CACTI notes of Tuesday, October 25, 2022

Attending

Members: Rob Carter, Erik Scott, Chris Phillips, Mike Grady, Marina Krenz, Richard Frovarp, Margaret Cullen, Kevin Hickey, John Bradley, Barry Johnson, Steven Premeau, Licia Florio

With: Nicole Roy, David Walker, Steve Zoppi 

Regrets: Les Lacroix

Pre-Read Materials: 

  1. 15 USC Title 16 I(C)314
  2. CACTI 2023 nominees

Action Item Review:

 Agenda

  1. Administrivia
    1. Internet2 Intellectual Property Agreement reminder
    2. CACTI Charter pointer
    3. Agreements:
      1. Please say your name when you start to speak, until we learn each others' voices
      2. Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
      3. It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
      4. Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
    4. Volunteer(s) to scribe (new standing item)
      1. Please use the CACTI scribing doc
    5. Agenda bash
  2. Announcements
    1. Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
    2. W3C FedCM work is progressing - Heather Flanagan happy to provide an update for us
    3. Erik Scott - NSF Cyberinfrastructure Security Summit
      1. Sponsored by Jim Basney/TrustedCI at University of Indiana in Bloomington
      2. Mix of academic/staff from NSF major facilities/etc
      3. Identity and access management - Getting on CISO radar
      4. About one third of the content was I AM-focused
      5. If you have a med school, NIH money may dominate your sponsored funding
      6. SciTokens - looking pretty dominant in this space
      7. Federal users - government employees, need to use NSF major facilities - IceCube Neutrino Observatory, etc. Science people in the USGS need access- cleaner solution than the one-off provisioning they’ve been doing
      8. Two-factor authentication (phishing resistant)  - FTC compliance as a side-effect of just needing to get MFA for NIH requirements.
      9. NIH requirements are viewed positively. Timing is a concern - REFEDS LOA.
  3. Main Business

    1. Update on wallet discussion in TAC (Nicole, Steven P)
      1. Microcredntialing - Digital Credentials Consortium
        1. Verifiable credentials
        2. Privacy protection - authorized release. 
      2. Protocol proxying - Italian eGovernment OpenID Connect Federation possibly proxying into W3C Verifiable Credentials space for interop with an "EIDAS 2.0" or "ERASMUS Plus Plus" type of interoperability requirement
      3. SAML and OpenID interop and proxies and protocol translation
      4. Concern about identity/trust issues.  May give the holder more control over how their information is shared.  One good side is that if a company, say Google, were to move to using this, they wouldn’t know what you were doing (unless you used their browser).  
      5. These are ‘verifiable credentials” which leaves a lot to define in order to get privacy guarantees, etc.
      6. Trust is the key.  A conversation needs to be had. What is the trust framework?
      7. John Bradley- please add link to the new JOSE privacy WG
    2. FTC Title 16 requirement for educational institutions to implement MFA, encryption at rest and in transit I(C)314 (Margaret)
      1. Regulation requires designation of responsible individual, the scope of the requirement (MFA/Encryption) is vague but does expand the requirement to PII.  
      2. Potential impact on eduroam and federation services.  CTAB has existing focus on MFA
      3. Action item: CACTI should ask CTAB to assess the impact.
      4. REN-ISAC is home for the encryption discussion
      5. EDUCAUSE wrote a letter to the FTC about this in March: https://er.educause.edu/articles/2022/3/higher-ed-responds-to-proposed-safeguards-rule-reporting-requirement 
    3. Update on 2023 CACTI nominees; voting planning (All)
      1. A great pool of 7 candidates. 
      2. 3 slots open, charter allows 14, 12 existing so 2 seats open if we choose to fill the open seats
      3. Consideration of the individuals and perspectives they bring
      4. Action Item: Review candidates. Specifically those nominated for multiple committees. Continue conversation on Slack channel
    4. Continuation of architectural priorities discussion (All)  Bump to next week
      1. The TAP Reference Architecture
      2. Chris' proposed template for gathering recommendations to Component Architecture - comments/modifications welcomed
    5. Windows 11 PrivacyGuard and eduroam 

Next meeting: Tuesday, November 8, 2022



  • No labels