Duke
- Chris Whalen, NIH
- Ted Hanss, University of Michigan
- Ann West, Internet2
- Emily Eisbruch, Internet2
[AI] (Ann) consult with Internet2 Legal Dept. about the InCommon FOPP and InCommon Participation Agreement changes suggested for Baseline Expectations
[AI] (Brett) take the Baseline Expectations package to InCommon Steering at start of August
[AI] (Brett) talk with Kevin and Sean prior to taking the BE implementation plan to Steering
[AI] (Brett) clarify who can contact InCommon support about a concern.
[AI] (Brett) move some of the details (regarding contacts/metadata and process to notify InCommon Community) to an operational appendix in the Draft Processes to Implement and Maintain Baseline Expectations (Brett started this work)
[AI] (Ann) continue to work on the Draft Processes to Implement and Maintain Baseline Expectations
[AI] (Brett) make additional updates to the Diagram, Community Dispute Resolution Process .
[AI] (Tom and Brett) review documents to make them more generic so they could apply more broadly, such as to handle issues around tags such as R&S or SIRTFI.
[AI] (Tom) develop guiding principles for dispute resolution process
[AI] (Brett) develop thought piece for Steering regarding approach around supporting available profiles
Completed Action Items
[AI] (Brett) re-arrange Draft Processes to Implement and Maintain Baseline Expectations to lead with community aspects. (done)
Baseline Expectations for Trust in Federation
Community Assurance webinar of June 7, 2017 on Baseline Expectations Implementation
- Recording and PDF slides are here https://spaces.at.internet2.edu/x/05iTBg
- Feedback from the call was that we are headed in the right direction
- Brett would like thoughts on what worked well and should be taken to InCommon Steering for the presentation of Baseline Expectations Implementation
- The community wants to know their needs will be heard in the way Baseline Expectations is implemented
- InCommon Steering will want to understand the overall process
Baseline Expectations Website Planning
- A question was asked on the June 7 Community webinar about the Baseline Expectations website mentioned in the Baseline Expectations Implementation document in part IV. The website is planned as a way of sharing Baseline Expectations outcomes with the community.
- It would be helpful if the Baseline Expectations website included a self-check-up to an org (IdP or SP) could see if they are in compliance
- Ann: checking on the metadata would not be hard and the website could clarify how to check that. Also there could be a check in the metadata submission portal (Federation Manager).
- The idea was raised of offering an opportunity to do a “background check” on an SP or IDP to find out if they’ve been in violation.
- Ann heard question at TNC17 meeting on the process of reinstating metadata, assuming an issue has been corrected after metadata has been removed. The AAC has not addressed that yet. Perhaps it would be helpful to consult with InCommon operations on this issue. It was noted there are “blacklisted” orgs for edugain. We could look into adopting that same approach for Baseline Expectations.
- There was a suggestion to talk to REFEDs regarding SIRTFI tag being removed. Where the Security contact is not in place, it might eventually become necessary to remove an entity.
SIRTFI and other Tags
- There was discussion at TNC17 on helping organization put an incident response plan in place. There is an effort to align how organizations handle security incidents across federations and across national boundaries.
- There was discussion at REFEDs of the AARC work, REFEDs assurance profiles, including the Espresso and Cappuccino profiles.
- Q: What’s the adoption rate for SIRTFI?
- Answer: The hub and spoke federations have adopted SIRTFI. It is growing faster than R&S though it’s not at R&S levels yet.
- Info on SIRTFI from TNC17
- Hope to push SIRTFI into the InCommon Federation manager to make it simpler to self assert.
- At the May 2017 REFEDs meeting, there was a presentation on outreach on tags, with all the policies you can choose to follow and all tags on one slide : SIRTFI, MFA, etc.
- As we promote Baseline Expectations, we should mention the various tags that are available and encourage adoption of them. Baseline Expectations is mentioned in the AARC work. Once we have a full picture or what’s required to implement, we should present a case study
The group decided to move forward with a community consultation on Baseline Expectations Implementation to solicit feedback and increase transparency. It was noted that dispute resolution is a broad process for InCommon and we want to be sure the community understands the process . Ann suggested a consultation where we ask some targeted questions inquiring about the organization's ability to support these baseline expectations and their trust in the processes.
[AI] (Emily) develop consultation page on baseline practices implementation (see draft at Consultation for Baseline Expectations Implementation Plan )
Timing for Presenting Baseline Expectations Implementation to Steering
Ann noted that when the AAC presents Baseline Expectations Implementation to InCommon Steering we need to provide Steering a high level overview of the dispute process, with a reminder that these processes impact the FOPP and are a core component of what InCommon is about.
The package to InCommon Steering should address
1. How baseline expectations impact the federation operator
2. A plan for communications to the community, including webinars, and discussions on the lists .
3. Legal impact - changes to the FOPP and to the InCommon Participation Agreement will need to be reviewed and finalized. InCommon Steering must approve these changes.
It was suggested that the AAC shoudl take Baseline Expectations Implementation to Steering in August, rather than previous target of July. The target of August will allow the AAC to have a fuller project plan ready .
It was noted that communications around baseline expectations implementation should be comparable in scope to the communications around edugain.
Other Topics (for a future AAC call)
• InCommon support for REFEDS Assurance Framework v1.0 metadata attributes
• TAC working group on attribute release
• FICAM / Kantara news
AAC call: Wed., June 21 at 4pm ET