CACTI notes of Tuesday, October 11, 2022
Attending
Members: Rob Carter, John Bradley, Richard Frovarp, Les LaCroix, Kevin Hickey, Mike Grady, Erik Scott, Chris Phillips, Steven Premeau, Margaret Cullen, Jeremy Perkins
With: Nicole Roy, Steve Zoppi, Kevin Morooney, David Walker (late)
Regrets: Licia Florio, Ann West, Barry Johnson
- Pre-Read Materials:
- InCommon Trusted Access Platform Reference Architecture
- Chris' proposed template for gathering recommendations to Component Architecture
- https://github.com/fedidcg
- 15 USC Title 16 I(C)314
- Administrivia
- Internet2 Intellectual Property Agreement reminder
- CACTI Charter pointer
- Agreements:
- Please say your name when you start to speak, until we learn each others' voices
- Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
- It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
- Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
- Volunteer(s) to scribe (standing item)
- Please use the CACTI scribing doc
- Agenda bash
- Announcements
- Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
- Update to 2H22 Windows 11 CredentialGuard may get in the way of eduroam
- Dev meeting notes from eduroam (link redacted)
- TLS 1.3 is not currently supported by EAP. Without support, there are potential privacy concerns
- Windows updates will require a discussion on passwordless login for eduroam
- User experience may be disrupted but trust may remain intact.
- Main Business
- The TAP Reference Architecture
- What components should and possibly should not be part of the future?
- What are the gaps to be filled?
- Chris' proposed template for gathering recommendations to Component Architecture - comments/modifications welcomed
- Form will be used to assist in delivering value to the community by improving the development cycle time.
- Supporters added to the form for persons supporting the suggestion. Helps with the gravitational pull assessment
- Estimated impact added to form. Impact can be subjective.
- Question. How does this impact existing working groups?
- Cacti can be a prefilter for the submitted recommendations Has the suggestion been already reviewed? Is it already on the roadmap? Nope- we should not pre-filter/pre-optimize.
- AI: All: CACTI members contribute to this document
- Action item for group. Review, revise the proposed template with suggestions for the next meeting.
- Continuation of architectural priorities discussion (All)
- W3C Browser Privacy Update (Chris P.)
- Testing and assessments are necessary
- Vendors view this a security/privacy concern that they are forced to address for their customers
- https://github.com/fedidcg
- Interesting comments: https://github.com/fedidcg/meetings/blob/4438632d8f91f7320e940b3b8b0a5de09f5ba940/2022/2022-09-13-TPAC-notes.md?plain=1#L380
- This is a tracking item as developments continue. This is not an if, but a when change.
- This is not just a Chrome issue. Apple and Mozilla are also in the conversation. Microsoft, since it is Chromium based, is also impacted.
- Redirect based federation is at risk based on current development tracks.
- These changes will impact more than SAML. OAuth, OpenID, LTI, MANY other APIs.
- GoogleChrome team has published their state of play: Intent to Ship: FedCM (was WebID)
Did not get to this item, will be top of agenda for next time:
- FTC Title 16 requirement for educational institutions to implement MFA, encryption at rest and in transit I(C)314
Next meeting: Tuesday, October 25, 2022