InCommon Technical Advisory Committee Meeting Minutes

Thursday, June 5, 2014

Attending: Michael Gettes, Scott Cantor, Chris Misra, Steve Carmody, Ian Young, Jim Jokl, Keith Hazelton, Tom Barton, Paul Caskey, Steve Olshansky, David Walker

With: Ann West, John Krienke, Nate Klingenstein, Dean Woodbeck, IJ Kim, Tom Scavo

New Member

Chair Steve Carmody welcomed Steve Olshansky, identity lead at ISOC, to the TAC.

Action Items

  1. (AI) Tom Barton, Chris Misra, and Nick Roy (should he accept), and one or two members of Assurance Advisory Committee (AAC) (should they accept) will develop a list of first steps that InCommon might take vis a vis future security issues like Heartbleed.
  2. (AI) Steve Carmody will contact Nick Roy and the AAC leadership about participating in the Heartbleed group.
  3. (AI) Steve Carmody will kick off an email discussion concerning standing up a working group around the technical issues involved with interfederation.
  4. (AI) Steve Carmody will start an email discussion re: the wiki page on issues involved with InCommon offering a Social-to-SAML gateway as an operational service.

Ops Update

Tom Scavo reported on his work to contact SAML-1 only SPs. Only a handful have not responded. Most deployments are using the production aggregate, a significant number are old and will be removed from metadata, and only one is not compatible with SHA-2 and will be upgraded by the end of June.

OpenSSL

There was a security advisory concerning OpenSSL this morning. Scott reported that Shib will be patched by the end of the weekend.

Working Group Status Updates

The new working groups (external identities and alternative IdPs) are included in Steve Zoppi’s budget requests. JaneMarie Duh (Lafayette) has agreed to lead the Alternative IdPs WG, wkth David Walker as flywheel and support.

Heartbleed Memo

Chris Holmes (member of Steering and associate counsel at Baylor) responded to the TAC memo concerning Heartbleed and whether InCommon could take a more aggressive role, should it choose to do so. He believes there are some things InCommon could do under the current Participation Agreement, but suggested that TAC propose some specifics, should we wish to pursue anything.

TAC discussed the possibilities of trust marks or tags, working with a group like REN-ISAC, and other issues. (AI) Tom Barton, Chris Misra, and Nick Roy (should he accept), and one or two members of Assurance Advisory Committee (AAC) (should they accept) will develop a list of first steps that InCommon might take in this area. (AI) Steve Carmody will contact Nick Roy and the AAC leadership.

Interfederation Working Group Update

Steering has asked John Krienke to provide a list of changes needed for the Participation Agreement and the Federation Operating Policies and Practices to enable interfederation. There are a number of technical issues involved, as well. (AI) Steve Carmody will kick off an email discussion concerning standing up a working group around the technical issues.

Trust Marks

The AAC is interested in developing a POP replacement (perhaps Bronze) that would be more standardized. At the AAC face-to-face in April, they developed a rough draft of what a POP replacement might do. This led to a discussion about trust marks and the potential for further community assurance profiles (light-weight and likely self-asserted).

Social-to-SAML Gateway

Steve Carmody created a wiki page with a list of issues to discuss concerning InCommon offering a Social-to-SAML Gateway Google gateway as an operational service. (AI) Steve will start an email discussion on the topic.

Next Meeting

Thursday, June 19, 2014 – 1 pm ET / Noon CT / 11 am MT / 10 am PT