Attending: Michael Gettes, Dave Vernon, Pankaj Shah, Susan Kelley, Steve Carmody, Ann West, Michele Norin, Dennis Cromwell, Celeste Schwartz, Sean Reynolds, Von Welch, Ted Hanss
With: Dean Woodbeck, Steve Zoppi
The minutes of the July 11 Steering Committee meeting were approved via Wisegate
The following resolution was approved vie Wisegate:
The InCommon Steering Committee and management will develop, obtain community consensus around, and promulgate an InCommon Incident Response Policy, Procedures and Reporting document. An interim version, which will be replaced by a comprehensive approach, will be ready for the Committee's review at their November 7, 2016 meeting.
Virginia Tech has requested that the InCommon Silver assurance certification be removed. The InCommon Assurance Advisory Committee recommends doing so.
Ann provided a brief history of the assurance program, which was developed approximately four years ago in response to a federal government initiative to provide higher levels of assurance. InCommon adopted Bronze and Silver profiles to roughly equate to federation Level of Assurance 1 and 2, respectively. The federal program envisioned agencies like NIH and NSF requiring these assurance profiles, but that has not come to pass. As a result, the uptake by InCommon participants has been very limited.
Ann suggested that InCommon review the assurance program in the context of improving the trust level in the federation. This would include discussions with the GSA and campuses that have Bronze certification as to the ramifications for them. At the same time, the basis for the federal levels of assurance, NIST 800-63, is undergoing substantial revision.
InCommon Steering approved the following resolution unanimously:
InCommon Steering accepts the InCommon AAC recommendation to remove InCommon Assurance Silver certification from Virginia Tech’s assurance-registered identity provider on August 15, 2016 per Virginia Tech’s request.
The InCommon Steward Program is expected to be ready for community review in September, should the legal questions and business processes be finalized. The intent is to bring a package to Steering for review and discussion during its meeting August 29, 2016, kicking off community review following that meeting.
Ann provided background on the program, which allows the Steward to assume responsibility for some of the vetting, identity proofing, and metadata management currently done only by InCommon staff. As part of a proof of concept, MCNC will assume those responsibilities for some of its K-14 members. This leverages existing relationships among the regional networks and their K-14 members, and avoids additional costs and resource allocation by InCommon and Internet2. The intent is to open the community review during September, then proceeding with the proof of concept with MCNC.
Ann provided a summary of the “deep dive” and “path forward” discussions that have taken place over the last few weeks. This involved small community groups looking at community expectations, available resources, and the gaps between the two. Separate groups met to review both InCommon and TIER, and developed the recommendations provided in the slide deck attached to today’s agenda.
During discussion, Ann reviewed the slides that discuss three major buckets of FTEs: 1) InCommon operations (onboarding, technical services of federation and eduroam; 2) development (mainly TIER - tying together the open source software and filling gaps; 3) a function that incorporates both TIER and InCommon - planning, data analysis, community engagement (trust and identity in general).
As an example, Ann noted that the eduGAIN integration has created a significant need for follow-up, due to issues related to the import of the eduGAIN metadata. On the flip side, there are also a number of international programs that both InCommon and its participants could leverage. This would bring a risk, however, and there is a need to identify the risks and consider ways to minimize their impact.
There is a proposed combined InCommon Steering/TIER Community Investors Council meeting at TechEx in Miami, Monday, Sept. 26 - 8 am - noon (with a meeting of the TIER investor schools to follow). (AI) Dean will send a poll to gauge potential attendance.
Steering Exec - August 22 - 4 pm ET
Full Steering - August 29 - 4 pm ET