Kantara FIWG Teleconference
Approved by quorum on 2019-06-05 call
Date and Time
- Date: 15 May, 2019
- Time: 16:30 EDT
- Nick Roy v
- Scott Cantor v
- Vlad Mencl nv
- Keith Wessel v
- Judith Bush v
- Andrew Morgan nv
- Alan Buxey v
- Colin Wallis nv
- Eric Goodman nv
- Roll call
- Quorum achieved
- Here is the group participation agreement, AI: anyone who wants to vote should fill it out and indicate that they want to have voting status.
- Agenda bash
- Approval of previous meeting's minutes: https://kantarainitiative.org/confluence/display/fiwg/Meeting+Minutes+01+May+2019
- Review of previous AIs:
- Need to get an update on this next time (May 29)
- Could contact people at vendors who we know maintain their federated SSO, ask them if they want to provide input.
- Reaching out personally to people could work, but what is the input we want? Research projects of the world have had many opportunities to provide input. Vendor side of things is a different problem space that is not consistent with the goals of this doc, with the exception of targeted outreach to collaborative space (Internet2 NET+). Rest is about other sectors like government, which is mostly what Kantara consists of now. Would have to have direct outreach for that.
- There is an IDPro Slack org, Judith could post to SAML, gov identity, general channels. Proposed message:
- Kantara has a SAML interoperability working group that has reconstituted to approve a new version of SAML2int that aspires to address existing interoperability issues and look ahead to improved crypto. The draft is at https://kantarainitiative.github.io/SAMLprofiles/saml2int.html We’d love your input into the revision of the original SAML2int. If you want to get involved, please take a look here for meeting times, mailing list, and how to become a voting member: https://kantarainitiative.org/confluence/display/fiwg/Home
- A few early e-gov people were around this WG before Rainer got involved. Maybe we should check with Colin to see if he can drum up some eGov type people.
- AI: Keith reach out to Colin Wallis about eGov people to contact [DONE]
- Free to do whatever we want, even if that’s due diligence, ask for feedback, do one last round of editing, call for a vote.
- Need to frame the ask on feedback, because people focused on pragmatics are not going to understand what we’re trying to do.
- Discussion of vendors in Internet2 NET+ program as part of feedback.
- Want to expose others to this, get some buy-in.
- AI: Nick reach out Sara Jeanes to gauge NET+ (Sara, vendor architects) interest in reviewing/feedback.
- There is a hope that InCommon could give sponsored partners a discount because they do certain things in alignment with the profiles.
- Reaching out to eGov/etc is also a form of evangelizing. At least awareness-building.
- Colin sent the solicitation to the eGov list. Will seek additional ideas from Colin on getting feedback.
- Walter: formatting revisions
- Keith: email to solicit more participation
- Resume discussion of next steps
- Most of the spec sounds reasonable to Vlad
- Avoiding nameID was surprising - Shibboleth IdPv3 upgrade in New Zealand, moved away from eduPersonTargetedID, to persistent nameID
- The move away from ePTID and persistent nameID is because applications don’t treat identifiers case sensitively, so we are facing a security problem with those identifiers. This is all covered in the subject ID specification (https://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/saml-subject-id-attr-v1.0.html)
- The new identifiers look useful, this is not a dissenting opinion, it’s more of a ‘sigh, we have to change again, but there’s a good reason for it.’
- No other comments at this point.
- Nick will spin up a feedback wiki page in the Kantara wiki when we start to get dissenting opinions.
- Wait and see what happens with broader participation, revisit on May 29.
- Want to extend this meeting to a full hour?
- 5:30 US ET is OK with Scott and Judith
- Don’t need another 15 minutes at the moment, could extend later if needed.
- Not a problem with Alan to go to an hour either.
- Leaving length at 45 minutes for now.
- Picking up where we left off last week, we need to start a document to record dissenting opinions.
- We also need to get some dormant attendees to rejoin to actually have dissenting opinions to document.
- Discuss where to go from here
- Meeting adjourned - next meeting 29 May 2019, same time/place
Call ended at 50 min.