Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

InCommon TAC Meeting Minutes - July 9, 2015

Minutes

Attending: Tom Barton, Michael Gettes, David Walker, Ian Young, Scott Cantor, Steve Carmody, Mike LaHaye, Paul Caskey, Nick Roy

With: Dean Woodbeck, Tom Scavo, IJ Kim, Nate Klingenstein

Action items from this meeting

(AI) Nick Roy will send a note to TAC with a review of his meeting with Chris Phillips and thoughts on the Canadian federation’s Shibboleth installation tool.

(AI) Nick Roy will develop a small group to assess and discuss issues and concerns around TLS and the trust framework.

Action Items from the last meeting

(AI) Ann West will develop a service-level agreement concerning the IdP of Last Resort for Leif Johannson and UnitedID

TIER is also planning on an IdP of Last Resort. Ann would like a specific recommendation from TAC to Steering about pursuing UnitedID as an IdPoLR. (AI) Steve Carmody has drafted such a thing and he will send that to Steering.

(AI) Keith Hazelton will follow-up on the status of a REFEDS proposal to inject an IdPoLR into eduGAIN metadata, without the IdP needing to join a federation. <= keep open until next meeting

(AI) David Walker will summarize the recommendation for registration information for entities registered by InCommon Stewards [DONE]

Minutes from the last meeting were approved

Ops update

Tom Scavo reported on the result of a test he ran against the InCommon and eduGAIN metadata to determine the number of IdPs running Shib IdPv2 (see the PDF or Google sheet). The result shows about 77% of InCommon IdPs on v2. There were questions about the accuracy of the results, which rely on the deprecated /idp/profile/Status endpoint rather than /idp/status. Ian believes the UK federation has many more IdPs operating v2 than the percentage shown on the test results. Tom will continue to explore methods for determining the number of Shib v2 and v3 IdPs in the federation.

eduGAIN Intent Statement

Ann asked for feedback on the eduGain Intent Statement, which was recently approved by the eduGAIN Policy WG and is aimed at CIOs and high-level execs to explain the benefits and rationale of joining eduGAIN. Steering will consider approval of this document at its August meeting. There is also a communications plan (for Sept 2015-March 2016) under development, as well as an FAQ and a list of questions for organizations to consider as they consider eduGAIN participation. The intent statement, revisions to the InCommon Participation Agreement and revisions to the FOPP will be made public, with a community review period, leveraging a web-based forum for comments and questions/answers. This will be a very open and transparent process.

The MCNC K-12 pilot is intertwingled with this. There is currently K-12 information in eduGAIN, although it is not tagged as such. InCommon will work through that with eduGAIN. InCommon staff have been discussing how to communicate about the K-12 issues at the same time as eduGAIN without confusing or conflating the issues. Staff will share an outline of a communications plan with TAC.

Relaxed Attribute Release Policies

Development of relaxed attribute release policies to enable collaboration is the #1 priority on InCommon’s 2015 goal list. Making progress on this will require multiple parallel efforts. Steering has approved a policy and TAC and staff need to develop an implementation plan (which might include development of additional service category tags, sample blanket release policies, and other items). There may also be an opportunity to leverage the LAARP work and work already done by the Canadian federation. Given the other priorities this fall, the approach may be to develop the implementation plan, but defer any major push until the first part of 2016. (AI) Nick Roy will send a note to TAC with a review of his meeting with Chris Phillips and thoughts on the Canadian federation’s Shibboleth installation tool.

Metadata Signing Certificate and Fingerprint

Nick brought up a question about InCommon’s approach for distributing the metadata signing certificate and fingerprint in light of recent TLS and PKI security issues. Is a TLS-protected web site still good enough? How does this affect the basis for our trust framework? (AI) Nick will develop a small group to assess and discuss these issues and concerns.

Next Meeting July 23, 2015 - 1 pm ET

 

  • No labels