Meeting Notes - 10 January 2013

 

Kantara FIWG Teleconference 

Date and Time

  • Date: 10, January, 2013
  • Time: 13:00 PT |16:00 ET

Attendees

  • John Bradley, Ping Identity
  • Nate Klingstein, Internet 2
  • Scott Cantor, Internet 2
  • Rainer Hoerbe, KisMed Austria
  • Matt Tebo, Protiviti
  • Colin Wallis, Internal Affairs Dept, NZ Government
  • Rich Furr, Verizon

Apologies

Agenda

  1. Administrative - roll call :  Minutes from Dec 20 ;Election of Chair (We should have done this in Dec but forgot.)
  2. FEDLab SAML tests update
  3. UK Gov Profile
  4. eGov 2 Profile - Leif & Colin report on conversation with Anil John? 
  5. SAML 2 Int Profile (Profile updates,  Wiki page)
  6. Kantara, OIX and other meta-data aggregator projects.
  7. Your agenda items

Minutes

1. Administrative - roll call

Summary:

  • Quorate call
  • Dec 20 Minutes: Moved Rainer, Seconded Nate
  • Unanimous agreement to new elections for Officers; Heather to put call for nominations
2. FEDLab SAML tests update - -
  • JB suggested RH check with Rainer for the FEDLab test strategy latest update.
  • Since the last call RH has discussed JB's issues with Roland H. A conflict of objectives perhaps? 
  • The current proposal is to structure the test using Python in order to extend use cases and parameterization, and thus not necessary to to configure things intot he test cases.
  • JB: Andrews?? has additional requirements - was RH aware?
  • RH: Yes, need more than True/False responses when doing SP Authn, but didn't happen. Need to turn off (T/F only?) and exchange fault reporting  meta data.
  • JB: Need to decide if we want to download a pre-configured IDP vs Joni's notion of a per-configured test harness hosted by Kantara.
  • RH: Austria currently run SPs through a set of tests, expecting SPs to download and run. RH can't see how it can be done from a centralized repository.
  • JB: OpenIDConnect does both but primarily use the centralized.
  • MT: Test SPs now a realistic option over the internet.
  • ??: If it is financed by GEANT as an EU project then is it appropriate for KI to run a service and claim some kind of IPR?
  • SC: It may be OK for KI to run it under a 'right to use' license, but the code remains opensource.
  • MT: Both approaches would get market traction in his opinion.
  • JB: So a scenario could be that there is a free download for anyone wanting to use, or a KI one that has some more services and features but notably ends up with certification and a Trustmark. Or an extension of that scenario where KI offers a deployment profile  test, for, say SP or IDP to run a test to see if it conforms to FICAM. And the free one is used as a precursor to conformance test, and subsequent certification.
  • MT: The added value is for the KI community to share test cases.
  • JB: There's value in the test cases themselves, but they are completely separate from the test harness itself.
  • JB: What is the next step?
  • RH: Roland H needs a month to build a proof of concept.
  • MT: The KI community should contribute use cases to a centralized (cloud based) site.     
3. UK Gov Profile

Summary: UK Govt is novating the contract with IdPs for Authentication. Unclear what the substitute contract will contain. RF says discussions continuing with vendors.

4. eGov 2 SAML Profile
  • MT: FICAM looking to exit the 'profile business' and wants to adopt/extend an existing profile.
  • JB: Is that to be a deployment profile of the eGov 2.0 SAML conformance profile, along the lines of SAML2Int? -  a fairly small delta from FICAM???
  • MT: Never going to be 100% alignment between eGov 2.0 SAML conformance profile and FICAM - the 800-63 'problem'.
  • SC: Agreed re the 'problem' but more than that...privacy stuff sandwiched into technical profiles.
  • MT: 'adopt/extend an existing profile' might have the effect of reducing FICAM from 40 pages to 3 maybe...
  • MT: FICAM is ...considering??  (notes indecipherable) .... SAML2Int, maybe with HoK.
  • JB: Should not include BAE and PKI bridge stuff either.
  • CW: Should I get permission from Leif and Anil to circulate their email thread at the time Leif and Colin reached out? Agreed as an action.
 5. SAML 2 Int Profile

Discussion: Combined with (4) above.

6.  Kantara, OIX and other meta-data aggregator projects

Discussion: JB meeting Leif re the possible ISOC and R&E peering between OIX and Kantara aggregators. Ping has a pilot in play for SPs using Ping Federate clients (repeated from last call..?). The pilot is in 2 Parts: First, getting meta data into same IdP, and Second, how to manage the ...accumulation?... (notes indecipherable).. of 3rd parties' attributes as federations grow. Non R&E feds wil have to use R&E methods before long.

7. Your Agenda items

None raised..and no more call time left.

Next Meeting

  • Date: Thurs 24th, January, 2013
  • Time: 13:00 PT | 16:00 ET | (Time Chart)
  • Dial-In: +1-218-862-7200
  • Code:

NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.