Oct-18-2018 Open CACTI meeting at TechEx in Orlando

 Oct. 18, 2018 Open CACTI meeting 

At Technology Exchange in Orlando

12:10pm to 1:30pm ET

Oceana Grand Ballroom 11

https://meetings.internet2.edu/2018-technology-exchange/detail/10005257/

Attending

• Chris Philipps - CANARIE
• Robb Carr - Duke
• Jill Gemmel - 
• ...
• Scott Koranda - tOSU
• Michael Gettes - University of Florida
• Marteen Kramers - 
• Todd Higgins - 
• Mark Schieble - MCNC
• Les - 
• David - GEANT
• Hannah.... CERN
• Nathan Dorrs - 
• David - University of Alaska 
• Jon Miner - UW Madison
• Klaas Weirenga - GEANT 
• Matt Brookover - Colorado School of Mines
• Gabriel
• ... 
• ...
• Roland
• Niels Van Dijk - 
• Jim Basney - UIUC
• Eric... 
• Cristos... 
• Kevin Morooney - Internet2
• Ann West - Internet2
• Steve Zoppi - Internet2
• Nick Roy - Internet2
• Shannon Roddy - Internet2
• Dave Shaffer - Internet2
• Erin Murtha - Internet2
• Mike Zawacki - Internet2
• James Babb - Internet2

Agenda

Intellectual Property reminder

•  https://www.internet2.edu/policies/intellectual-property-framework/

1. Administrivia 
   1. Intellectual Property reminder  https://www.internet2.edu/policies/intellectual-property-framework/
   2. Overview of CACTI for newcomers 
   3. Looking for feedback, guidance from the community
2. Updates 
   
   1. eduPerson and MACE-DIR 
      1. Sign the yearbook poster in the ACAMP room. 
      2. Will have a sign-off ceremony. 
      3. Intend to preserve mailing list archives, other artifacts from MACE-DIR
   2. Developments around OIDC within R&E 
      1. Coverage throughout TechEx, ACAMP sessions
      2. OpenID Foundation WG created: https://openid.net/wg/rande-wg/
         1. Designed to keep track of activities within the community. 
         2. Strategic way to get R&E viewpoint into the technology
         3. Seeking feedback from community, fill in gaps in work
3. Main Business
   1. initial draft FIM4R gap assessmentundertaken by CACTI (chartered by Kevin)
      1. Consultation document available on Internet2 wiki (link here). Please lend your thoughts there. 
      2. Overview: Moving from FIM4R recommendations to assessment. 
      3. Iterative process to complete the gap analysis. Had ~10 gaps; send prioritized list to I2 with gaps to later turn into digestible recommendations. Kept working through this process and ultimately discovered the key was collaboration. 
         1. TIER components meet service need but not implementation
         2. Universities support science as part of their mission, which is a team project spanning institutions. All scientists need this.
         3. Smaller institutions don't have the resources to build a complex infrastructure but they still need to be able to participate, collaborate
      4. Worked with subgroup in CACTI to develop this document along with Nick Roy and David Walker.
      5. Recommendations
         1. Support collaboration-as-a-service. 
            1. Provide IdP-as-a-service
               1. Niels: Not surprised by this requirement for smaller orgs, but larger one wouldn't need it. Is there competition with commercial/3rd party providers?
               2. A: Competing IdP service may not support R&S, wouldn't be able to offer the level of assurance as solutions that come from academic environment
               3. Nick: Need to be clear between IdP as a Service and IdP of last resort. Niels seems to be speaking to the latter
               4. Q Klaas: Is the idea that you are concerned with attributes for all services, or just the ones the campus uses
                  1. Eric Goodman: Both in the recommendation, but IdPaaS is SAML based, talks to a school's identity server. 
               5. Q Christos: The hope that we could get away from manage individual accounts, move to federated accounts.
                  1. Chris P: Speaks to the need for clarity, similar to IdPaaS vs. IdP of last resort discussion above. Need to define the service, make the scope & function clear. 
                  2. Jill: Addresses long tail schools
               6. Q Niels: I encourage I2 to spin up a collaboration platform. You aren't the only ones doing this work - suggest looking at/participating in work ongoing in the EU (e.g. AEGIS Group) 
                  1. Jill: Yes - I2 should take a more proactive role in fostering international collaborations is a recommendation in the report.
               7. Michael: Be mindful of classifying this as a solution gear toward the "long tail" could create confusion, concern at R1 level. 
                  1. Jill: We were hoping that by raising Baseline Expectations (BE) to include FIM4R requirements in the future. Review and revise in future BE.
               8. Scott: Hesitate to be too agressive re: R&S. If we want R&S to reflect updated practices we may want to put that first. Or decide on how to future proof R&S first. Should decide which to go with. 
                  1. Scott: Example would be move between SAML versions
               9. Jim: Concerned about sentiments expressed in document that CILogin isn't sustainable. I encourage discussion on that topic. 
                  1. Jill: Agree. We were trying to be provocative, 
                  2. ...: Part of the problem is the "Post-Jim Basney" approach. If it's in the critical path then we need a roadmap for how it will be sustained by more people than just Jim. 
                  3. Gabriel:Not clear in the wording why an IdP as a service is needed.
                     1. Jill: Ok, we can look at this - part of earlier discussion and will readdress it.
                  4. Niels: If we're doing a gap analysis then need to consider the above carefully. It's a gap. 
               10. Jill: Anyone see anything missing? Or misstated? Please review the doc and reach out if you see anything. 
                   1. Scott: I think there are some assumptions about the SP side, their functionality & behavior. Could be worth calling out more explicitly. For example BE needs to be defined for SPs. 
               11. Gabriel: Oblique references made to OIDC, but isn't called out explicitly. Seems like it should be dealt with more directly. 
                   1. Chris: What's your suggestion there?
                   2. Gabriel: I get that it's a gap analysis, so I get hat some things don't need to be called out. 
                      1. Scott: Guessing the assumption is that problem right now is solved with proxies. We could just say that. We don't feel like there's a need to move all SAML architecture to OIDC. Maybe we just say that. 
                      2. Eric: Isn't this addressed by the requirement for periodic review? 
                         1. Jill: yes, I think so. Also, as Chris has mentioned that CACTI is looking at OIDC and what does it mean for the current and future architecture. Looking at schemas, etc. We don't have a path forward to recommend yet. We suggest documenting current best practices for things not handled well by SAML. 
            2. Aggregate existing resources
            3. Domesticate new appliances
            4. Create an I2 "virtual office" or "non-profit marketplace"
            5. CILogin seemed like a good fit, but needs more stable sustainability base. 
            6. Rigorous promotion of current pilots that are using COmanage to replace parent/affiliate guest account approaches
            7. Non-web applications (e.g. ssh) not well supported; focus on promoting best practices.
            8. .
            9. .
            10. .
         2. Increase focus on sustainability practices
            1. Routine assessments of Trust and Identity 
            2. .
            3. .
            4. .
      1. Q and A
   2. Call for Topics
   1. 1. What is a priority for YOU we should be talking about?