Judith Bush, Heather Flanagan, Keith Wessel, Eric Goodman, Mark Rank
With (Also Starring): David St Pierre Bantz (CTAB), David Walker, Albert Wu, Nicole Roy, Kevin Morooney, Ann West, Steve Zoppi, Johnny Lasker, Les LaCroix (CACTI)
Regrets: Joanne Boomer, Matt Porter
Scribes: Judith, Eric, Johnny
was three weeks ago. Went well with record attendance.
call included discussion whether “R&E” tag adequately describes the value statement to CIOs at “R&E” institutions
July 14 TAC Meeting planned topic: “All things digital identities” - eg, verifiable credentials
Les asks re the informal working group on SAML identifiers & TAC invited CACTI’s participation
Action Item: Mark Rank (cirrusidentity.com) will circulate Deployment Profile Value Statement
CTAB discussed reviving a service catalog for SPs to indicate the value of the Federation and potentially speed integration. Will not be comprehensive. From Heather: https://refeds.org/wp-content/uploads/2018/10/ServiceCatalog-Evaluation.pdf
CTAB trying something different
This was an interesting example shared at CTAB as well: https://catalog.sciencegateways.org/#/home
Mark suggests not a service catalog but “how do I subscribe to a given service”? What does my IdP need to do – yes, this is the goal. (Focus being on how the need/goal is presented, not whether it’s considered a service catalog)
InCommon in discussion with NSF to have an integration instructions set similar to the work we have with NIH. Not far along, but moving in a positive direction. And the idea of defining categories of services, where integration follows a standard model that the individual SP could reference to simplify their own documentation.
Stray thought that we should consider whether we should acknowledge that (particularly commercial) services require stable email addresses, and start recommending assignment of stable email addresses to users. (Understanding that this is a very controversial recommendation, and the deployment profile explicitly recommends against this form of conflating userid, profile information and email address).
Travel delays are real, Covid is real. Build in extra time (an extra day if you have connections)
Albert: SSL Lab does not capture all the security issues, such as patching servers. We need a tool to help participants evaluate their readiness to participate in federation. Baseline & the Deployment profile move in that direction. Define a Maturity/Accomplishment model that goes from Baseline to the most mature in different dimensions. “If i do this then i can access this resource.” Org can note “Must be at this level.” Hope that this will help make improvements more intuitive and easier to discuss.
Heather: Talking about how we handle the brain drain of people leaving higher ed. How do identity people have a career path that keeps them in higher ed vs. jumping to the paycheck in the private sector.
Observation that outsourcing is part of the problem and solution: institutions choosing to outsource, perhaps to the the places to which staff are jumping. Administration wants to fill business analyst jobs not systems management jobs.
What is IdPro looking at? Discussed whether the direction is going to the technical or the business? IAM staff means?
Verifiable credentials moving into mainstream, with various wallet models and OIDC intense interest.
Ann notes that the EU is looking at this, with the most recent instantiation being a wallet approach where the person can choose release and multiple authorities put claims in. GDPR is interpreted differently across the countries of EU, so self release makes it easier to cross borders.
Erasmus as example, student mobility. GEANT is being funded by EU and piloting wallet technology, UX.
Authenticate, FIDO Alliance, in October, Heather will be there
Seamless Access & InCommon meetings: initial draft of documents
| Subject: | CACTI Update 2022-06-21 |
|---|---|
| Date: | Thu, Jun 30, 12:02 PM |
| From: | Steven Premeau |
| Subject: | I2 Ops Updates |
|---|---|
| Date: | Wed, Jun 29, 3:45 PM |
| From: | Johnny Lasker |
A couple of Ops Updates: