Attending
Members
- Chris Phillips, CANARIE (chair)
- Warren Anderson, University of Wisconsin-Milwaukee /LIGO
- Tom Barton, U. Chicago
- Rob Carter, Duke
- Nathan Dors, U Washington
- Jill Gemmill, Clemson
- Todd Higgins, Franklin & Marshall College
- Les LaCroix, Carleton College
Internet2
- Kevin Morooney
- Ann West
- Steve Zoppi
- Nick Roy
- Emily Eisbruch
- David Walker
Regrets
- Tom Jordan, U Wisc - Madison
- Marina Adomeit, GEANT
- Christos Kanellopoulos, GEANT
- Karen Herrington, Virginia Tech
Discussion
Community Updates
Update on Baseline expectations deadline from Dec 2019
See background at https://www.incommon.org/federation/baseline/
Targets we set at the outset have been met.
Congrats on the hard work
Just small percentage or entities left to meet Baseline Expectations (BE) ,
about 4%, that have yet to meet BE
Soon the list of the 4% will be published to get community help in contacting those.
Community Dispute Resolution process can be used to urge that last 4% to meet BE. Final resort would be removing their metadata
CTAB is meeting weekly to work on the Baseline Expectations issues and process
Much outreach was done to achieve the success we have seen. Thanks to David Walker and Renee Shuey
Hard deadline and communications plan were helpful
Warren congratulates InCommon for the success; this marks a positive change in InCommon’s leadership in making federated identity helpful to researchers and the broader community
Other federations may take this example from InCommon and take similar steps to increase/strengthen trust fabric
Update on InCommon fee structure and feedback from Jan. 16, 2019 webinar (Kevin)
presentation: https://spaces.at.internet2.edu/x/DQJ0C
Jan 16, 2019 was webinar with Sean Reynolds, Ted Hanss, and Kevin Morooney
Presentation about proposed InCommon Fee change
Fee change had been discussed at governance level (Trust and Identity PAG and InCommon Steering) for about 10 months
Key question discussed by governance was if we were requesting enough resources to close the gap that exists
About 100 attendees at webinar
Received about 5-6 questions during webinar
There will be office hours starting this Thursday, and each week for 4 weeks, for answering additional questions
An FAQ will evolve
Hope to have a vote (by Steering?) and finalize the fee change by mid-spring 2019
Last InCommon fee increase was in 2017, that was a small increase compared to the proposed increase now
Good story to tell about the results delivered from the 2017 fee increase.
This proposed fee increase is about providing the tools for participants to operate in the Federation.
REFEDS survey and work plan available for review/suggestions
REFEDS survey is available to see the landscape – slides 24-26 may be of interest: https://geant.app.box.com/s/6fuezca89xyy4rpt7o2ikszenergd7dy
REFEDS proposed 2019 workplan is being built out : https://wiki.refeds.org/display/WOR/2019+REFEDS+Workplan
Do REFEDs priorities align with what CACTI is working on?
Priorities include MFA, OpenID Connect
CACTI has been advocating for OpenID Connect, it’s mentioned in the FIM4R response document
Issue of rechartering the OIDC WG chaired by Nathan, further down on our agenda
Tom mentioned the SIRTFI is major focus at REFEDs level
Schema management is also important, this is where eduPerson has lande2019 planning (Discussion - 20 min
Which items from FIM4R recommendations should CACTI focus on?
Facilitating roadmap planning with other groups
Open for suggestions on roadmap planning; ideas so far: have CACTI encourage cross inviting chairs to their planning sessions, have CACTI have open calls for chairs to attend?
Internet2 staff to look at the reports from CACTI, TAC, CTAB and bring questions about priorities to those groups
Albert is working on staff response to TAC, CTAB reports as well as the FIM4R response (the latter, along with Tom Barton and likely Nick)
Will share these with this group for planning purposes
Proposal to focus OIDC-Deployment working group on a deployment guide for the Shibboleth OIDC extension (Nathan)
Late 2018: Need to re-focus the WG on practical matters
https://spaces.at.internet2.edu/x/jJiTBg (current OIDC Deployment WG wiki)
Proposal: Develop practical guidance for IdP operators for various use cases:
everyday web-based apps
single page applications
native mobile and desktop apps
apps with more limited interfaces like command-line apps
Feedback has been positive
InCommon TAC last week was supportive of the idea
Next steps
Decide mechanics of putting together a deployment guide
Where should the deployment guide live and who would maintain it?
This would be IDP Operator focused, such as explaining how plug-ins are used
InCommon has had success with starting these initiative within InCommon, need to make sure the calls are at at time that works for Europe. Get people on the calls from other federations. Set up wiki page, google doc, can use GitHub, such as the (SAML profile group, chaired by Keith Wessel). Another example was the MFA work done within InCommon
Proposal is limited in scope: it’s to focus on and IDP operator taking the GEANT extension and integrating it into your IDP and deploying it for a particular application. For single sign on use case. Currently only supports bilateral. Other activities could work in parallel. This is not about guidelines for the federation operators around OIDC
TomB: in Federation 2.0 re OIDC and OAuth 2, there are potential implications for the role of federation operators. High-level architecture has evolved significantly. Used to be flow from IDP to SP; now it’s a layered ecosystem for federated access. Many use cases and stakeholders.
ChrisP: the limited proposed scope for the rechartering of the OIDC group makes sense
Should Shib UI to be configured to help facilitate the use of the GEANT extension
FIM4R Assessment next steps (Chris, David, Jill)
Consultation wiki updated with statuses (David):
Consultation for CACTI's FIM4Rv2 Assessment for Internet2 Trust and IdentitySome new comments were received yesterday from TomB, mostly clarification issues, not new topics
Group should likely meet one more time to deal with those comments.
David Walker will set up a call for Friday
Kevin shared the FIM4R response draft with Internet2 senior leadership
Looking for opportunities to communicate more broadly, interested in Trust and Identity PAG and Steering response and the resulting action plans
Kevin interested in feedback from other federation operators as well
Big Ten Academic Alliance (representing 14 institutions) has IDM committee, Kevin recently met with the two co-chairs and mentioned the FIM4R response. Hopes to get them interested.
CACTI happy to do outreach on FIM4R where it will be helpful
Albert and TomB are working on a response from Trust and Identity to the FIM4R recommendations
Update TI doc stewardship with current version, add link to consultation wiki (David)
There will be a FIM4R day at TIIME conference in Vienna on Feb 11, 2019 https://tiimeworkshop.eu/
Communication strategy for FIM4R Assessment (Ann, Kevin)
Share final FIM4R Assessment paper with TAC, CTAB, Component Architects, FIM4R group
TAC discussed this on the 1/17/2019 TAC call
TODO- Nick: Add any TAC feedback here
Webinar, invite Jim Basney to share his perspective
Next CACTI Meeting is Tuesday, February 5