- From: Jim Basney <>
- To: <>
- Subject: [inc-interfed] Feb 26 notes
- Date: Tue, 26 Feb 2013 15:44:49 -0600
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
- Openpgp: id=0A33BE15; url=http://www.ncsa.illinois.edu/~jbasney/pgp.asc
My notes from today's call are below.
Next week's agenda is TBD. Feel free to add your agenda items to the
Checking the email list membership, it appears the Friday webinar didn't
yet attract anyone new to join us.
attending: JimB, LeifJ, IanY, MarkS, TomS, SteveC, ScottC, ScottK, JohnK
LeifJ intro to Project Mario
very new, lightweight initiative by eduGAIN, ISOC, and PingID
establish global testbed for interfederation
interested in InCommon participation
policy or technology focused? technology.
Ping active in govt and SAAS projects. addressing tech issues.
looking at MDX, entity categories
aggregator implementations implement webfinger to enable
metadata consumer to find metadata feeds
not meant to modify trust properties of the system
write specs, run testbeds
OIX, Kantara metadata, "fake" eduGAINs
how do we get involved? Join Google Group:
in partner gathering phase.
thinking beyond metadata aggregation?
per RP metadata feeds a big first step
getting to full dynamic is going to take a couple years
related to BGP modeling? discussion informed by this analogy.
should we "jump a generation"?
rather than getting products to support what's running out of
steam for us today
metadata is routing tables; need routing protocols for updates
SAAS vendors working with Ping want to work with I2 Net+
value proposition: end entity key roll-over
Leif sees SAML metadata adoption becoming mainstream for commercial
what are short-term goals?
create a few metadata aggregators: filtered MDX, webfinger
demonstrate interop. set up experiments.
"testbeds as a service"
zero hope short term to get commercial vendors to support dynamic
metadata acquisition; tailored feeds is best hope
getting them to update metadata at all automatically would be huge
can we start interop testing?
UNC federation - Steven Hopper very interested in discussing
state system interfed but conflict with our call time
happy to have him join call when he can & also email list
R&E networks InCommon interfed: discussion around IdP gateways,
metadata aggregator - Quilt group
Paul Caskey will give update next week on this.
Take-aways from Friday's TAC Community Update webinar
non-US privacy laws
inter-fed onboarding challenges similar to in-federation?
retroactive changes in fed membership agreements for inter-fed
InCommon member publishing journal w/ intl subscriptions
doesn't require identities, just license info
Alan Crosswell (Columbia)
interfed with state agencies & other verticals beyond higher ed
any new members on our email list since Friday? No.
Would be interesting to compare
COUNTER Code of Practice with Geant Code of Conduct
REFEDS work item on code of conduct
Canonical Interfed Use Case: TomS, ScottK, SteveC
discussion of "entities that the UK passes along to InCommon and
that InCommon makes available as a feed ... in good standing"
what is "in good standing"?
a known entity. operating in compliance with minimum set of controls.
related to JohnK's entity visibility & trust in entity state
have domains been checked for proper ownership?
what is meaning of InCommon digitally signing a document (metadata)?
would we need different keys for different metadata aggregates?
if we have criteria for "good standing",
we'd filter on that when creating metadata aggregate
or push tags and let RP filter locally
is InCommon willing to sign things that it's not authoritative for?
essential for scaling?
look to UK example: InCommon produce multiple aggregates
not an infinite number.
less than 5? matching generally useful properties.
ex. test entities versus production entities (tagged)
LIGO testing proceeding with Cardiff test IdP
(and test IdP wouldn't be in production aggregate?)
JohnK's Google Drawing about LIGO use case
areas to address:
entity visibility: basic metadata exchange
trust in the entity's state: assurance, categories
trust in the entity's intentions and actions: attribute release
for LIGO-Cardiff use case, need to share both IdPs and SPs
fundamental difference between adding IdPs versus adding SPs?
UK makes no expectation of trust in SPs?
InCommon concerned about exposure of attributes to external SPs
what if external federation imposes similar requirements on SPs?
SP requirements come from InCommon membership agreement
- [inc-interfed] Feb 26 notes, Jim Basney, 02/26/2013
Archive powered by MHonArc 2.6.16.