CACTI notes of Wednesday, July 19, 2023

Attending: Margaret Cullen, Kevin Hickey, John Bradley, Rob Carter, Derek Owens, Richard Frovarp, Kevin Mackie, Barry Johnson, Erik Scott, Gareth Wood

With: Andrew Regenscheid (NIST), Connie LaSalle (NIST), Ryan Galluzzo (NIST),  Meghan Anderson (NIST), Gema Howell(NIST),  Leilani M (NIST), David Walker, Kevin Morooney, Ann West, Albert Wu, Sara Jeanes, Keith Wessel, Dave Shafer, Andrew Morgan, Joanne Boomer, John Miner, Jeremy Perkins, Keith Wessel

Regrets: Robert Gorell, Nicole Roy

  1. Administrivia
    1. Please say your name when you start to speak, until we learn each others' voices
    2. Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
    3. It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
    4. Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
    5. Please use the CACTI scribing doc
    6. Internet2 Intellectual Property Agreement reminder
    7. CACTI Charter pointer
    8. Volunteer(s) to scribe (new standing item)
    9. Agenda bash
  2. Announcements
    1. Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
  3. Main Business

    1. NIST and InCommon with NIST staff
      1. NIST’s Identity Program - multi-disciplinary team developing on NIST’s IAM Roadmap - principles, objectives, and activities for the coming years
      2. NCCOE - enable “Transition to Practice” Homepage | NCCoE (nist.gov)
      3. Roadmap in draft status 
        1. Next Generation Credentials (user controlled digital identities) and multilateral federation are particular points of interest
        2. mDL NIST current efforts
          1. Integrating mDL and other digital evidence into 800-63
          2. contributing to ISO/IEC 18013-7 to define online and unattended use case requirements
          3. Open to research efforts to harmonize digital identity models
        3. Upcoming browser changes can have impacts.  800-63b and -63c are higher level documents that rely on industry standards
        4. Minimal release of attributes - over 21 versus release of dob.  Privacy preserving release exists within 800-63
        5. Next-generation credential working group - use case development using common terminology with NIST.  NIST will recruit for use cases as well as NCCOE.  Working group use cases could be submitted.
        6. Use of metadata to build / facilitate the trust.  How do the various parties (issuer, verifier, holder, wallet)  know how to establish trust between the components.
          1. Internet2 has expertise in trust establishment. Potential area of collaboration
        7. NIST has an interest in promoting greater federation and interoperability of identity solutions. (800-217)
        8. NIST 7/25 workshop on 800-63
        9. Ann West Internet2 community is tracking the academic development efforts around eIDAS 2.0 too. The organization working on that in the EU also runs research and education federation-metadata exchange service: GÉANT
          1. GÉANT’s GN5 project package: https://geant.org/gn5-1/
        10. Digital Equity and Access doesn't always go hand in hand with the ability to support the technology infrastructure that NIST standards require. Is NIST thinking about transitions to practice for those organizations/ individuals?
          1. How can organizations, smaller organizations, without the resources to meet the required standards, still participate
          2. NIST is aware of the concern and open to ideas on how to address this
        11. Universities often fall under both NIST, NIH standards which are not well harmonized.
        12.  ????
    2. InCommon Certificate service info session and discussion with Sara Jeanes
      1. Level setting and where the service is going - Sara oversees Eduroam and the certificate service
      2. Service started out as an all you can eat certificate service.  Types of certificates offered.
        1. Code signing
        2. User
        3. Server
      3. Recent focus on automation (ACME) and management at university scale
        1. Management at scale (SSO)
      4. What is the next need (adhoc group working on this question)
        1. https://incommon.org/news/incommon-certificate-service-advisory-group-launch/
      5. Some vitals - 200 orgs code signing, 600 subscribers, 1300 websites
      6. Everyone that uses the service must sign the Incommon agreement 
      7. Eduroam/EAP and use of certificates.  Is there a simple deployment automation?
        1. Allocation of certificate to use Eduroam instead of passing email address (getEduroam)
      8. Opportunities for collaboration between Certificate service and NG credentials
      9. Is there an opportunity/need for a liaison between CACTI and the Credential service.
    3. (if time) Circling back around to next steps with NIST


Next Meeting: Wednesday, August 16, 2023

  • No labels