Minutes

Attending: Mike Grady, Keith Wessel, Janemarie Duh, Matthew Brookover, Jessica Coltrin, Eric Goodman, Eric Kool-Brown, Mike Grady, Matthew Economou, Judith Bush

With: Shannon Roddy, James Babb, Dave Shafer, Albert Wu, David Walker, Steve Zoppi, Ann West, IJ Kim, David Bantz

Action Items

(AI) TAC to provide feedback to NISO on the RA-21 Recommendations.

(AI) Eric G., Janemarie, Albert, Jessica, Matt B. to jump start a badging program for the TAC to review and consider.

Intellectual Property Reminder

All Internet2 activities are governed by the Internet2 Intellectual Property Framework.

Public Content Notice

TAC minutes are public documents. Please let the TAC and note taker know if you plan to discuss something of a sensitive nature.

Trust & Identity + InCommon Ops Update

International Updates

Heather emailed an update to the list that outlined the NISO released the public comment period on the RA-21 Recommendations. (AI) TAC to provide feedback to NISO on the RA-21 Recommendations.

TAC/CTAB/CACTI Collaboration Updates

CACTI - CACTI is working on prioritizing their FIM4R recommendations. They are also working developing an eduroam advisory group charter.

CTAB - Logistics discussions with David Bantz on who does what update. Other recent CTAB activity was covered in the earlier "Baseline Expectations" item (1.a). Please keep updates to a few minutes only to leave time for main agenda items.

Working Group Updates

Federation 2.0 - The data gathering to build scenarios is beginning. We have a survey and plan a number of focus group discussions via https://internet2.zoom.us/j/8853848902 at the times at this calendar. Some additional times may be offered in the second half of May. Check the Working Group page for more details. We are encouraging people to share the invitation with people who have insight into the future of the education and research landscape - the whole landscape, not just the federation infrastructure. This is data gathering for the scenario planning, so we're hoping to uncover possibilities such as more private enterprise-academic collaboration, fluid collaboration groups dominating identity as opposed to traditional academic institutions, etc.

IdPaas - Co-chair selection/review : IDP as a Service WG Interest (possible Co-chair) list. First call is April 29th. Would like to find a co-chair that is unlike Duke but likely a customer of this service. Five names look like likely candidates. Mary will contact Eugene Monti (from Duquesne University) first.

Badging to encourage best behavior in federation

Summary of conversation around encouraging best behavior in federation. Goal is to provide guidance on what InCommon should do in this area. The focus of Jack Suess's email thread (included in the doc above) was focused on service providers. Some SPs say they support SAML, but don't register metadata. We need to provide clarity on the practices they support.

  1. Should we do this as a federation?
    1. Is the badging to make visible that which is not currently defined or just to make what is being done more findable? Both.
    2. There is strong need for shining a light on how an org is supporting federation integration standards. Where would these badges exist? On the InCommon website.
    3. We should start something like this. 
  2. If so, what should we do?
    1. One of the criteria considered in the deployment profile was whether or not a requirement could be tested.
    1. Automated testing or self-assessed?
  3. Duke has a Shibboleth-ready assessment for vendors that is used as expectation setting for local users/stakeholders. It shows them how well the vendor is following best practices. 
    1. The form does NOT distill the deficiencies that could be shared with SP leadership. Badging associated with the Deployment Profile could help with this.
    2. Portland State has InC integration as part of the procurement process, but just because it's on the list doesn't mean it's turnkey ready.
    3. Background from Ann:
      1. Affiliates program - was moved into Internet2 program. There was an interest in knowing if they were doing the right thing. Offering services that were InCommon-approved. The Participants list doesn't reflect metadata yet. T&I went to the TAC then to say they wanted a testing program and badging. It was difficult to start with the testing program.
      2. Because of the website redo, there will be a list of metadata registration, a data list. This is a first step.
      3. The proposal is to make it easy to find all the programs and policies. This is the first thing.
      4. We have to come to a consensus of the two profiles we have (implementation and deployment). Cart and horse problem. First step, make it easy for procurement officers to go the InCommon website to find out if a provider has metadata registered.
    4. A vendor can attest and the community weighs in with plus-one, etc.
  4. What do we do with the deployment and implementation profiles? Do we require them? Do organizations have to support the complete set or do we break apart the requirements and introduce them as requirements over time. We can't start a badge program related to these profiles until we answer this question and have a rollout plan. We could have an approach that required attestation to doing the right thing and the community verifies as opposed to having a technical testing solution which will take more time. We have to be really careful about this though. 
  5. The following group of folks will look at how to jump start a badging program for the TAC to review and consider: (AI ) Eric G, Janemarie, Albert, Jessica, Matt B.

Next Meeting - May 9, 2019 - 1 pm ET