InCommon Technical Advisory Committee Meeting

August 21, 2014 - Minutes

Attending: Ian Young, Nick Roy, Scott Cantor, Jim Basney, Keith Hazelton, Michael Gettes, Paul Caskey, Steve Olshansky, David Walker

With: John Krienke, Tom Scavo, Ann West, Dean Woodbeck, Nate Klingenstein, Steve Zoppi

eduGAIN Update

eduGAIN Pilot – John Krienke reported that InCommon has submitted the metadata URL to eduGAIN. We also have permission from the University of Wisconsin-Milwaukee to include the three LIGO SPs in the pilot metadata aggregate, as well as permission to apply the REFEDS R&S tag to these SPs

eduGAIN Policy – Ann West reported that the newly formed eduGAIN policy working group has held its first meeting. This group is chaired by Theresa Semmens from North Dakota State University and was chartered by InCommon Steering. The committee will meet weekly and has a target of November 1 to have recommendations for policy and legal framework changes for interoperation with eduGAIN.

Federation Manager and Certificate Manager

Tom Scavo reported on ongoing work to federate the Federation Manager and the Certificate Manager, and to use second-factor authentication with both.

Federation Manager – Ops and Cirrus Identity are working to develop and deploy the next version of the MFA proxy. The InCommon Registration Authority (internal Internet2 staff) have been using the first version of the proxy since late March, in conjunction with Duo Mobile. The next goal is to roll this out to site admins by the end of the year. Now working on support for delegated administrators, then will work on an enrollment workflow.

Certificate Manager – This is about a step behind the FM. Comodo has committed to additional work to make federation possible and they have a staging instance of a federated CM. Planning to add MFA to this staging instance, which is being used by Internet2 and Comodo staff, in early September

Assurance and FICAM

Ann reported that FICAM has released version 2 of its spec; from InCommon’s point of view, it isn’t much of a change. FICAM is beefing up LoA1, but InCommon Bronze already meets the new version.

FICAM also will consider InCommon a business-to-government provider, which means that our identity providers will be considered as meeting the FICAM requirements.

There is some adoption fatigue, but we know that Chicago, Wisconsin-Madison, and Florida are working on Silver, and that UMBC and Harvard are working on Bronze. Anil John at FICAM is working on a meeting with InCommon, NIH, and NSF to discuss the status of LoA2 applications.

REFEDS R&S Requirements

Tom Scavo revised the wiki page outlining proposed changes to the REFEDS R&S specification. Scott Cantor will reformat that document to a format that can be submitted to REFEDS from TAC. https://spaces.at.internet2.edu/display/inctac/Steps+toward+adopting+the+use+of+REFEDS+R+and+S

There was discussion about whether R&S includes “teaching and learning.” In general, the key is to look at an application and see if it fits the R&S criteria. If it does, then it is R&S. Another way to look at it is to look at current R&S SPs and see whether the proposed application seems to fit.

There was also discussion about the rationale for pursuing REFEDS R&S (e.g. the value proposition). Scott said that R&S has done more than anything else to make federation work between universities, and we hope that this same benefit will accrue to the international scenario.

Meeting Adjourned

Next Meeting

Thursday, September 4, 2014 – 1 pm ET / Noon CT / 10 am PT