Kantara FIWG Teleconference
Date and Time
- Date: 10, January, 2013
- Time: 13:00 PT |16:00 ET
- John Bradley, Ping Identity
- Nate Klingstein, Internet 2
- Scott Cantor, Internet 2
- Rainer Hoerbe, KisMed Austria
- Matt Tebo, Protiviti
- Colin Wallis, Internal Affairs Dept, NZ Government
- Rich Furr, Verizon
- Administrative - roll call : Minutes from Dec 20 ;Election of Chair (We should have done this in Dec but forgot.)
- FEDLab SAML tests update
- UK Gov Profile
- eGov 2 Profile - Leif & Colin report on conversation with Anil John?
- SAML 2 Int Profile (Profile updates, Wiki page)
- Kantara, OIX and other meta-data aggregator projects.
- Your agenda items
1. Administrative - roll call
- Quorate call
- Dec 20 Minutes: Moved Rainer, Seconded Nate
- Unanimous agreement to new elections for Officers; Heather to put call for nominations
2. FEDLab SAML tests update - -
- JB suggested RH check with Rainer for the FEDLab test strategy latest update.
- Since the last call RH has discussed JB's issues with Roland H. A conflict of objectives perhaps?
- The current proposal is to structure the test using Python in order to extend use cases and parameterization, and thus not necessary to to configure things intot he test cases.
- JB: Andrews?? has additional requirements - was RH aware?
- RH: Yes, need more than True/False responses when doing SP Authn, but didn't happen. Need to turn off (T/F only?) and exchange fault reporting meta data.
- JB: Need to decide if we want to download a pre-configured IDP vs Joni's notion of a per-configured test harness hosted by Kantara.
- RH: Austria currently run SPs through a set of tests, expecting SPs to download and run. RH can't see how it can be done from a centralized repository.
- JB: OpenIDConnect does both but primarily use the centralized.
- MT: Test SPs now a realistic option over the internet.
- ??: If it is financed by GEANT as an EU project then is it appropriate for KI to run a service and claim some kind of IPR?
- SC: It may be OK for KI to run it under a 'right to use' license, but the code remains opensource.
- MT: Both approaches would get market traction in his opinion.
- JB: So a scenario could be that there is a free download for anyone wanting to use, or a KI one that has some more services and features but notably ends up with certification and a Trustmark. Or an extension of that scenario where KI offers a deployment profile test, for, say SP or IDP to run a test to see if it conforms to FICAM. And the free one is used as a precursor to conformance test, and subsequent certification.
- MT: The added value is for the KI community to share test cases.
- JB: There's value in the test cases themselves, but they are completely separate from the test harness itself.
- JB: What is the next step?
- RH: Roland H needs a month to build a proof of concept.
- MT: The KI community should contribute use cases to a centralized (cloud based) site.
3. UK Gov Profile
Summary: UK Govt is novating the contract with IdPs for Authentication. Unclear what the substitute contract will contain. RF says discussions continuing with vendors.
4. eGov 2 SAML Profile
- MT: FICAM looking to exit the 'profile business' and wants to adopt/extend an existing profile.
- JB: Is that to be a deployment profile of the eGov 2.0 SAML conformance profile, along the lines of SAML2Int? - a fairly small delta from FICAM???
- MT: Never going to be 100% alignment between eGov 2.0 SAML conformance profile and FICAM - the 800-63 'problem'.
- SC: Agreed re the 'problem' but more than that...privacy stuff sandwiched into technical profiles.
- MT: 'adopt/extend an existing profile' might have the effect of reducing FICAM from 40 pages to 3 maybe...
- MT: FICAM is ...considering?? (notes indecipherable) .... SAML2Int, maybe with HoK.
- JB: Should not include BAE and PKI bridge stuff either.
- CW: Should I get permission from Leif and Anil to circulate their email thread at the time Leif and Colin reached out? Agreed as an action.
5. SAML 2 Int Profile
Discussion: Combined with (4) above.
6. Kantara, OIX and other meta-data aggregator projects
Discussion: JB meeting Leif re the possible ISOC and R&E peering between OIX and Kantara aggregators. Ping has a pilot in play for SPs using Ping Federate clients (repeated from last call..?). The pilot is in 2 Parts: First, getting meta data into same IdP, and Second, how to manage the ...accumulation?... (notes indecipherable).. of 3rd parties' attributes as federations grow. Non R&E feds wil have to use R&E methods before long.
7. Your Agenda items
None raised..and no more call time left.
- Date: Thurs 24th, January, 2013
- Time: 13:00 PT | 16:00 ET | (Time Chart)
- Dial-In: +1-218-862-7200
NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.