CACTI notes of Wednesday, April 26, 2023

Attending: Margaret Cullen, Kevin Hickey, Rob Carter, Derek Owens, Les LaCroix, Chris Phillips, Richard Frovarp, Jeremy Perkins, Gareth Wood, Erik Scott, Barry Johnson, John Bradley, Rob Gorrell, Kevin Mackie, Steven Premeau, Mike Grady

With: Steve Zoppi, Nicole Roy, Kevin Morooney, Ann West

Regrets: Marina Krenz, David Walker

Reminders

  1. Transparency is a critical part of CACTI's duty to the community. Please promptly approve, edit (or indicate reason for disapproval) of minutes after they are posted.

Pre-Read Materials: 

  1. See: CACTI Next-Generation Credentials WG charter - please add comments / edits!
  2. Proposal for rolling PeopleSoft WG back into Software Integration WG
  3. DRAFT NIST IAM Roadmap

Action Item Review:

 Agenda

  1. Administrivia
    1. Please say your name when you start to speak, until we learn each others' voices
    2. Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
    3. It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
    4. Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
    5. Please use the CACTI scribing doc
    6. Internet2 Intellectual Property Agreement reminder
    7. CACTI Charter pointer
    8. Agreements:
    9. Volunteer(s) to scribe (new standing item)
    10. Agenda bash
  2. Announcements
    1. Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
    2. DRAFT NIST IAM Roadmap comment period until June 1
  3. Main Business
    1. PeopleSoft WG proposal to roll back in to Software Integration WG
      1. Unanimous approval
    2. Status update on Passwordless Authentication and Password Managers blog
      1. In progress
    3. Charter for Next-Generation Credentials WG
      1. Do we even want to call it that?
        1. NIST utilizes User Controlled Credentials within the IAM Roadmap 
        2. Verifiable Credentials, Self-sovereign, etc. are used within this space
        3. Next generation is typically used for a three party model 
        4. Call out user controlled credentials and three party model in the scope
        5. Next-Generation Credentials adopted as name.
      2. Are the goals of the group clear and are they what we want?
        1. Google and Apple are moving forward with definitions of APIs.  Window for community input is now. 
        2. Report and TechEx Community facing discussion
        3. Privacy is a goal but also a potential risk for some kinds of next-generation credentials. Include a strength, weakness, and threat assessment within the report.
      3. Any changes needed before we start looking for participants?
        1. Proof of concepts are valuable learning opportunities.  Currently out of scope. Is this limiting the group?
        2. Implementation will be out of scope but retain proof of concepts. 
      4. Leadership of the group
        1. Digital Credentials Consortium (mit.edu)
        1. GÉANT - Klaas Wierenga
        2. Digital Credentials Consortium (MIT) - Kerri Lemoie
        3. CACTI member ?? with a different perspective 
        4. Get 
      5. Other next steps - Unanimous Charter Approved
      6. AI: Nicole reach out to Kerri Lemoie, Margaret reach out to Klaas Wierenga, to seek members and possibly chair
    4. DRAFT NIST IAM Roadmap - feedback due by June 1, 2023. Can/should CACTI contribute feedback?
      1. Sounds like we should give feedback
        1. Does feedback from this community signal to NIST that we have an interest/stake in IAM and therefore the roadmap
      2. Need to identify if there are things that should be on the roadmap but aren’t
        1. Is R&E sufficiently addressed/included?
      3. A couple ways to handle:
        1. This may be the preferred option- then Kevin H, Nicole, Margaret  and Rob C can meet to organize the contributions
        2. AI: Nicole spin up gdoc for this purpose and share with CACTI
        3. AI: Kevin H call a meeting between calls and then we can provide our feedback to CACTI ahead of the May 24th call
        1. Interested parties: Kevin Hickey, Nicole Roy, Rob Carter
        2. Async compilation via open-permissions google doc?
        3. Spin up a temporary working group within CACTI and reach out to others to participate


NIST Post Quantum 

https://www.nccoe.nist.gov/news-insights/nccoe-releases-preliminary-draft-nist-sp-1800-38a-migration-post-quantum-cryptography

[Document link: Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography (nist.gov)]

Next Meeting: Wednesday, May 24, 2023

  • No labels