March 12, 2020
Attending: Heather Flanagan, Mary McKee, Janemarie Duh, Mark Rank, Keith Wessel, Matt Brookover, Mizuki Karasawa, Eric Kool-Brown, Judith Bush, Eric Goodman
With: David Bantz, Albert Wu, Dean Woodbeck, IJ Kim, Ian Young, Steve Zoppi, Kevin Morooney, Jessica Coltrin
Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework.
Public Content Notice - TAC minutes are public documents. Please let the TAC and note-taker know if you plan to discuss something of a sensitive nature.
Minutes
InCommon/Internet2 conferences and training
- Global Summit was cancelled. May have some online content, but nothing scheduled yet.
- InCommon Academy - Shibboleth workshop planned at Rice next week has been cancelled. Will offer Shib online in the fall (likely more than one). We will offer a two-hour open office session next week for those who had registered for the training. Grouper and COmanage face-to-face will both be moved to online.
- We are moving more aggressively now on moving training to an LMS.
- BaseCAMP - June 23-25 - We are planning on an in-person meeting. Announcements will start going out next week.
International Update
Most conferences over the next 4-6 weeks have been canceled or rescheduled. There are still plans to try and do things like remote presentations for the federation updates, and everyone is learning to make the best of videoconference sessions.
At this time, REFEDS 42 and TNC20 are expected to go forward. If REFEDS/TNC is canceled, it’s unlikely we’ll have a full day of remote sessions. Beyond that, all decisions are being held until the last minute.
Work is still progressing despite the mental and physical obstacles - the new REFEDS Best Practices around Error Handling Working Group is meeting weekly to come up with guidance around SP error handling for non-technical issues at login. See https://wiki.refeds.org/display/GROUPS/Working+Document+-+Use+Cases+and+Errors for the working document we are using to capture what types of errors fit in this category and what to do with them.
SIRTFI is working on an eduGAIN Security Incident Response Communication Workflow. Hannah Short is helping spearhead an idea for tabletop exercises to allow federation operators to work through some scenarios. More will be sent out about that when dates/times/processes have been established.
Standardizing message to vendor / SAML readiness
How do we function as a federation as more organizations move to vendor solutions that don’t support multilateral federation? Part of the challenge is getting departments and others on campus to understand why central IT takes the approach that they do.
Mary McKee discussed some of the processes at Duke. Part of the approach is to be clear with departments about what IT can do (in terms of federation), but there are compromises we can’t make, and here’s what we expect vendors to accommodate. Another point - this infrastructure is a community thing, not specific to an institution. If we start doing custom things (like a custom attribute), we are compromising that infrastructure.
Mary discussed a form Duke developed, Shibboleth Readiness Profile, for departments to complete. This gets IT involved before a contract is signed. Having the conversation after a contract is signed makes it significantly harder. https://duke.app.box.com/v/shibbolethReadinessProfile
One thing InCommon can consider is a quick-start guide at a high level of expectations for federation. Something for departments. Something for vendors. Albert - working on something like that aimed at vendors. Also a resource CACTI is working on is aimed at CIOs and CISOs.
There was discussion about several documents that might inform such guides - InCommon Basics and Particpating in InCommon, the “Trust Process” document on the website, and a revised “getting started” guide. In addition, EDUCAUSE produced a paper last year, “Seven things you should know about federated identity.”
Summary
- Need vendor education
- Clarifying roles/responsibilities re: deployments
- Interaction between central IT and campus departments
- Implementing SP Onboarding recommendations - Albert and David Walker are working on that now
2020 Work Items
- Test Federation - draft charter just about ready
- Deployment profile survey - Reviewed survey results at TechEx in December 2019. Decided at the time we should convene a TAC subgroup to review the list of action items and determine which are feasible and prioritize. Keith volunteers to chair this subgroup. Volunteers should contact Keith to sign up.
CTAB Baseline Expectations 2 and the Consensus Process
- CTAB emailed the participants list to kick off the community consensus process on proposed Baseline Expectations v2 - three additional components and
- https://spaces.at.internet2.edu/display/BE/.baseline-expectations-2+v2.0
- David asked TAC members to distribute the information to relevant lists and constituencies
Seamless Access entity attributes WG
- Heather just sent a newsletter to the Seamless Access announce list with links to podcasts, conferences, and with working group updates. If you’d like to receive this newsletter, email Heather
- Entity attribute working group - looking at three entity categories - 1) indicate from SP purely anonymous access (SP does not want any attributes sent). 2) entitlement, affiliation, pseudonymous ID. 3) access with entitlement, affiliation, identifier (assumes a subscription contract between campus and SP). #3 will be enhanced by a contract working group. Before this is finalized, will go to REFEDS. Will be other opportunities for comment.