Attending: Dennis Cromwell, Pankaj Shah, Ann West, Klara Jelinkova, Michael Gettes, Susan Kelley, Ted Hanss, Dave Vernon, Sean Reynolds
With: Kevin Morooney, Von Welch, Steve Carmody
(AI) To better understand the Baseline Expectations impact, Steering asked Ann to document the outreach and education done to date, outline the proposed communication process, and provide an impact analysis that would discuss the number of entities believed to be deficient in one area or other (for instance, still running Shib IdPv2).
The following were approved via Wisegate:
InCommon has received very little feedback after the fee increase announcement - just 6-7 inquiries and all but one of those were just asking questions. Ann had a conversation with three people who expressed a concern about the lack of consultation. There were virtually no questions during the sessions at EDUCAUSE (including a poster session, a lunch with 113 attending, and a BoF).
The Steering Committee review the nominations for terms starting in January 2017. There was discussion about the type of experience needed, as well as whether there is a need to add an advisor from the sponsored partner or service provider realm. The consensus was to keep the nomination roster as-is and discuss an SP advisor at a later date.
Earlier this year, Steering approved changes to the FOPP that would allow InCommon latitude in responding to incidents (as the federation operator). At that time, Steering asked the staff to provide a plan and process for incident handling. A draft plan is attached to today’s agenda in the wiki. It has been discussed with Internet2 technical people, the TIER security group, the Big Tech Academic Alliance, and Kim Milford, executive director of REN-ISAC. This is an information item for Steering.
The AAC has developed a set of baseline expectations for operation within the Federation; Ann West delivered this report on behalf of Chris Spadanuda, AAC chair. In looking at ways to enhance and improve the overall trust practices in InCommon, the AAC identified a clear gap: the current method for communicating trust. The current method of organizations publishing POPs (Participant Operating Practices) is not enforced and, further, is not scalable.
The AAC developed a list of practices, including high-level requirements for IdPs, SPs, and the federation operator. The AAC has vetted this on a number of calls and webinars in the last six months, both with the InCommon community and with federation operators in Europe. The response has been favorable.
The recommended implementation involves developing an education and communication plan for disseminating the expectations. Of particular interest to Steering is the dispute resolution process, since Steering is the ultimate arbiter for such a process. The current plan to to develop a mechanism by which people can engage one-another and work through the problem before invoking the formal dispute process.
It was pointed out that, when implemented, InCommon will assume that all participants are in compliance. This is a shift from asking participants to assert something.
(AI) Steering asked Ann to document the outreach and education done to date, outline the proposed communication process, and provide an impact analysis that would discuss the number of entities believed to be deficient in one area or other (for instance, still running Shib IdPv2).
Next Meeting - December 5, 2016 - 4 pm ET