CACTI Call June 23, 2020
Attending
Members
- Tom Jordan, University of Wisc - Madison (chair)
- Jill Gemmill, Clemson (vice chair)
- Marina Adomeit, SUNET
- Rob Carter, Duke
- Margaret Cullen, Painless Security
- Matthew Economou, InCommon TAC Representative to CACTI
- Michael Grady, Unicon
- Karen Herrington, Virginia Tech
- Christos Kanellopoulos, GEANT
- Les LaCroix, Carleton College
- Chris Phillips, CANARIE
- Bill Thompson, Lafayette College
Internet2
- Kevin Morooney
- Steve Zoppi
- Nick Roy
- Jessica Fink
- Emily Eisbruch
- Mike Zawacki
Regrets
- Nathan Dors, U Washington
- Ann West, Internet2
New Action items:
- AI (Jill and Tom) will schedule call with Keith Hazelton to discuss a feedback loop in both directions around packaging
- AI (CACTI members) review updated HE registry-aaS prospectus for next CACTI call
- AI (Jessica) set up a call with KarenH, ChrisP, and the community member interested in leadership of the proposed Recruiting and Hiring WG
Intellectual Property reminder https://www.internet2.edu/policies/intellectual-property-framework/
DISCUSSION
Packaging - CACTI / Component architects discussion on community requirements for packaging (Tom)
- Does CACTI have role in helping to figure out community packaging requirements for the Trusted Access Platform?
- To assess and gather / manage community requirements with regard to packaging
- CACTI can help steer the discussions on packaging so the community has a voice
- Packaging is under the Trust Access Platform software integration working group led by Keith Hazelton.
- Factors and stakeholders to consider:
- Adopters would like packaging to be consistent and coherent
- Projects (Grouper, Shib, COmanage, etc) may have preferences around packaging
- Developers are working with fixed set of resources
- CACTI can reach into the community and help make sure the reasonable balance is being struck
- There will never be a perfect solution
- Configuration for packaging is an important topic:
- Internet2 is tasked with providing packages that can be extended.
- Do not want to do things upstream to prevent extension of packages downstream.
- Making the containers infinitely configurable is not the right approach, makes training and scope too complex, need to strike a balance
- TomJ: Trust Access Platform software integration working group is the right place to manage the decisions around packaging.
- But making the decisions and approach around packaging visible to the community is a function CACTI can help with.
- CACTI could put together principles around packaging and share that with the community, help amplify the message
- Sustainability and software supply chain is important
- Shibboleth and packaging
- Shib Consortium is not currently able to embrace the direction of enforcing containers
- Due to budget/resource constraints
- Migration to Shib v4 is coming up
- Small percent of orgs are at Shib v4. However Shib v4 is required for the IDP for SIRTFI so this will become an issue in 2021
- Being asked at CANARIE how to get all the IDPs current to Shib V4. Hoping that use of containers will help
- Shib is the best identity provider system, but can be challenging to deploy and update
- For containerized products, upgrades are much simpler
- A promising model is the direction taken by Grouper, introducing attractive new features, including easier upgrade path, with embrace of container strategy
- Need to look at how the Shib SP protects applications
- All CACTI members are welcome at the biweekly component architect meetings (Mondays at 1pm ET), this group includes representatives from every software project
- Summary: Document principles around packaging and make them more clear to the community. Make a path for the community to provide input
- AI (Jill and Tom) will schedule call with Keith Hazelton to discuss a feedback loop in both directions around packaging
Recruiting and Hiring WG update (Jessica)
- June 10, 2020 IAM Online on Hiring for IAM went well
- Download the slides (PDF)
- View the recording (YouTube)
- Good turnout at webinar , 88 participants
- Regarding next steps for the proposed Recruiting & Developing IAM Resources working group,
- we have a community member willing to co-chair, and another community member expressed interest in participating
- ChrisP and KarenH are interested in being CACTI sponsors
- AI Jessica will set up a call with KarenH, ChrisP, and the community member interested in leadership of the Recruting and Hiring WG
- Then announce the working group and do more announcements / outreach
- Hiring freezes are causing increased outsourcing at some organizations
- Hiring and onboarding new people who work remotely is another challenge
Review of updated HE registry-aaS prospectus and next steps (Tom)
- TomJ has updated the document with delineation of possible goals / objectives
- One goal of the prospectus is to explore the problem space
- Based on this we can analyze what is possible, what makes sense
- AI CACTI members please review updated HE registry-aaS prospectus for next CACTI call
- Question on how this proposal relieves the organization of the identity proofing tasks
- Need to work around absence of a US citizens digital registry
- Use this to explore different solutions
- There is a desire to solve the issue of portability and extensibility and persistence of the identity
- What about improving the trust levels of the student identities?
- Challenging for institutions to have step-up identity proofing, when needed
- There are potential liability issues when identities proofed at one institution is shared with other institutions
- Hoping Pal A will join a future CACTI call, to share lessons learned from EDU ID https://eduid.se/en/
- Benefits come from identification of an individual across institutions
- Identity proofing for password resetting is a challenge at many institutions
- A universal service to handle password resetting would be helpful
Parking Lot
- (From June 9, 2020 call) TomJ - Add as an agenda item for a future CACTI call: Operationalizing containers
Next Meeting: Tuesday, July 7th, 2020