Action Items from Past Meetings
(AI) TAC members review the Deployment Profile WG proposal to OASIS: https://wiki.oasis-open.org/security/SAMLSubjectIDAttr
Attending: Eric Goodman, Kim Milford, Mark Scheible, Jim Jokl, Albert Wu, Tom Barton, Janemarie Duh, Keith Wessel, Mike Grady (remote)
With: Howard Pfeffer, Nick Roy, Ann West, Mike Zawacki, Steve Zoppi, David Walker, IJ Kim, Mike LaHaye, Shannon Roddy
Internet2 CEO Howard Pfeffer attended the first part of the meeting and had a few thoughts and questions, mainly focused on Service Providers and standards and standardization. Are there standards and/or processes for testing? Is there standardized software and processes? Would driving standardization trickle down and address a number of underlying issues? It seems that reliance on manual processes and lack of standardization creates a lot of work.
This led to a discussion about some of the issues and barriers to standardization, as well as current work to address some of the problems.
- Deployment Profile working group has been working on SAML2 implementation profile (adherence would help standardization and SPs and IdPs would know what to expect).
- SP Onboarding working group is just underway and hopes to develop a standard process for onboarding Service Providers
- Onboarding today varies widely depending on how the SP comes to InCommon - this is highly variable, which means the onboarding process is highly variable. In addition, commercial vendors many times expect the IdP to conform to their way of doing things
- Smaller higher ed and research organizations have steeper technical hurdles than large schools
- Some SPs don’t care about provisioning/deprovisioning, just authenticating.
Nominations and Membership
The nominations deadline is October 25.
Note that the chair is elected annually; vice-chair is nominated after that. Here is the process for selection of chair and vice-chair (Janemarie):
- Anyone who gets one or more nominations goes into pool of candidates.
- Ann/Nick review and confirms with each that they are willing to serve
- If there’s more than one person per position a ballot is created
- Simple majority elects
- If there’s only one candidate per chair or vice chair a vote is still held to ensure the nominees receive a majority vote
Trust and Identity Priorities and TAC 2018 Work Plan
There was a discussion about the anticipated trust and identity priorities for 2018 and potential items for the TAC work plan
Governance - How does TAC relate to the other governance organizations including Steering and the new CACTI and PAG? What are the input/output mechanisms and how will information be shared? As part of the answer, Ann and Steve Z summarized items from Monday’s Trust and Identity PAG meeting:
- Developing a staffing plan - the community wants certain functionality, and we need need to decide how to allocate staff, resources to meet those. This plan will likely have no short-term impact on the TAC, although it does make it a little harder to define what to do next year.
- There is a new Internet2 CEO and an increased interest from both him and the Internet2 board to provide more service to research. Staff and leadership will look at assumptions that may have changed over the last year and how to serve research.
- Ann and Steve will work with the TAC to develop a position paper of stated direction, then develop a business model for moving in that direction
- Discovery 2.0 and RA21, and MDQ (blocker to scalable adoption of MDQ by SPs as sole source of metadata)
- Real-world example from I2’s COmanage deployment: The discovery interface takes forever to load the JSON feed because there are now so many IdPs
- Attributes for collaboration
- Connecting with researchers on campuses
- Per-entity metadata
- Baseline expectations
- TIER campus success program
- Federation manager overhaul
- Sirtfi production
- Self-service entity attributes
- Enhanced RA business processes
- Increased input validation and automation of metadata submission
- Automated DCV-like process for verification of control of domains in metadata
- Evolving FM to be able to support the Baseline Expectations program
Operations is currently working on MDQ and SIRTFI. Baseline is just starting and will include likely a year of painful, manual work. Longer term we (Internet2 as a whole) needs a reporting platform.
Baseline Expectations - Tom Barton shared a draft of the roadmap for Baseline Expectations, and an overview of work to be done by various parties (InCommon operations, the AAC, and InCommon Steering).
Operational Security Review
There was a discussion about a planned operational security review of InCommon and how to bring the community into the discussion. Connecting to the chair of REN-ISAC will be key. Kim Milford mentioned that REN-ISAC is revising its membership rules, including wider participation on mailing lists and discussion groups. Both Nick and Shannon will participate in the appropriate REN-ISAC groups and engage in discussions from a trust and identity perspective.
FIM4R (Fed IdM for Research)
There was a short discussion about the recent FIM4R meeting and how TAC should become engaged.