CACTI notes of Tuesday, October 11, 2022

   Attending

Members: Rob Carter, John Bradley, Richard Frovarp, Les LaCroix, Kevin Hickey, Mike Grady, Erik Scott, Chris Phillips, Steven Premeau, Margaret Cullen, Jeremy Perkins

With: Nicole Roy, Steve Zoppi, Kevin Morooney, David Walker (late)

Regrets: Licia Florio, Ann West, Barry Johnson

  • Pre-Read Materials: 
      1. InCommon Trusted Access Platform Reference Architecture
      2. Chris' proposed template for gathering recommendations to Component Architecture 
      3. https://github.com/fedidcg
      4. 15 USC Title 16 I(C)314
  • Administrivia
      1. Internet2 Intellectual Property Agreement reminder
      2. CACTI Charter pointer
      3. Agreements:
        1. Please say your name when you start to speak, until we learn each others' voices
        2. Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
        3. It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
        4. Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
  • Volunteer(s) to scribe (standing item)
        1. Please use the CACTI scribing doc
      1. Agenda bash
  • Announcements
    1. Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
    2. Update to 2H22 Windows 11 CredentialGuard may get in the way of eduroam 
      1. Dev meeting notes from eduroam (link redacted)
      2. TLS 1.3 is not currently supported by EAP. Without support, there are potential privacy concerns
      3. Windows updates will require a discussion on passwordless login for eduroam
      4. User experience may be disrupted but trust may remain intact.
  1. Main Business
    1. The TAP Reference Architecture
      1. What components should and possibly should not be part of the future?
      2. What are the gaps to be filled?
    2. Chris' proposed template for gathering recommendations to Component Architecture - comments/modifications welcomed
      1. Form will be used to assist in delivering value to the community by improving the development cycle time.
      2. Supporters added to the form for persons supporting the suggestion.  Helps with the gravitational pull assessment
      3. Estimated impact added to form.  Impact can be subjective.
      4. Question.  How does this impact existing working groups?
      5. Cacti can be a prefilter for the submitted recommendations  Has the suggestion been already reviewed? Is it already on the roadmap? Nope- we should not pre-filter/pre-optimize.
      6. AI: All: CACTI members contribute to this document
    3. Action item for group.  Review, revise the proposed template with suggestions for the next meeting.
    1. Continuation of architectural priorities discussion (All)


  1. W3C Browser Privacy Update (Chris P.)
    1. Testing and assessments are necessary 
    1. Vendors view this a security/privacy concern that they are forced to address for their customers
    1. https://github.com/fedidcg
    2. Interesting comments: https://github.com/fedidcg/meetings/blob/4438632d8f91f7320e940b3b8b0a5de09f5ba940/2022/2022-09-13-TPAC-notes.md?plain=1#L380
    3. This is a tracking item as developments continue. This is not an if, but a when change.
    4. This is not just a Chrome issue.  Apple and Mozilla are also in the conversation. Microsoft, since it is Chromium based, is also impacted.
    5. Redirect based federation is at risk based on current development tracks.  
    6. These changes will impact more than SAML.  OAuth, OpenID, LTI, MANY other APIs.
    7. GoogleChrome team  has published their state of play: Intent to Ship: FedCM (was WebID)

Did not get to this item, will be top of agenda for next time: 

  1. FTC Title 16 requirement for educational institutions to implement MFA, encryption at rest and in transit I(C)314


Next meeting: Tuesday, October 25, 2022



  • No labels