Attending
Members
- Chris Phillips, CANARIE
- Warren Anderson, University of Wisconsin-Milwaukee /LIGO
- Tom Barton, U Chicago
- Rob Carter, Duke
- Nathan Dors, U Washington
- Karen Herrington, Virginia Tech
- Les LaCroix, Carleton College
Internet2
- Ann West
- Steve Zoppi
- Emily Eisbruch
Regrets:
- Jill Gemmill, Clemson
- Todd Higgins
- Franklin & Marshall College
- Ann Harding, SWITCH/GEANT
- Tom Jordan, U Wisc - Madison
- Christos Kanellopoulos, GEANT
- Kevin Morroney, Internet2
DISCUSSION
MFA and Office 365
- Nathan reported that U. Washington is doing options analysis on adding MFA to Office365,
- Will have a discussion w Duke, and with Virginia Tech. Azure AD is an important topic.
- U. Washington hopes to publish conclusions within a few notes for community benefit
- Contact Nathan if you want to be part of the conversation
- ChrisP has presented on related topics and will be happy to share his thoughts
Latest Developments on OIDC R&E profile activity
- See the March 6, 2018 call notes for previous discussion on OIDC
- Nathan, ChrisP, Roland H, Niels and others had a call this morning on OpenID.
- This is an interesting time with OpenID Connect and OAuth on the horizon.
- Opportunity to do standards work for R&E Federations; Various projects underway
- Roland H. suggests the work take place in OpenID Foundation http://openid.net/foundation/
- How to structure a roadmap on R&E profile?
- Last week’s InCommon OIDC working group discussed this. Most endorse collaboration with OpenID Foundation for standardization of the profile. https://spaces.at.internet2.edu/x/jJiTBg
- Issue: some stigma against “edu” schemas, such as eduPerson
- So an R&E profile has some advantages
- How would we signal compliance w SIRTFI in an OIDC statement? This can be done in SAML, but how would it be done in OIDC?
- Nathan: Mapping of entity categories will need to be looked at
- our profile could emphasize the need to integrate w multilateral federation
- TomB knows people who may have an interest and who may have relevant use cases around federating
- IGTF community has use cases for an R&E profile
- Issue: mobile phones and mobile apps are not federation friendly. Virginia Tech has been interested in this use case.
- We may lose some customers by being late to the game in some areas and by users not being federation ready. But there will be many customers to come. Long tail.
- Attribute release issue is huge
- Network of trust in federations is key and we don’t get that from the social identity model of OIDC.
- Trust fabric can slow things down for federations.
- Building trust takes time. Getting organizations on board with attribute release takes time.
- How to be interoperable in edugain to increase speed?
- Hope that CACTI can help nurture/ produce more people with vision and technical depth to keep efforts moving along.
- We should look to have people able to replace those who have been key leaders who may retire.
- Next Steps on OIDC R&E profile activity
- CACTI endorses the process of putting R&E profile together under OpenID Connect Federation
- Nathan: it will be helpful to have a better definition of the OpenID Foundation effort. This will also impact the InCommon working group’s efforts and focus
- There are discussions upcoming at TNC18 about sharing resources
- REFEDs could be a venue for the dialog
- Timing:
- Roland suggests the OIDC Foundation work may take about one year.
- Nathan suggests we should target TechEx in Fall 2018 to have a draft
- There is some hurry up and wait happening and some risk of falling behind with Google, Facebook, Azure.
- Conclusions
- Would be helpful to get the leads of the various activities together for half day to figure out process for speaking with one aligned voice .
- We should create an agreement on what we want (list and roadmap) before turning the R&E profile work over to the OpenID Foundation
- Creating trust communities is key and we don’t want to sacrifice that.
- Need to queue up communication
Other
- Global Summit: CACTI is scheduled for Tuesday, May 8, 7:30AM-8:30AM
Next CACTI Call: Tuesday, May 1 at 11am ET