Minutes

Attending: Janemarie Duh, Mark Rank, Eric Kool-Brown, Keith Wessel, Heather Flanagan, Matthew Economou, Mary McKee, Eric Goodman

With: Ian Young, David Walker, David Bantz, Steve Zoppi, Ann West, Shannon Roddy, IJ Kim, Albert Wu, Dave Shafer, Kevin Morooney


Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework.

Public Content Notice - TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.

Ops Update

Enforcing the attribute type syntax for email elements in MDUI contact

This is a proposal to bulk change all contacts in InCommon metadata to use the correct "mailto:" scheme. Upon approval, Ops would develop a plan to communicate a date for a bulk change to all InCommon participants and eduGAIN federation operators. On that day, InCommon would do a special metadata publication process where we temporarily disable the normal diffs (because they will be so big, they will be effectively useless) and bulk update all contacts in metadata to use the 'mailto:' scheme. At the same time, we’d publish a new version of the Federation Manager application, which would use the new scheme on all new/modified contacts in metadata.

On a unanimous voice vote, TAC approved bulk updating InCommon metadata to use the correct 'mailto:' scheme in front of all contacts in metadata

Handling SAML subject identifier requests from eduGAIN entities

Recently, we noticed that we were removing a few entity descriptors for SPs published in eduGAIN because they used incorrect/undefined mechanisms to request the OASIS SAML Subject Identifiers. The profile defines use of exactly one of four different entity attribute values to request these identifiers (pairwise-id, subject-id, any, none). The offending SP metadata was using RequestedAttributes with varying attribute names and nameFormats (the incorrect nameFormats are most problematic here). The recommendation from Ops is to modify InCommon's eduGAIN filtering to allow these requestedAttribute values, only so long as they are not isRequired="true", but we WARN on them. That is, if there are RequestedAttributes, we check for the presence of the appropriate identifiers and warn the user if they are not present. More info is in the inc-meta GitHub Enterprise project.

TAC agrees with Nick’s proposal (i.e., there were no objections)

International Updates

  • Identiverse Conference has been excellent. Sessions are recorded and are free.
  • Error handling consultation in REFEDS just finished steering committee approval, so that spec is in place
  • Entity categories consultation will be announced this week. Nicole Harris will run this consultation.

NIST Call for Comments

A subgroup of TAC will review the relevant federation part of the spec. (Ann West, Heather Flanagan,  Matthew Economou, Tom Barton, Janemarie Duh, Keith Wessel)

Deployment Profile Work Recommendations

Last time, TAC looked at the proposal for subject identifiers

  • Albert and David Walker are documenting the different facets of identifiers and defining them. This includes comparing the new with the old identifiers.
  • Communication is key. TAC will need to outline the rationale, as well as a recommended migration path.
  • This will be a long-term project
  • We need clarification on who will be responsible for what
    • Also will involve CTAB chair - broader communications about Federation-related activities and plans
    • TAC will describe the value proposition
    • InCommon Ops will make necessary changes to Federation Manager
    • InCommon staff can help with the mechanics of the communications
    • Suggestion: TAC develop a background document to provide to Steering (this is a tough topic to understand - communicating with Steering could help hone the message)
    • We need to develop a coordinated plan among TAC and staff
    • International coordination

Deployment Profile: Test tooling in federation

Two parts to this:

  1. A test federation making sure implementation works and is compliant
  2. Tools for the federation to use to test for compliance

There is a draft charter for a Test Federation WG.

  • Nick Roy drafted requirements for a test federation
  • Test Federation user stories
  • Will need someone to lead this group who is very invested in the topic and the need
  • [AI] TAC members - review and comment on the draft charter.
  • [AI] Janemarie - schedule this topic for the next meeting

Next Meeting -  Thursday, July 16, 2020 


  • No labels