CACTI Call Oct. 13, 2020 

Attending

Members

  • Tom Jordan, University of Wisc - Madison (chair)  
  • Marina Adomeit, SUNET   
  • Rob Carter, Duke   
  • Margaret Cullen, Painless Security   
  • Matthew Economou, InCommon TAC Representative to CACTI  
  • Michael Grady, Unicon   
  • Karen Herrington, Virginia Tech    
  • Christos Kanellopoulos, GEANT   
  • Les LaCroix, Carleton College  
  • Chris Phillips, CANARIE 
  • Bill Thompson, Lafayette College  

Internet2 

  • Kevin Morooney   
  • Steve Zoppi    
  • Nic Roy  
  • Jessica Fink   
  • Emily Eisbruch    
  • Mike Zawacki  

Regrets

  • Nathan Dors, U Washington  
  • Jill Gemmill, Clemson  (vice chair)
  • Ann West, Internet2


Pre-Read Materials

  • CSP IAM Assessment Survey 

New Action Item from this call

  • AI Jessica work to encourage a BOF session on the recruiting / hiring process for CAMP or ACAMP
  • AI: Tom and Nic re-agendize discussion of Federation support for commercial cloud infrastructure 
    for concrete discussion in the future. (done)

Action item from earlier CACTI call

  • AI TomJ - summarize the Sept. 15 CACTI call discussion around the BEv2 consultation and bring this back to CACTI. If approved, CACTI can provide feedback to the BEv2 consultation

 DISCUSSION

IAM Program Assessment wrap-up  

    • BillT Incorporated input to the assessment from discussion on recent CACTI calls
    • Les: looks good, will email a few comments
    • TomJ: looks good, a few areas where terminology (e.g. subject attributes) could be challenging for people new to identity and access management.
      • Might want to provide a definition or link.  Or make the statement less jargony.
      • Or include survey  response option “We have not thought about this”
    • Next steps for survey: Provide it to the Collaboration Success Program (CSP) cohort
    • Additional Comments:
      • Reminded of discussion on an IAM body of knowledge, discussions with IDPro, ongoing blog/article series
      • the IAM Program Assessment provides a good outline of IDM for R&E
      • Could be helpful to the Recruiting and Onboarding Working Group 
      • Suggestion to provide an aggregated outcome to those who take the assessment. 
        • To highlight areas that an organization should focus on for improvement.
        • Could provide assessment outputs as input to IDPro  
        • IAM Program Assessment could become a health check for CIOs 
      • It's helpful for the IAM Program Assessment to be mission and capability oriented rather than geared more towards IAM analysts
      • The IAM Program Assessment could be redone to become part of a Maturity model 
      • Can potentially be used to help people get to the right information.

Status on the Recruiting and Onboarding Working Group (Jessica)

  • The Recruiting and Onboarding working group has had one call, with about five participants
  • Seeking leadership for the working group
  • Jessica conferring with Karen H and Chris P
  • Suggestion to reach out on InCommon Participants list
  • Perhaps best timing is after nominations close for the advisory group members
  • AI Jessica work to have a BOF session on the recruiting / hiring / onboarding process for CAMP or ACAMP


Quarterly update to community status check (Jessica)

    • Deadline for blog submissions (for blogs to be included in upcoming Trust and Identity Newsletter) is today
    • Jessica received a blog on passwords and authentication, thanks to RobC for working on this.  
    • Best way to state the authorship for this blog post? Rob supports stating the blog is from CACTI


CACTI nominations (Tom)

    • Deadline for nominations is this Thursday, October 15, 2020
      • Please encourage possible candidate to self-nominate, or better yet, nominate them yourself if they're willing to serve
    • TomJ is doing some outreach to community members around serving on CACTI
    • There are five open positions on CACTI for next year
    • "Community  Voices, Moving IAM Forward" Webinar Wed. Oct 14,
    • For Oct 27 CACTI call: all review slate of candidates, be prepared to discuss nominees on our next call


Federation support for commercial cloud infrastructure 

  • How to approach exploring federation components or services that would aid member institutions in using commercial cloud infrastructure for federated collaboration?
  • This connects to previous CACTI discussions  
  • It could be helpful to clarify expectations for campuses for cloud research and federation
  • What federation infrastructure is required? 
  • Look at models for providing the support, (federation proxy, proxy services at campuses) 
  • working with vendors for more native federation support 
  • ChrisP: some of these efforts are in flight
  • There are many choices of proxies, some management challenges
  • Much attention to administration
  • Institutions are likely to invest in administrative platforms
  • research and science do not get enough focus
  • Push to adopt cloud platforms
  • Unlikely to get support in these platforms for Multilateral federation
  • How do we position IT decision makers to stress the need to make services work for research as well?
  • Should there be federation tools in place to  support use of the administrative platforms?
  • Nic: there is work  in this space, Streamlining SP Onboarding WG report complete, IP Proxy work,
  • Should there be a question asked of InCommon entities, are they using supported software?
    • If not, there might be a charge for InCommon to run a proxy for you. 
  • InCommon TAC is looking at whether entities should be required to conform to Kantara deployment profile
  • Suggestion that there can be a spectrum of solutions as long as the outcome works
  • In U Wisconsin system, Madison has much research activity, but each other U Wisconsin campus has some research activities.
    • Each campus needs to understand what set of things they need to do to get administrative efficiencies and not create problems for the pockets of research. 
    • If InCommon provided clear recommendations, it would likely help
  • What about CIlogon as a core piece?
  • What does it mean to use Eduroam in the cloud? 
  • What about researchers and non-web?
  • It was noted that at small colleges, these questions are bubbling up, but may be less acute for smaller colleges
  • Modern Auth:
    • Another concern: Modern Auth is coming, end of the life of the password
    • Big shift on authentication
    • Sites in a hybrid mode will be pressured to turn on Modern Auth. 
    • Google and Apple may follow AWS on this shift
    • Maybe become the only way to use Azure
  • AI: Tom and Nic re-agendize discussion of Federation support for commercial cloud infrastructure 
    for concrete discussion in the future.

Parking Lot

  1. (From June 9, 2020 call) TomJ  - Add as an agenda item for a future CACTI call: Operationalizing containers

Next Meeting: Tuesday, October 27th, 2020

 

 

  • No labels