CACTI notes of Tuesday, January 17, 2023

Reminders

  1. Transparency is a critical part of CACTI's duty to the community. Please promptly approve, edit (or indicate reason for disapproval) of minutes after they are posted.
    1. We now have the required four approvals for the notes of the  2022-October-25 CACTI call – thanks to all who reviewed them for keeping us up to date!

Pre-Read Materials: 

  1. Notes of December 8, 2022 CACTI public working meeting at TechEx - We need four approvals, please!
  2. Slide deck for today's call
  3. LastPass Breach announcement:  https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Action Item Review:

 Agenda


Attending: Les LaCroix, Rob Carter, Kevin Mackie, Derek Owens, John Bradley, Margaret Cullen, Marina Krenz, Stoney Gan, Kevin Hickey, Gareth Wood

With: David Walker, Kevin Morooney, Nicole Roy, Steven Premeau (TAC representative), Richard Frovarp (CTAB representative), Ann West, Mike Grady, Steve Zoppi

Regrets: Barry Johnson, Erik Scott

  1. Administrivia
    1. Please say your name when you start to speak, until we learn each others' voices
    2. Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
    3. It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
    4. Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
    5. Please use the CACTI scribing doc
    6. Internet2 Intellectual Property Agreement reminder
    7. CACTI Charter pointer
    8. Agreements:
      1. Volunteer(s) to scribe (new standing item)
      2. Agenda bash
  2. Announcements
    1. Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
  3. Main Business
    1. Introductions, welcome to CACTI, framing CACTI's work (Margaret, All)
      1. Time zones
        1. US Pacific, one fan of early morning meetings (Kevin Mackie / David Walker / Steve Zoppi)
        2. New Zealand (meeting time is 5 a.m., maybe we could move later in the day to accommodate Gareth?)
        3. Mountain TZ (Nicole Roy, CACTI flywheel / Ann West)
        4. Eastern TZ (Margaret / Rob / Derek (ND-Indiana) / Stoney / Kevin H / Steven P / Kevin Morooney / Marina Krenz (IU-Indiana))
        5. Central TZ (Les / Richard / Mike Grady)
        6. Chilean mainland time (John) (E. Greenland/US Eastern at various times of year)
    2. How we want CACTI to work going forward (logistics, etc.)
      1. Slide deck
        1. CACTI is a standing committee to provide long-term (measured in years) strategic input
        2. Proposal.  Current meetings are bi-weekly for 1 hour. Can CACTI be more effective by moving meetings to every 4 weeks for 2 hours?  The change would allow for better preparation (pre-reads) and greater depth of discussion during the meetings
        3. The Slack channels and mailing list will be important communication channels if the meeting is moved to every 4 weeks for 2 hours. 
      2. Strategic response to LastPass Breach?
        1. The impact of the initial August breach has continued to increase.  Credential stores stolen
        2. Is there a strategic vision CACTI can present?  Passwordless?  Is passwordless too far for most organizations? Is MFA the better short-term step forward?
        3. LastPass is an example of the more generic issue of a large quantity of secrets stored in a central repository
        4. Sub-group - throw up a google doc, do some async work, maybe one meeting, try to get an article together before the next CACTI call
          1. Kevin Hickey
          2. John Bradley (limited by summer vacation coming up)
          3. David Walker
          4. Steven Premeau
          5. Gareth Wood

Next Meeting: Tuesday, January 31, 2023



  • No labels