InCommon Steering Committee Meeting - October 27, 2014
8 am - Noon - JW Marriott Indianapolis - Room 205
Attending: Klara Jelinkova, Steve Devoti, Jack Suess, David Vernon, Dennis Cromwell, John O’Keefe, Joel Cooper, Michael Gettes, Mark Crase, Ken Klingenstein, Steve Carmody (on phone), Chris Holmes (on phone)
With: John Krienke, Shel Waggener, Steve Zoppi, Dean Woodbeck
Trusted Identity in Education and Research (TIER)
Klara reviewed the “Case for TIER” document with a goal of clarifying which areas will be the responsibility of InCommon. Shel commented that, for some time, identity projects were pursued, many with their own governance groups, then all rolled up into InCommon over the years. With TIER as a larger program, InCommon will be able to focus on issues that are core to the federation.
Steering went through a governance schematic that lists identity-related projects and programs and sorts them into governance categories. These are the areas falling into the InCommon Steering sphere (in no particular order):
- K12 policy
- Attribute release
- Assurance and trust makrs
- Campus/participant best practices
- Advocacy for participants (with Shib Consortium, others)
- Consent management
- Affiliate criteria
- VPs of Research (outreach)
Some of the discussion included:
- we need a process for defining what the federation needs from Shib and how to communicate those needs to the Shib Consortium
- moving the certificate service would create substantial legal work, since the certificate agreement is an addendum to the InCommon participation agreement. Campuses would also need to reissue certificates. However, this could remain the InCommon Certificate Service, but the policy authority could change with a letter to Comodo.
- What will we continue to provide as InCommon and what is the transition plan?
- If InCommon is about trust, certificates and MFA fit\
- Is trust the rubric for these decisions?
Klara went around the table asking Steering members “what are we about”
- Fundamentally about operating a trust federation for R&E in the U.S., with responsibility to ensure international compatibility and interoperability
- As to Steering itself, tremendous need for a group of people that can provide influence
- Fundamentally about operating the U.S. federation. Develop an environment, trust fabric, work with participants that they are working appropriately.
- I have a fairly narrow view – we would have a perspective and oversight over some policy components of certificates, for instance, but Steering is not involved in running the service. We would be an advocacy body for that service. InCommon’s focus is the federation.
- There is a lot of connective tissue around trust. As to the certificate example, as long as this community sees the need for a certificate service, this body has a high-level interest in this. Where is runs operationally, doesn’t really matter.
- We should identity and define required trust elements. Is two-factor required? Are certs required? If we don’t have the ability to make this happen, we’re just another voice in the wilderness. Need to be in a position to direct resources.
- Our higher role in life is to enable trust. As Steering, we are there to effectively control and convince execs where to spend the money. Might be legacy tactical investments, and then are new/future tactical investments.
- Focus on federation, assurance. What are the requirements? Can we have requirements? How do you use multifactor authentication with InCommon – that’s part of this group.
- Klara commented that TIER’s interest is on organizing and stabilizing development efforts, so they are unlikely to want to “own” the certificate service, which is already successfully operating.
- Ken commented that, looking forward, we need to engage VPs for research (collaboration and attribute release). Also, consent management is critical. Watching what is happening in other federations, we will need to build a structure for campus consent management. We want to make sure we have room in the portfolio for these to happen. Consensus that both of these fit into the InCommon portfolio.
Goals and Strategies
Shifted to the goals and strategies worksheet. Steering went through the goals and strategies as a way to further determine the scope for Steering and InCommon.
Ann O'Beay, Ann West, and Ana Huntsinger joined the meeting to discuss merging the InCommon Affiliate Program with the Internet2 industry program.
Ann West provided a background for the Affiliate Program:
- Program organized about 5 years ago
- Goal to attract affiliates that offer services/products to help others federate
- Have 7 affiliates now, but the program is not growing
Ann O'Beay discussed the options for Affiliates under the transition proposal.
- Affiliates with a cloud IAM-related service to sell can join the Internet2 NET+ program
- Affiliates with a non-cloud IAM-related service could become a NET+ service provider in the Trust and Identity portfolio in a yet-to-be-defined subcategory
- Affiliates will be able to join the proposed Internet2 Catalyst Program (part of the Internet2 Industry Program) to signal support for best practices. The goal is to create community-approved best practices and engage corporate service providers in implementation
- Affilates could become a member of Internet2 as an industry member
The proposed price structure includes unbundling benefits, lower dues for most Affiliates ($2,500 for those with less than $10 million in revenue, vs. the $6,000 InCommon fee), and a la carte pricing for some benefits (meeting registration, exhibit tables, sponsorship booths, webinars).
The timeline would be to use 2015 as a transition year, with the new dues structure and a la carte pricing effective in January 2015, with the transition completed by January 2016.
There was discussion about the subcommittee structure – reviewing its effectiveness and whether we have the right subcommittees. Some of the comments:
- Need to codify InCommon Steering’s role with TIER (there are seats for ERG subcommittee members on the TIER board)
- InCommon Steering should have some similar role with NET+
- InCommon Steering should review the structure and designate subcommittees at the beginning of the year
- InCommon should have structured conversations with Shel (as a member of the Shib Consortium board) prior to Shibboleth Consortium meetings
- There are currently multiple places where prioritization occurs (like Steering, Program Subcommittee, TAC). Perhaps that stack only comes through Programs, with the appropriate people/groups having input.
- When TAC identifies operational issues, they move forward. If it is a new initiative, then it goes through the process. Need to codify this.
- Evaluation of software – we need a way to see if we can make use of software that other federations have developed. There was agreement on that point.
Steve Carmody reviewed TAC’s approach in 2014. TAC created a set of working groups targeted at the priorities defined by InCommon. These working groups all have written charters, so their work is scoped, and all will produce docyments and recommendations. TAC will then review these and bring recommendations to Steering.
Next Steps and Communications
- ERG will continue with the charter/bylaws work
- Programs will continue with prioritization
- ERG will continue involvement with TIER
- Hold a community webinar explaining what is in scope and what Steering has decided. January/February time frame – what is InC, what is TIER and what is the landscape.
- We will need a way of matching priorities and resources, and a way to account for this to the community.
- Part of the conversation is staffing and priorities – will the InCommon staff continue to be pulled into other areas of Internet2?
- Jack Suess, Joel Cooper, Bill Yock are rolling off
- We have two CIOs rolling off; need to keep that in mind
- We could have more Steering members than currently do
- Nominations will not be a separate committee, but will be handled by the executive committee and full steering.
Next Meeting – Monday, Nov. 3, 4 pm ET