You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

TAC Meeting 2014-10-29

Wednesday, October 29, 2014
10:30 am - 1:30 pm
@TechEx in Indianapolis https://docs.google.com/a/internet2.edu/document/d/1RUW4RWCzBLjsnvAGfexZK46S1NYMCVLW4tXdrAfg-u8/edit#

Agenda

  1. Strategic Priorities 2015
    1. Problems
      1. Participants need help managing adoption of Net+ or other service providers that rely on Federation, and those vendors need some help too.
      2. Federation value proposition is not well understood by members and non-members alike, or high enough for some parties.
      3. There is an insufficient baseline of expectations of Participants and Affiliates, and a lack of monitoring or providing feedback about this status, and insufficient tools to implement some desirable expected behaviors.
        1. Attribute release doesn't happen broadly enough
        2. Metadata consumption and key management 
        3. Security incident response
        4. Evolving federation infrastructure and updated expectations
      4. The role of the Federation in managing security incident response among its members is unclear.
      5. It's still too hard for Participants to federate, including internal circumstances and implementation of federation technology
    2. Encourage and facilitate campuses to move toward more relaxed Attribute Release Policies, for some set of SPs. Today, most IDPs are configured to work with contracted partners and local business systems; their default release for everyone else is an opaque identifier. IC needs to create the programs, materials, incentives, support materials, and peer pressure to change the default behavior.
    3. Make it easier for a campus new to Shibboleth to deploy an IDP that is configured for best practice, and to interop well with collaborators.
    4. Address the set of functionality requests submitted by the large research projects.
    5. Enforcement of Practices: Baselines for measurement, Monitoring/Testing baselines, Tagging, and Displaying Gold Stars (From participant list conversations on encrypted attributes, and follow-on Steering ER&G work item). E.g., dead entities test, POP, FSIR, md refresh, other recommended practices (John)
      1.  Sustained and periodic communication to Participant contacts about best practices and/or potentially unmet obligations. Eg, security contacts.
      2. Periodic testing of presence and accuracy of security contact info.
    6. Role of TAC helping InCommon evaluating the technical underpinnings and/or principles for use of software to deliver on capabilities now and future - to be more responsive to community needs and more resilient to resourcing concerns.

Ops Trajectories

Given current trajectories, Ops can/will/might deliver the following in 2015:

  1. InCommon Admin MFA Service
    1. Distributed Multifactor Authentication
    2. Step-Up Authentication
    3. Automated User Enrollment and Device Management
    4. Embedded Discovery Service
    5. Integrated Google Gateway Service
    6. Embedded Login and Account Creation Service (IdPoLR)
    7. Embedded Error Handling Service
  2. InCommon Research & Scholarship MFA Service
    1. (same features as InCommon Admin MFA Service)
    2. Exposes only those IdPs that pass the Basic Interoperability Test
  3. Self-Asserted Attribute Release Policy
    1. A stateful web app for Site Administrators
    2. Automates and extends the onboarding process for R&S IdPs
    3. Permits fine-grained tagging of IdPs by IdP operators:
      1. http://macedir.org/entity-category-support => https://refeds.org/category/research-and-scholarship
      2. http://macedir.org/entity-category-support => https://cilogon.org/shibboleth
  4. User-Defined Entity Categories
    1. Permits fine-grained tagging of IdPs and SPs by anyone (with permission):
      1. http://macedir.org/entity-category => http://uctrust.universityofcalifornia.edu/category/faculty-staff-basic
      2. http://macedir.org/entity-category-support => http://uctrust.universityofcalifornia.edu/category/faculty-staff-basic
  5. Custom Metadata Aggregates
    1. Permits fine-grained tagging of IdPs and SPs by anyone (with or without permission):
      1. http://macedir.org/entity-category-support => https://cilogon.org/shibboleth
  6. Super Metadata Aggregate
    1. http://md.incommon.org/InCommon/InCommon-metadata-super.xml
    2. includes pre-production metadata not vetted by InCommon Admin
    3. https://incommon.org/md-rps
  7. Metadata Query Server
    1. http://mdq.incommon.org/global
      1. InCommon production metadata + filtered eduGAIN metadata
    2. http://mdq.incommon.org/incommon
      1. ALL InCommon metadata (production and pre-production)

Minutes

Attending: Scott Cantor, David Walker, Steve Carmody, Nick Roy, Keith Hazelton, Mike LaHaye, Steve Olshansky, Jim Basney, Tom Barton, Jim Jokl, Paul Caskey, Ken Klingenstein, Michael Gettes

With: John Krienke, Dean Woodbeck, IJ Kim, Nate Klingenstein, Steve Zoppi, Tom Scavo, Ann West

The goal for this meeting is to discuss strategic priorities and operational trajectories for 2015.

Michael Gettes reported on the work being done by the Steering Program Subcommittee sorting out what falls under the InCommon umbrella and what may be moved to TIER.

Ann West reported on the proposal to integrate the InCommon Affiliate Program with the Internet2 Industry Program, which was presented to Steering this week. The goal is to reduce confusion, grow the program, reduce duplicative efforts, The proposal includes four options for affiliates:

  1. Affiliates with a cloud IAM-related service to sell can join the Internet2 NET+ program
  2. Affiliates with a non-cloud IAM-related service could become a NET+ service provider in the Trust and Identity portfolio in a yet-to-be-defined subcategory
  3. Affiliates will be able to join the proposed Internet2 Catalyst Program (part of the Internet2 Industry Program) to signal support for best practices. The goal is to create community-approved best practices and engage corporate service providers in implementation
  4. Affiliates could become a member of Internet2 as an industry member

The rest of the day’s discussions concerned the 2015 potential priorities and operational trajectories. The discussion was captured in this Google Doc: http://goo.gl/vMB2YL

This will be further refined during the November 13 TAC call, then sent to Steering.

Next Meeting – Thursday, Nov. 13, 2014 – 1 pm ET

  File Modified
No files shared here yet.

  • No labels