Interfederation

["Basney, Jim" <>]

Agenda for Jun 18 call:
* Final review and agreement on WG recommendations to TAC

Later in the week I'll send around updated draft WG recommendations for
discussion on the mailing list prior to the call. As always, feel free to
edit the wiki.

-----

Minutes from Jun 11 call:

attending: JimB, ScottC, ScottK, RichC, MarkS, IanY, StevenC, TomS, IJK,
ChrisP, JohnK

agenda:
* Update from REFEDS/TNC
* InCommon-eduGAIN timeline needed by LIGO
* Agreeing on WG recommendations to TAC
* Future of this WG
Recent REFEDS meeting: https://refeds.org/meetings/june13/index.html
  Working on defining LOA across federations.
  Update on Code of Conduct (CoC), extending beyond EU.
  Enabling entities to self-assert compliance with CoC.
  Discussions of improving metadata flow, including REEP/PEER.
  REFEDS engaging with Federated ID for Research (FIM4R) effort.
StevenC proposes that InCommon lawyers look over CoC and new extension
allowing attributes to be sent to SPs in US.
StevenC will send a link to the doc.
InCommon TAC needs to discuss eduGAIN trusted exchange of metadata.
Then need to go through governance process w/ InCommon Steering.
New eduGAIN policies don't require entities to consent to metadata
exchange. What statements has InCommon made to participants around
sharing metadata? Requires due-diligence review.
JohnK sees a way forward on eduGAIN. Can't promise this calendar year.
eduGAIN may be necessary but not sufficient for exchange of
trustworthy metadata. Joining eduGAIN doesn't mean that
interfederation is solved, but it launches us on a good trajectory.
ChrisP: Don't need to solve all eduGAIN technical issues to join.
JohnK doesn't promise that InCommon will join eduGAIN.
InC Steering makes that decision.
AI: Follow-up discussion to identify next steps.
Need to set expectations appropriately for "interfederation" metadata
aggregate provided to InCommon. Some level of "trust" in entities?
These questions on the roadmap to joining eduGAIN.
How do InCommon participants set policy?
Based on InC membership? Entity attributes?
ScottC proposes entity descriptor that represents acceptance of
InCommon POP.
So acceptance of InCommon POP no longer needs to be an implicit
property of the InCommon metadata aggregate.
Shibboleth IdP can discriminate based on entity attributes but not
mdrpi today, so some short term value in use of entity attributes.
Can add this to entity tag discussion on wiki.
Why pursue bilateral interfed if we're doing eduGAIN?
Part of bilateral interfed work could be to identify
mutually-agreeable registration practice statement that could be
floated as a potential standard to be more widely adopted.
Topics include private key handling, upload of metadata from org to
fed operator, key sizes, organizational validation, etc.
Would this set a criteria for assessing eduGAIN members and other
interfederation partners? JohnK: Yes. Related to decision to serve up
untrusted interfed metadata versus serving up interfed entities that
meet baseline trustworthy practice, to help scale the trust.
Another work item: How would LIGO SP metadata be consumed by eduGAIN?
An "export" aggregate. Opt-in or opt-out? Just R&S?
JimB: Agree to add this as future work item.
SteveC: TAC has become more of an umbrella group rather than a forum
for technical discussion. Include in recommendations to TAC that
follow-on subgroup be formed with recommended tasks.
ScottK says he's not able to lead a follow-on subgroup.
Maybe someone else from LIGO could lead. ScottK will go fishing.
Better to be more prescriptive for follow-on work.
InCommon joining eduGAIN recommendation should include: Working with
InCommon Operations to get InCommon into eduGAIN.
Focus follow-on group on eduGAIN? What about InCommon-UK?
Don't de-prioritize other items.
Be more specific on eduGAIN outcome: goal should be joining.
This group recommends that TAC convene a follow-on group to work on
future work items including InCommon should join eduGAIN and the group
should work with JohnK and InC-Ops to make that happen.
It's a community group recommendation. Not an InCommon promise.
Last week at TNC there was an openspaces discussion about interfed.
Documenting best practices. Compendium of design.
Look for vision statement on this in next few weeks.
A "recipe book" for interfederation.
Including attribute release and entity categories? Discovery?
Yes and more. Large set of topics.
How about non-web? OpenID Connect? Recognized as use cases.
Discussion will continue in TF-EMC2.
ScottK: It was encouraging to see a real sense of urgency at TNC to
support large intl VOs like LIGO.