...
David Groep, DG (Nikhef)
Peter Schober, PSc (ACONETACOnet)
Yannis Mitsos, YM (GRNET)
...
The general feeling was that side meetings are very valuable to TTC members and to many community members. TNC format could be changed to accommodate this need better.
Recommendation: The TTC recommends TNC to consider a format where more side meetings are possible. Options could be to close the formal conference one day earlier and use the Thursday for WG meetings only.
...
ACTION: RE to start the preparation for the SIG-NGN
3. Updates on GEANT (the association) work
TFs/SIGs updates
- TF-MNM - NH noted that the Task Force is running out of enthusiasm and suggested that when its charter expires we should think of moving tf-mnm to a SIG which would fit more the way the current group operates. The current charter is still the reference under which the group operates, although there is no real concrete output.
The TF is working closer to eduroam global governance committee and this has provided useful feedback to both groups; it brings the GeGC closer to more concrete aspects of the operations of eduroam as a global service.
There are less face-to-face meeting lately and more topic-based videoconference, for which there is a lot of enthusiasm. - TF-CSIRT/TI - TF-CSIRT is a different type of task force, in fact the name task force is probably not really fitting this group as the Trusted Introducer service and TRANSITS training are part of the TF-CSIRT service umbrella.
There is a review ongoing of Trusted Introducer, to evaluate if it is still offering the right services to the community as well as the way in which the service is procured.
NH reported on the feeling (only shared by some of the TF-CSIRT participants) that TF-CSIRT can operate independently from the GÉANT. This seems be based on some underestimation on what GÉANT offer in terms of support and coordination not only in organising the meetings (which are mini-conferences) but also in preparing minutes and handling administrative work. - TF-MSP - One of the main area of work is the aggregate procurement approach that is gaining significant consensus; there is already collaboration with the service activity in the GÉANT project that procures clouds services. Plans are to expand the framework beyond clouds.
Another aspect of interest is NRENs Acceptable Use Policy, which is covered for the network services, but it should be expanded to encompass all other services.
The task-force is healthy and there is still significant attendance and participation during the meetings. There is a lot of interest in the output but not a lot of engagement from the whole group to work towards these outputs. Most of the work seems to fall on a few people. This seems to be a trend in many other activities. - TF-WebRTC - The TF work is linked to the counterpart Service Activity in the GÉANT project (Real-Time Applications and Multimedia Management), in fact the TFs can be considered the outreach of the GÉANT-funded WebRTC work.
There is interest in some NRENs in open source solutions 1 (JITSI). Work to this extend is being carried out as a joint effort in the task force and the service activity in GÉANT with the aim to implement an open source platform. The idea is to create a trust an API on top of the secure and trusted WebRTC platform operated by GÉANT. Plans are also to use the task force to create and hackathon to reach out more developers.
PSz said we should focused on the GN3plus EC review recommendation “the network is not so interesting but the applications on top of that are”.
- TF-STORAGE - PZs reported that the task force is business as usual. There was a gathering at TNC targeted at both the industry and the GÉANT Community. OwnCloud and Zettabox (they work similarly to dropbox but they are EU-based) attended the meeting and presented as well. Aconet, University of Vienna and SWITCH seem to be interested in Zettabox . The plan is to offer that under the GÉANT cloud service catalogue: https://catalogue.clouds.GÉANT.net/#/cloudservices .
The TF-Storage is moving more and more towards cost effective storage. Things like the OwnCloud Agreement and FileSender are out of the task force.
- SIG-ISM - AS reported that the SIG-ISM has accepted to reopen the group to all parties interested in ISM, which in principle makes the group available for participation beyond the NRENs community. The aim of this SIG is to create a community of security management professionals in the NRENs and to discuss security management and security standards at NRENs level.
In the last months the SIG has been particularly active. On the 12th and 13th of May the 1st official workshop was held at the Imperial College in London which was both well attended and received. Alf Moens (SURFnet) gave a presentation of the SIG during the last REFEDS meeting with the aim to raise awareness on the group, which could provide support for federations and any identified security risks.
The SIG as part of their outreach has also established a communication with the Security for Collaboration Infrastructure group (SCI, https://www.eugridpma.org/sci/) a collaboration of security staff from several large-scale distributed computing infrastructures, including EGI, OSG, PRACE, wLCG, and XSEDE. The two groups are organizing a joint workshop to be held in the 2nd half of October in Barcelona.
- SIG-NOC - PZs presented the aim of SIG-NOC, that is to create a forum where experts from the community exchange information, knowledge, ideas and best practices about specific technical or other areas of business relevant to the research and education networking community. The group has been shaped following TF-CSIRT model and TRANSIT (train the training), but follows a more light-weighted approach.
There are a set of KPIs included in the charter to evaluate the performances of the group in one year time. RE commented to break out the specific SIG content from the more general part of the SIG template. Staff commented that the specific ToR were indeed an instantiation of a generic template that would be reused in all similar cases. DG was pleased by the involvement of other networks together with the NRENs.
ACTION: PSz to inform the team the TTC approved the SIG-NOC unanimously
- TF-MNM - NH noted that the Task Force is running out of enthusiasm and suggested that when its charter expires we should think of moving tf-mnm to a SIG which would fit more the way the current group operates. The current charter is still the reference under which the group operates, although there is no real concrete output.
