CACTI Call Tuesday, Feb. 2, 2021

Attending

Members

• Rob Carter, Duke, (Chair)  
• John Bradley, Independent  
• Margaret Cullen, Painless Security  
• Joshua Drake, Indiana University's Center for Applied Cybersecurity Research  
• Matthew Economou, InCommon TAC Representative to CACTI  
• Stoney Gan, University of South Florida  
• Michael Grady, Unicon  
• Kevin Hickey, Detroit Mercy  
• Marina Krenz, REN-ISAC  
• Jeremy Perkins, Instructure  

Guests

• Kim Owen, North Dakota State University (2020 eAC co-chair)   
• Rob Gorrell, University of North Carolina Greensboro (2020 eAC co-chair)   

Internet2 

• Ann West   
• Steve Zoppi    
• Nicole Roy  
• Emily Eisbruch   
• Mike Zawacki  

Regrets

• Les LaCroix, Carleton College (Vice-Chair)  
• Marina Adomeit, SUNET  
• Barry Johnson, Clemson 
• Chris Phillips, CANARIE 
• Bill Thompson, Lafayette College
• Kevin Morooney, Internet2  

Action Items

•  AI (Nicole and Rob) follow up with Margaret regarding Trust and Identity PAG participation

 Discussion

•  Administrivia
• Internet2 Intellectual Property Agreement reminder
• CACTI Charter pointer
  
  
•  How CACTI wants to communicate between meetings  
• Slack
• Mailing list
• Something else?
•  Decision: Email will be primary. 
  • Nicole as flywheel will let people know on email if an important CACTI conversation is happening on Slack

Request for a T&I PAG representative from CACTI membership  

• T&I PAG is advisory to Kevin Morooney
• Bi-monthly meetings, second Monday of the month at 4 p.m. ET 
• Works on strategy for the Trust and Identity division
• Margaret volunteers to be the CACTI rep to PAG
• Thank you Margaret
• AI (Nicole and Rob) follow up with Margaret regarding T&I PAG participation
  
  

Poll on CACTI topics

• Thanks to everyone who responded to poll on most important topics for CACTI

IDP as a Service report consultation is still open

• IDP as a Service report consultation is still open, extended to Feb. 19, 2021
• https://spaces.at.internet2.edu/display/inctac/Consultation+on+IdP+as+a+Service+Working+Group+Report 

eduroam Best Practices Guide (Guests Kim Owen and Rob Gorrell)

• Link to the eduroam Best Practices guide
• Overview:
• This Best Practices Guide was an important deliverable for eduroam Advisory Committee (eAC)
• Developed in context of using US policies and regulations
• Guide is not intended to be highly technical
• Provides best practices for forks in the road, where as an eduroam deployment you could go in different directions
• New communities, including K12, libraries, and museums are interested in eduroam
• The Best Practices Guide is intended to be updated over time
• Comments from CACTI 
  • Use cases provided are helpful
  • With RadSec moving to TTP, will an update to the guide be needed around load balancing?
    • Yes, the guide is intended to be a living, evolving document.  
  • Are there cloud based approaches that should be mentioned in the guide? More plug and play?
    • RobG: the best practices guide will evolve to address eduroam next generation
  • Document could benefit from list of references, example definition of radiostatus server
    • For example, In public school systems, some may not be familiar with RADIUS
  • When eAC was chartered, there was awareness that other countries, in Europe have similar committees. How are those committees working together if at all?
    • eAC has 2 international members , see list here: https://incommon.org/community/leadership/
• Authentication Methods
• There is a push for MFA, including from the NIH  
• RADIUS uses older authentication methods 
•  web protocol would be tricky in this context, but some sort of MFA would make sense
• RobG: currently the Best Practices Guide focuses on certificate-based methods for authentication, not username and password
• If RADIUS evolves, that could change
• Eduroam versus MDM?
• RobG: did not tackle MDM in this best practices guide
• Recommend ETLS on server end
• Do not recommend on client end 
• End user provisioning is a pain point, especially student owned equipment and devices
• In K12 especially, there are not MDM solutions that Higher Ed may have
• Will be helpful to get feedback from support organizations on device provisioning
• sites with difficulty with RADIUS might think ETLS means a need for PKI
• More info on ETLS could be helpful for this guide
• RobG: we tried to keep the best practices guide broad
• But there may be a gap in supporting documentation
  
  
• DECISION: CACTI provides conditional approval to the eduroam Best Practices Guide with note of recommendation to add appendix to the guide, as well as coverage of stronger authentication within RADIUS, and discussion of ETLS without PKI per the discussion above.
• Thanks to the eAC for the excellent work 

Parking Lot

1. CACTI representative to Trust and Identity Program Advisory Group (Rob/Les/Kevin)
   
   
1. Does CACTI still need a representative on PAG?
2. Volunteer needed if so
2. Final report of the CACTI OIDC Working Group (Rob)
1. Next steps to get this completed
3. Preferred method of communication between meetings- Slack, mailing list, … ?
4. First major discussion topic of 2021 - please see list of topics that came out of end-of-2020 ideation compiled by Rob (Rob)

Next Meeting: Tuesday, February 16th, 2021