CACTI call of Tuesday, Sept. 17, 2019
Attending
Members
- Chris Phillips, CANARIE (chair)
- Rob Carter, Duke
- Todd Higgins, Franklin & Marshall College
- Tom Jordan, University of Wisc - Madison
- Christos Kanellopoulos, GEANT
- Matthew Economou, InCommon TAC Representative to CACTI
Internet2
- Emily Eisbruch
Regrets
- Marina Adomeit, GEANT
- Warren Anderson, University of Wisconsin-Milwaukee /LIGO
- Tom Barton, University of Chicago
- Nathan Dors, U Washington
- Jill Gemmill, Clemson
- Karen Herrington, Virginia Tech
- Les LaCroix, Carleton College
- Kevin Morooney, Internet2
- Ann West, Internet2
- Steve Zoppi , Internet2
- Nick Roy, Internet2
- Jessica Coltrin , Internet2
DISCUSSION
- Internet2 TI staff at a retreat this week, staff attendance is likely to be thin
- OpenID Connect Foundation Meeting and Internet Identity Workshop
- (week of September 30, Nick and Steve likely to miss Oct. 1 CACTI meeting)
- Steve and Nick are attending - please let us know if there are topics you'd like brought up in either venue.
- Looking forward to Nordunet meeting and Hackathon. There will some activity there around OPENID Connect. 2020 CACTI Membership Process
- Looking forward to Nordunet meeting and Hackathon. There will some activity there around OPENID Connect. 2020 CACTI Membership Process
- Christos: update from GEANT:
- there is ongoing work on finalizing OPENID connect model for Shibboleth.
- Some work still required.
CACTI Membership Recruitment
- What should we say about CACTI in the solicitation to the community for new members?
- Members with terms ending at the end of 2019 to be contacted about desires to stand for re-nomination with reply by Sept 30.
- Determination of membership needs (types of representation sought or desired)
- Solicitation to be sent to InCommon Participants list, REFEDS list, EDUCAUSE IDM list on October 1. Nominations will close on October 15.
Continue prioritizing CACTI FIM4R recommendations
- Kevin has reported that the recent FIM4R meeting at FERMILAB was excellent. Good exchange of info https://indico.fnal.gov/event/21374/
- CACTI need to build on last CACTI call outcomes focusing on the 5 areas we highlighted with datapoints from mini-FIM4R (see pre-reads)
- infrastructure, services t'o end users, software dev, infrastructure as a service, and outreach and education
- Focus of conversation: to identify high priority items/quick wins in the above areas.
- Already identified large scale items challenging to achieve unless building blocks in place
- What are the next 3 things to focus on?
- How can CACTI best provide advice to Internet2 Trust and Identity and recommend top priorities out of FIM4R?
- GEANT Approach
- Christos: GEANT is creating charter for The AARC Engagement Group for Infrastructures (AEGIS), which comes after AARC, to focus on blueprint architecture
- GEANT has the architecture, but some of the tooling is missing, this is a gap
- GEANT hopes to provide more solutions that can be used out of the box
- GEANT has funding communities that directs the right people (those providing support to researcher) to the GEANT staff that has worked on solutions
- Success stories in Europe : Eduteams and EGI, tools the users can use without too much difficulty https://www.geant.org/News_and_Events/Pages/GEANT-and-EGI-join-forces-to-support-science-and-innovation.aspx
- within GEANT, there is focus on infrastructure, try to target those who help researchers do their work
- Evangelism
- Need to do more Evangelism, we need to get in front of developers and tell them what to do
- We need ambassadors to the bioinformatics developers conference, or Red Hat Conferences
- SAML2INT is helpful, we need to be able to provide more guidance around SAML assertion, many developers are not doing anything with the list of groups
- Matthew: we don’t wait for researchers to come to us, we go to the researchers
- Researchers want to be able to gather data in a seamless friction-free way, they don’t want to hear about SAML.
- Best strategy is to leverage researchers who have benefited from IAM solutions and use their stories to evangelize to the broader researcher communities.
- Researchers need a better understanding of how to “plug into” and integrate
- Working Groups
- Did CACTI ever work out the reporting relationships from the Working groups that CACTI oversees and how to get good info flowing to CACTI?
- TomJ: TIER is in maintenance mode, Campus Success Program has spun up, could be CACTI should “catch up” on the new working groups and relationships
- CACTI does not have as good a grip as might be desired on the state of the components.
- SteveZ has emphasized the architectural design story is what is most important to the community, not the individual components.
- The goal of Component Architects group is to advise with regard to Federation and InCommon members.
- CACTI could highlight where the focus should be to help the research community (eg, IDP as a Service, or proxy as an emerging strategy).
- Software stack and also set of practices are essential.
- CACTI should be reviewing roadmaps from across international organizations, GEANT, AARC Blueprint, etc.
- Availability of Guidance to the Community
- How well does info flow from the websites and wikis to interested community members on what the recommendations are?
- This is a challenge, hard to find the recommendations
- Do we need more recommendations easily available from InCommon website and wiki on how services should run?
- There’s a lot of support in IDP side for how to own and operate the IDP, but less on the SP side, Harder to provide advice for Service Providers
- Some emphasis around COmanage, Satosa, Grouper, maybe MidPoint
- A group is trying to provide more info on the Service Provider side
- The tools are flexible, but we need service providers to support external authorization
- How far should we go on guidance? Put resources towards services or towards integration layers?
- How well does info flow from the websites and wikis to interested community members on what the recommendations are?
- Keycloak
- Issues around Keycloak and its success https://www.keycloak.org/
- with Keycloak it is easier than Satosa to connect services,
- Christos has experience with Keycloak https://www.keycloak.org/
- Would be great if Keycloak could do multilateral trust
- Domestication
- There were discussions in COmanage circles around domestication
- There is a higher question, how to change the world so we don’t have to GO BACK and get things domesticated.
Topics being tracked
- New chrome SameSite policy for session cookies affecting the SAML HTTP-POST binding
Background: https://lists.refeds.org/sympa/arc/refeds/2019-07/msg00010.html - TAC is tracking and formulating thoughts on it.
- Scott Cantor believes there is very little impact from this, but load balancers where cookies contain relay state will be a much bigger problem.
- Nick tested again on 9/11/2019 with Shib IdP, SP, Ping Federate SP, Satosa and could not reproduce any issues.
- Consider this issue "closed" for now?
- Same Site Chrome browser update cause grief (Nick or maybe Nathan?)
- ID Pro (Chris has next touch point)
- Next CACTI Call: Tuesday, October 1st, 2019