Trust and Identity Program Advisory Group Meeting - October 16, 2017

(Face-to-Face at 2017 Technology Exchange)


Attending: Ted Hanss, Ron Kraemer, John O’Keefe, Chris Phillips, Sean Reynolds, Klara Jelinkova

With: Mike Zawacki, Steve Zoppi, Ann West, Tom Barton, Kevin Morooney (remote)

Action Items

(AI) Ann will drive the development of a position paper for presentation to the community.

(AI) Kevin will pursue a PAG meeting at EDUCAUSE (October 31)

Journey to the Center of Trust and Identity

Kevin shared a model that identifies the requirements identified during the deep dives from summer 2016 and updated/refined from conversations the past several months. The model:

  1. identifies all of the trust and identity activities the requirements indicate would be necessary

  2. matches the activities to existing resources

  3. identifies the gaps


The model identified 122 activities and collapsed those under 14 T/I disciplines (listed below):

  1. Application Programming Interfaces - Campus

  2. Cloud Services

  3. Collaboration Management Services

  4. Community Training and TIER Program

  5. Component and Operations Security and Audit

  6. Component Packaging and Deployment

  7. Entity Registry (Person and Object Registry)

  8. Group Management and Group Administration

  9. Identity and Service Providers

  10. InCommon Federation Operations and Management

  11. Messaging Middleware

  12. Scalable Consent and Privacy Services

  13. Schema

  14. Trust-Identity Services and Community Support


This process revealed more than 40 resource gaps, after taking into account current staff, community members, and contractors working in the T/I space. The model made the assumptions that contributions by the community will not decrease over time, and that the T/I portfolio will not increase dramatically in the foreseeable future.

The model predicts the need for 22-34 additional FTEs to fill the resource needs (in addition to today’s 27). The presentation further refined this number by allocating these FTE needs to the 14 disciplines, and whether the resources would come via community working groups or Internet2.

Needed from the PAG: validation (or invalidation) of the various elements of the model, as well as thoughts and strategies on addressing the identified gaps. Are there other resources the PAG needs to make these recommendations?

Some general comments from PAG members (mainly about TIER):

Remarks from Howard Pfeffer

Internet2 CEO Howard Pfeffer joined the meeting. He commented that trust and identity is key to Internet’s mission. He is looking for prioritization of critical tasks and scoping ongoing and future efforts. We need to move to a model of real certification process for things like TIER, which would consider functionality, security, and interoperability. Also consider timeframes when looking at priorities. Addressing the adoption question, driving greater use and consumption. Look at pain points, blockers to adoption. We need to consider commercial world, create focused effort to interoperate, deal with the problem of vendor lock-in.

Some discussion from the PAG:

Support for Research

Chris Phillips, chair of the new CACTI architectural group, discussed the goals and make-up of that group, which has an international blend and a good cross-section of campus and other participation. The focus is on enabling research and removing complexity from access to resources.

There is some overlap with FIM4R (Federated Identity Management for Research). That organization, sponsored by CERN and others, has a budget of 3 million Euros and could provide some insight on raising funds and grant money. Part of a recent FIM4R meeting was a discussion of what is not working (from the research perspective) in federated identity management. One of the links in the wiki is the raw FIM4R meeting notes; the headings are worth reviewing to see what sorts of disciplines are involved.

There is concern about the growing number of community groups without a corresponding increase in staff support. How would addressing the needs identified by the FIM4R organization impact the scope of InCommon and the needs already identified earlier in the meeting by Kevin’s presentation. One consideration may be to not just look at items/services to add, but things we should stop doing or supporting. Tom Barton is involved with co-editing requirements document for FIM4R that takes into consideration all of the resources needed to do work - software, development, etc. It will also look at things like SIRTIFI, needs of int’l research efforts like CERN, etc.

Next Steps

Klara expressed the need to decide when to stop taking inputs and begin working on outputs. How do we prioritize needs and guard against scope creep? Consider time bounding - starting with what is possible in the next 12 months, for example. We need to demonstrate the ability to deliver. The PAG should look at what needs to be done in the next 3 months, the next 6 months, and the next 12 months. We need to finish the work plan, clarify the role of InCommon. (AI) Ann will drive the development of a position paper for presentation to the community.

Some of the issues and concerns to consider include:

The PAG may next meet October 31 during the EDUCAUSE annual conference, if enough members are attending that event.                   

Parking lot: