Attending
Members
- Rob Carter, Duke, (Chair)
- Les LaCroix, Carleton College (Vice-Chair)
- John Bradley, Independent
- Margaret Cullen, Painless Security
- Joshua Drake, Indiana University's Center for Applied Cybersecurity Research
- Matthew Economou, InCommon TAC Representative to CACTI
- Michael Grady, Unicon
- Kevin Hickey, Detroit Mercy
- Marina Krenz, REN-ISAC
Internet2
- Steve Zoppi
- Nicole Roy
- David Walker
- Netta Caligari
- Kevin Morooney
- Ann West
Regrets
- Barry Johnson
- Chris Phillips
Action Items
- Everyone: We don’t yet have the requisite 4 approvals for the 10/12 or 10/26 minutes. If you haven't already, please review them.
- Rob will talk with newly-elected members to make sure they’re still willing to serve.
Discussion
Agenda bash
- We don’t yet have the requisite 4 approvals for the 10/12 or 10/26 minutes. If you haven't already, please review them.
Announcements and Updates
- Should we hold or skip the meeting on Tuesday, November 23? Week of US Thanksgiving
- Yes we will have a meeting (consensus of the group)
- Will need to pick a scribe from the attendees
- Update on member balloting
- We have an “impenetratable” majority with existing votes. Nicole will send the results via electronic mail.
- Rob will talk with newly-elected members to make sure they’re still willing to serve.
- The next step is to elect new officers after the newly-elected members have joined.
- We have an “impenetratable” majority with existing votes. Nicole will send the results via electronic mail.
Community Update
- (skipping this time)
Questions For The Community
- The discussion had been framed by Rob Carter's Slack Post of 11/1/2021.
- Kevin Morooney provided some background.
- Dave Lambert spearheaded a global NREN CEO forum. It consists of about 75 organizations.
- There were a few CEOs who are interested in Trust and Identity related issues, but the emphasis is on network issues.
- Klas Wirenge and Kevin have agreed to develop a charter for a activities and “shop” it around within the CEO group for support.
- Global T&I work needs to be an activity of the NRENs in order to succeed.
- We need to find out what people need.
- The answers depend on who you talk to, institutions, their end-users, US vs. other parts of the world, ...
- Rob shared stats from the 5/18/2021 IAM Online call (slide 9, among others, of https://www2.internet2.edu/l/66332/2021-06-23/dq4z9t/66332/1624471869mSzlutPq/doc_Community_IAMCall_20210518.pdf), showing what IAM functions people are looking for.
- This was based on a call Ann and Mike Corn conducted earlier.
- The results tend to focus on operational needs. Not privacy, consent, support for researchers, etc.
- Why is this? We don’t have a good answer.
- This was based on a call Ann and Mike Corn conducted earlier.
Next CACTI Meeting: Tuesday, November 23, 2021
Related Communications
Results of voting for new CACTI membership
| Subject: | [cacti] Results of voting for new CACTI membership |
|---|---|
| Date: | Tue, 09 Nov 2021 09:39:11 -0700 |
| From: | Nicole Roy |
Hello,
With a supermajority of voting CACTI members having cast their ballots for new members, Licia Florio and Erik Scott have been elected as our new CACTI members, with three-year terms starting in 2022. I’ll work with Rob and Les to figure out the logistics of inviting them to at least one meeting before the end of the year. Rob is going to verify that they are willing and able to serve, and then I will work with Netta to get the membership list on the InCommon web site updated.
Best,
Nicole
Rob Carter's Slack Post of 11/1/2021
Greetings, @channel! In our last meeting, we agreed to all consider questions we’d like to find ways to answer in pursuit of getting a bead on the vector/trajectory of T&I at the moment (where we are as a community and where and how fast we’re headed) to evaluate what the T&I space in R&E will probably look like in another 2+ years, and what gaps we expect we may need to find ways to fill before that future is realized. I said I would try to kick off the discussion online with some seed questions of my own — these aren’t at all definitive, and I’m not wedded to any of what follows, so please do challenge me if you think these are heading in the wrong direction (preferably with your own thoughts on what we should be asking the crystal ball about 
).
When I think about this space, I sorta break it into a small number of sub-spaces where different questions arise:
- Current problem space priorities - what T&I related problems are organizations solving / looking to solve currently?
- Current solution strategies - what strategies are organizations using to solve those problems (eg., TAP software components, commercial offerings, local solutions)?
- Problem priorities over the next period of time — what (if any) changes do organizations anticipate in the scope and character of problems they’re going to need to solve in the T&I space?
- Solution priorities over the next period of time — do organizations have an intent to change their solution strategies in the time period?
- Drivers - what are the constraints driving their choices about how to solve problems over that period?
That’s just one way of carving the space, of course, and I’d be interested to know how other folks would divide it up (especially if that break-down misses something you think is important for understanding the vector we’re trying to explore). Based on that carving, though, I can imagine some basic questions we might want to explore getting answers from the community for:
In the first two areas, I think there’s a good starting point in the data Ann and Michael Corn were able to develop back in the Spring. We might want to extend their analysis — I could imagine starting from their breakdown of the problem space into topics (eg. “guest management”, “onboarding”, “access control”) and trying to ascertain where on a scale from “don’t understand the problem statement” through “don’t see a need to solve that problem” to “have a solution that meets our needs” different organizations place themselves. Likewise, I could see taking that same breakdown and the class of solution breakdown Ann and Michael used to ascertain how organizations position their solutions — perhaps from “not solving it now” through “solving it using home-grown tools” and “solving it using TAP tools (and potentially, which one(s))” to “solving it using a commodity SaaS offering (and potentially, which one(s))“.
In the second two areas, I could imagine a similar approach — we might try to determine what problems organizations think they’ll need to have solutions for in two years’ time, and how the prioritized problems may be changing, for example, and ask for each solution where organizations might want to see their solutions positioned in two years.
In the “drivers” space, I could envision asking questions about how organizations are prioritizing different facets of solutions — are organizations committed to using particular solution strategies for their own sake (buy versus build, for example)? Do they see a greater need for inward-facing or outward-facing (federated) identity services? How do they prioritize things like security, privacy, accessibility, community footprint, solution lock-in, etc., and possibly where do they view different solution strategies fitting in their priority model?
I imagine folks can probably think of other whole spaces I’ve not touched on where we might want to ask/answer questions — this is mostly just an attempt at provoking thought and starting a conversation.