Attending

 Members

  • Chris Phillips, CANARIE      
  • Warren Anderson, University of Wisconsin-Milwaukee /LIGO  
  • Tom Barton, U Chicago   
  • Rob Carter, Duke   
  • Nathan Dors, U Washington   
  • Karen Herrington, Virginia Tech    
  • Les LaCroix, Carleton College     

 Internet2

  • Ann West   
  • Steve Zoppi
  • Emily Eisbruch   

Regrets

  • Jill Gemmill, Clemson
  • Todd Higgins
  • Franklin & Marshall College
  • Ann Harding, SWITCH/GEANT
  • Tom Jordan, U Wisc - Madison
  • Christos Kanellopoulos, GEANT
  • Kevin Morroney, Internet2

DISCUSSION

MFA and Office 365

  •  Nathan reported that U. Washington is doing options analysis on adding MFA to Office365, 

  •  Will have a discussion w Duke, and with Virginia Tech. Azure AD is an important topic. 

  •  U. Washington hopes to publish conclusions within a few notes for community benefit

  •  Contact Nathan if you want to be part of the conversation

  •  ChrisP has presented on related  topics and will be happy to share his thoughts



Latest Developments on OIDC R&E profile activity

  • See the March 6, 2018 call notes for previous discussion on OIDC
  • Nathan, ChrisP, Roland H, Niels and others had a call this morning on OpenID.
  • This is an interesting time with OpenID Connect and OAuth on the horizon.  
  • Opportunity to do standards work for R&E Federations; Various projects underway
  • Roland H. suggests the work take place in OpenID Foundation http://openid.net/foundation/
  • How to structure a roadmap on R&E profile?
  • Last week’s InCommon OIDC working group discussed this. Most endorse collaboration with OpenID Foundation for standardization of the profile. https://spaces.at.internet2.edu/x/jJiTBg
  • Issue: some stigma against “edu” schemas, such as eduPerson
  • So an R&E profile has some advantages
  • How would we signal compliance w SIRTFI in an OIDC statement? This can be done in SAML, but how would it be done in OIDC?
  • Nathan: Mapping of entity categories will need to be looked at
  • our profile could emphasize the need to integrate w multilateral federation
  • TomB knows people who may have an interest and who may have relevant use cases around federating
  • IGTF community has use cases for an R&E profile
  • Issue: mobile phones and mobile apps are not federation friendly. Virginia Tech has been interested in this use case.
  • We may lose some customers by being late to the game in some areas and by users not being federation ready. But there will be many customers to come. Long tail.
  • Attribute release issue is huge
  • Network of trust in federations is key and we don’t get that from the social identity model of OIDC.
  • Trust fabric can slow things down for federations. 
    • Building trust takes time. Getting organizations on board with attribute release takes time.
  • How to be interoperable in edugain to increase speed?
  • Hope that CACTI can help nurture/ produce more people with vision and technical depth to keep efforts moving along. 
    • We should look to have people able to replace those who have been key leaders who may retire.
  • Next Steps on OIDC R&E profile activity
    • CACTI endorses the process of putting R&E profile together under OpenID Connect Federation
    • Nathan: it will be helpful to have a better definition of the OpenID Foundation effort. This will also impact the InCommon working group’s efforts and focus
    •  There are discussions upcoming at TNC18 about sharing resources
    • REFEDs could be a venue for the dialog
    • Timing:
      • Roland suggests the OIDC Foundation work may take about one year. 
      • Nathan suggests we should target TechEx in Fall 2018 to have a draft
      • There is some hurry up and wait happening and some risk of falling behind with Google, Facebook, Azure.
  • Conclusions
    • Would be helpful to get the leads of the various activities together for half day to figure out process for speaking with one aligned voice . 
    • We should create an agreement on what we want (list and roadmap) before turning the R&E profile work over to the OpenID Foundation
    • Creating trust communities is key and we don’t want to sacrifice that.
    • Need to queue up communication

 Other

  • Global Summit: CACTI is scheduled for Tuesday, May 8, 7:30AM-8:30AM 



Next CACTI Call:  Tuesday, May 1 at 11am ET