Minutes

Attending: Janemarie Duh, Keith Wessel, Judith Bush, Mark Rank, Matthew Brookover, Mary McKee, Eric Kool-Brown, Eric Goodman, Matthew Economou

With:  Les LaCroix, David Walker, Ian Young, David Bantz, Nick Roy, Jessica Fink, Ann West, Steve Zoppi, Shannon Roddy

Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework.

Public Content Notice - TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.

Action Items

(AI) TAC members - Please review and comment on the draft Encryption Migration to GCM Proposal

(AI) Janemarie will reach out to Tom Barton, Matthew, Heather & Ann, the five of them will determine a plan to address the NIST 800-63-4 call for comment

T/I and Ops Updates

  • Minor patches made to the new version of the Federation Manager to fix some bugs
  • Need to update middleware libraries for our integration with Cloud HSM for metadata signing. Ian Young is helping with that.
  • Filtering some uses of the OASIS SAML Subject Identifiers from eduGAIN due to misuse of requested attributes (rather than the defined entity categories) for signaling
  • First GCM default use by a Shib IdPv4 that caused interop problems. Probably need to accelerate deployment of this plan: https://docs.google.com/document/d/13I8-9nBxR9lFlRr92RDUelcRGrZfWqB4VbREpINhDrw/edit#heading=h.ssume2nc5ny7 Please review and comment.
  • Shib IdP 4 switch to more cryptographically secure mechanism
  • Syntax issue with email contacts in metadata

International Report & Seamless Access updates

The 3 proposed entity categories from Seamless Access are on the REFEDS wiki. The proposal is for the REFEDS Schema Editorial Board to take on the ongoing stewardship of these categories. There will be two sessions to learn about the proposed entity categories (June 30 and July 1- calendar invitation files are available on the wiki page listed above). There will be an eight-week consultation period (July 1 - August 26). If ratified, these will be curated by REFEDS.

Reminder: NIST 800-63-4 call for comment

  • Assurance levels will come back into play
  • Tom Barton is our rep on the Kantara review board
  • These specs would affect InCommon and participants when they interact with federal agencies
  • Baseline + MFA would go a long way towards meeting their concerns
  • (AI): Janemarie will reach out to Tom Barton, Matthew, Heather & Ann, the five of them will determine a plan to address this

Summer schedules 

  • We will have a call on July 2 since most people will be around

Prioritizing Deployment Profile WG recommendations

Keith drafted a proposed approach for deploying SAML subject identifiers in InCommon. 

  • Promote subject identifiers to IdPs as the wave of the future
  • Add it to the Federation Manager and allow SPs to start requesting it
  • They are in the IdP attribute resolver in Shib now - so this isn’t asking for a lot of work
  • When there is a reasonable adoption level (or need to raise the stakes), consider adding this to Baseline and stop talking about the old identifiers
  • The document also includes transition considerations
  • Matthew E - Would encourage IdP operators to release both old and new identifiers for a period of time, to allow SPs to adjust scripts and operational procedures

Next Meeting -  Thursday, July 2, 2020 


  • No labels