Minutes

Attending: Mary McKee, Jessica Coltrin, Eric Kool-Brown, Matt Brookover, Keith Wessel, Janemarie Duh, Matthew Economou, Eric Goodman, Mike Grady

With: Nick Roy, Shannon Roddy, David Walker, Dean Woodbeck, IJ Kim, Ann West, Ian Young, David Bantz, Steve Zoppi, James Babb, Albert Wu

Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework

Public Content Notice - TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.

Ops Update

  • A new version of metadata aggregator was put into production two weeks ago, allowing mixed-case scopes on import from eduGAIN, which solves a problem encountered by the Belgian federation. It also Includes a blacklist facility to ban individual entity descriptors if needed

  • On April 8 - the Federation Manager will require Baseline Expectations elements in metadata. Also self-asserted entity attributes. IdPs can self-assert R&S. Also allows easy adoption of new entity attributes. 

  • The 2018 Trust and Identity Accomplishments report was distributed today

  • BaseCAMP registration open (Aug 13-15, 2019, in Milwaukee, WI). BaseCAMP fits into work item from WG reports about increasing training opportunities.

  • MDQ preview - Based on feedback, found and fixed a container failure (now have an alarm for that), and also changed the cache time


Working Group Updates

OIDC Deployment - No report

REFEDS Federation 2.0 - Working on scenario planning - the set of questions for interviews the WG plans to do. Have categories of constituencies to target. Scheduling interviews through April and into May.

IDP as a Service WG - Wiki is up. Have an email list. Have 9 subscribers so far. Still some comments to resolve on the call for participation - planning to send next week. Provide any feedback by end of day Tuesday, April 2.

TAC/CTAB/CACTI Collaboration Update

CTAB (Community Trust and Assurance Board) - Welcome to David Bantz (University of Alaska), CTAB vice-chair. David reported that 95% of organizations now meet Baseline Expectations. CTAB is recommending actions to Steering on Monday regarding next steps with the entities that have not yet met Baseline.

CACTI (Community Architecture Committee for Trust and Identity) update (Jessica) - CACTI are interested in IdPaaS. Certification is of interest as well. Positive reactions to IdPaaS and how it might relate OIDC. Interested in collaborating on FIM4R.  CACTI plans to prioritize recommendations that InCommon should work on re: the gap analysis.

RA21 Update and Beta Plans

RA21 steering group meets weekly. There was also an RA21 meeting at Global Summit. Publishers are interested in putting the IdP persistence feature into production. The federation operators at the meeting (Internet2 and GEANT) would also like the discovery feature placed in production at the same time. Leif is working on a discovery option that federations could opt into. SUNET (Sweden) will test the persistence/discovery solution and host it, when ready, on behalf of GEANT. Internet2 and GEANT are also interested in conducting a user survey once there is experience with this new feature.

Deployment Profile WG Final Report

Keith Wessel summarized the final report from the Deployment Profile Working Group, which ran from fall 2016 until February 2019. Along the way, the WG increased its scope to making major revisions to the SAML2int profile. The final report calls out some significant accomplishments, in addition to the SAML2int rewrite. Progress was made in these areas:

  • Identifiers

  • Federated logout

  • Encryption

  • Logos in metadata

  • Error handling


The working group identified a couple of areas where the implementation profile and deployment profile don't completely align. Clock skew is one. Rhe implementation profile is vague on this, stating a reasonable value with a recommended three to five minute range. The Deployment Profile requires a maximum three to five minute range.

Next Steps and Recommendations

  • Have started the process of moving the work to Kantara for broader adoption. Keith Wessel and Walter Hoehn will co-chair the Kantara WG

  • There is a need for follow-on work and a new working group for an R&E-specific profile

  • Consider adding many of the requirements to Baseline Expectations

  • Consider adding the subject identifiers for an R&S 2.0, and perhaps to the FM

  • Aggressive marketing of many of the items - Identify a core list of what deployers should do

  • Automated tests for compliance with items in the profile


Also suggesting consideration of creating a federated applications profile and a federation operators profile.

Acceptance of Deployment Profile WG FInal Report

TAC accepted report and the recommendations, as well as the changes to the SAML2-int profile and the WG recommendation that TAC charter an effort for an R&E-specific profile.

Next Meeting - April 11, 2019 - 1 pm

  • No labels