Attending
Members
- Chris Phillips, CANARIE (chair)
- Rob Carter, Duke
- Nathan Dors, U Washington
- Jill Gemmill, Clemson
- Ann Harding, SWITCH/GEANT
- Karen Herrington, Virginia Tech
- Todd Higgins, Franklin & Marshall College
- Tom Jordan, U Wisc - Madison
- Les LaCroix, Carleton College
Internet2
- Steve Zoppi
- Ann West
- Emily Eisbruch
Regrets
- Warren Anderson, University of Wisconsin-Milwaukee /LIGO
- Tom Barton, U Chicago
- Christos Kanellopoulos, GEANT
- Kevin Morooney, Internet2
DISCUSSION
- Action items here: https://spaces.at.internet2.edu/x/GoPdBg (Updated Aug 6, 2018, please review any open items)
FIM4R Gap Analysis and Recommendations Work
- Updates on latest for outreach to Inc-TAC, CTAB, TIER Component Architects –
- Introduction of CACTI-discuss list for public outreach and discussion of CACTI related topics
- FIM4R blog: https://www.internet2.edu/blogs/detail/16295
- Chris reported that outreach to get input on FIM4R has been done to CTAB, Component Architects and InCommon TAC
- CTAB is reviewing the space to see which parts are relevant
- Hoping for public dialog through the CACTI-discuss list
- Component Architecture discussion will be Wed Sept 5 at 1pm ET
- Jill will plan to join that call
- Jill and others who want to join the Sept 5 discussion, please email SteveZ to get included on the invite
The CACTI members on the call discussed themes for recommendations in the FIM4R gap analysis/response. Comments:
- IDP Proxies are filling gap for lack of institutional IDs.
- Proxies are needed due to multiple identities.
- Suggest a TIER for Research, a software initiative funded by Internet2 to bridge the gap.
- We can’t rely on young institutional IDPs
- How is this different from Internet2 running an IDP of last resort?
- Need something to pull identities together to access research
- Research SPs have Issue around getting the additional data IDPs are not releasing
- Decorating an existing identifier is what COmanage and Grouper does.
- Internet2 is implementing COmanage for that reason
- Not exactly a proxy, but it does identity linking
- We should support COmanage, it can solve guest affiliate problem campuses have
- also recognize there is some bilateral configuration
- Find test campuses to do pilot deployments of COmanage
- CILogon example
- Community needs to have discussion on how to integrate well established proxies services like CI Logon into the infrastructure
- TIER for research, as Les outlined is good
- implementation pilots (in service context) are crucial
- Aggregate into an ecosystem that can be used by wider group
- Need to suggest or define the service context
- Re federation operators running services, InCommon is trying to identify gaps that orgs have with federation
- InCommon TAC is looking at requirements for IDP as a service
- not exactly IDP of last resort, but for institutions that are not able to stand up an IDP
- Want to be flexible and agile
- Structure a way of engaging partners to provide services
- Could be a COmanage implementation and surrounding environment
- Level 2 identity is important and provides value in the InCommon federation
- What Level of security would outsourced IDP solutions have?
- We look to the community for the requirements for the services
- Mechanisms needed to make the flow easier for researchers
- At 2017 Tech Ex, researchers said they care about high value identities if they can get the attributes they need.
Reaching Service Providers
- We need to be sure service providers know how to take advantage of what we offer them
- Challenge reaching service providers
Non Web Authentication
- Non-web authentication is a gap
- Use cases are increasing
- We should evaluate how to increase representation of researchers within TIER
- Is OPENID Connect the recipe for non web solutions?
- Where is the best venue for the discussion of non-web?
- Need to know more from FIM4R authors about the origin and highest priority use cases of the non-web discussion
- Responsibility for CI Logon?
- How can we influence an institution to do things differently? Training, messaging, to home institutions.
David Walker is aggregating FIM4R response, including comments above, into a consolidated form.
Review OIDF R&E Charter for feedback
- Link to Charter: https://github.com/daserzw/oidc-edu-wg/blob/master/charter.md
- See:Topic-OpenIDConnect and OpenID Foundation
- Nathan - there are several OIDC activities at TechEx 2018https://meetings.internet2.edu/2018-technology-exchange/
- Will hear about OIDC plugin for Shib
- What are the most important talking points?
- Consistent messaging is needed
- What are the OIDC adoption strategies?
- Some want a separate infrastructure, some want bundled approach for OIDC, and there is also hybrid approach
- There is an IAM Online webinar opportunity about OIDC the week before TechEx
- Could present Introduction to OIDC deployment patterns
- Focus on education around OIDC
- Adoption strategies
- We should put forth recommendations
- Overlay of trust is not present unless the right people show up at OPENID Foundation
- We need to encourage wide participation at the OPENID Foundation
- “The market will choose” approach is happening,
- The InCommon OIDC Deployment Working Group https://spaces.at.internet2.edu/x/jJiTBg is discussing the messaging but needs to check in with InCommon TAC and other REFEDS people will be helpful
Community Reports
- MACE Dir Transition Status: Progressing
- Sunset Transition Doc https://docs.google.com/document/d/1MbsvYWA2dyQIE0fGUpzxu84ImQtwTESgB8e3VEQ_Z5w/edit#heading=h.pjiszqpbrsc4
- Proposed Requirements to transition eduPerson to REFEDS: https://docs.google.com/document/d/1rQnJFT-j7V4XsxgA4K8ozZzPVElLm_iB4cMQLXvuXn0/edit
- TechEx in Orlando:
- CACTI calls prior to TechEx: Tues Sept 4 (1st day back after Labour day), Tues Sept 18, Tues Oct 2,
- open CACTI meeting at TechEx in Orlando (Thursday, Oct 18 at lunch )
- https://meetings.internet2.edu/2018-technology-exchange/detail/1000524
Next Call: Tuesday, Sept. 4, 2018 - day after Labor Day