Services updates
- Open Cloud mesh (PSz) - Owncloud is active in the Open Cloud mesh, the initiative to interconnect different owncloud instances. OwnCloud has promised to release the code very soon to the TF.
In response to a question on whether the installion code cof OwnCloud is tracked, PSz answered that OwnCloud has an agreement with GÉANT; however they also have bigger customers that are handled independently. We do track the installation that are under the agreement. There is also a closed OwnCloud developer group, for those that are doing development on top of OwnCloud.
- Open Cloud mesh (PSz) - Owncloud is active in the Open Cloud mesh, the initiative to interconnect different owncloud instances. OwnCloud has promised to release the code very soon to the TF.
...
The EWTI event is totally organised by Identinetics GmbH, led by Rainer Horbe. GÉANT main contribution is in the promotion of the event to bring our community there; in return GÉANT community should benefit of some contacts with the government that Rainer has gained during his work as consultant. The MoU is for a one year support; an evolution A one year MoU has been signed between the Amsterdam Office and Identinetics GmbH, with the aim of supporting the EWTI and event and to co-locate relevant events . An evaluation will follow to decide on how to continue in the future.
Technology Exchange I2 – There will be a main REFEDS events event on Sunday before the Technology Exchange meeting starts. Furthermore LF has submitted a request for a WG session to discuss about Sirtfi and assurance. AS has also submit a request for a session to discuss about community requirements as input for the current AARC project as well as consultation for the preparation of the next one.
...
JD showed the service matrix (https://compendium.terena.org/reports/nrens_services) , developed as part of the Compendium. This was extremely well received by the TTC. Thanks for Christian Gijtenbeek (developed it) and Jessica Willis for this result.ACTION
Recommendation: The TTC recommends promoting service matrix widely and to make it easily accessible via the GÉANT website.
...
Recommendation: The TTC recommends
...
GÉANT management to expose any other relevant results coming from GÉANT activities at GA level to ensure they are known (and hopefully supported) by the decision makers.
Davig Groep – DG noted the high expectation in AARC on what it can achieve. We should manage this expectation so that communities will not be disappointed. DG noted that AARC should look at a mechanism to address some general questions coming from the user communities. As an example he referred to a question asked on the RFEDS lists from CERN, which triggered long and convoluted answers, whereas a simple question could have been provided.
...
Peter Schober– IDM Issues in the R&E community
As part of the more in depth area presentation each TTC member offers, PSc gave an overview of the authentication and authorisation practices in the R&E community.
PSc, as part of the more in depth area presentation each TTC member offers, gave an overview of overview of the authentication and authorisation practices in the R&E community.
There is still a lot of phising and asking subjects phising despite users being asked to use more and more more complex passwords obviously won't help there. Mitigation for this are strong authentication, 2-factor authentication, multi-factor authentication, which in practice means a combination of independent authentication methods or technologiespractices.
Yubikey Ubikey and Google joined the FIDO alliance promoting have championed 2-factor authentication (U2F: "Universal 2nd Factor") specs that use established technologies (RSA public key cryptography) , that basically uses established technologies and protocols that are now being integrated into in the browser.
Most of the requirements for 2-factor authentication come from the users in the attempt to protect their passwords rather from the resources.
Despite what many believe, the second factor authentication is not really a way to increase the assurance that the credentials are used by the right good people. To elevate the insurance other means are needed, i.e. verified process etc. which normally bring up the authentication costs.
A problem institutions still face is the request for password reset, which is still a time consuming operation and affects identity assurance.. To date there is no fully automated way to do that as the new passwords have to propagated into the different databases.
PSc touched upon authorisation, which PSc touched upon authorisation, which usually presupposes the user has been previously authenticated.
...
- November 24th – Face-to-face meeting
ACTION: DG to report on operational aspect of service provisioning across e-Infrastructures during the next f-2-f TTC.
8. Summary of the ACTIONS and RECCOMENDATIONS
Ref. | Status | Who | Action | Comment | |
20150708-01 | OPEN | GÉANTRE | To consider a format for TNC where more side meetings are possible.start the preparation for the SIG-NGN |
| |
20150708-02 | OPEN | GÉANTPZs | To promote the service matrix widely and to make it easily accessible via the GÉANT website.inform the team the TTC approved the SIG-NOC unanimously |
| |
20150708-03 | OPEN | VN | PSc | To review his slides and distil what is being worked on and what is not being worked on by the NRENs To talk to the TIC to ensure that T&I recommendations are known and endorsed by the GA. More funding to support integration at campus level is needed |
|
20150708-04 | OPEN | PSc | DG | To report on operational aspect of service provisioning across e-Infrastructures to review his slides and distil what is being worked on and what is not being worked on by the NRENs
|
|
20150210-2 | OPEN | LD | Follow up on the news item about the EGI pilot for the Connect magazine | LD was not at the meeting |
The following reccomendations are noted:
Gyöngyi Horváth and the TNC team to consider a format for TNC where more side meetings are possible.
JD and GÉANT Management to promote the service matrix widely and to make it easily accessible via the GÉANT website.
GÉANT management to expose any other relevant results coming from GÉANT activities at GA level to ensure they are known (and hopefully supported) by the decision makers.
1 RENATER, NIIF, NORDUNET/SUNET, PSNC