CACTI notes of Wednesday, June 21, 2023

Attending: Rob Carter, Marina Krenz, Margaret Cullen, Kevin Hickey, Rob Gorrell, Richard Frovarp, Jeremy Perkins, Mike Grady, John Bradley, Eric Scott, Derek Owens, Gareth Wood

With: David Walker,

Regrets: Chris Phillips, Les LaCroix, Nicole Roy, Kevin Mackie

  1. Administrivia
    1. Please say your name when you start to speak, until we learn each others' voices
    2. Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
    3. It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
    4. Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
    5. Please use the CACTI scribing doc
    6. Internet2 Intellectual Property Agreement reminder
    7. CACTI Charter pointer
    8. Volunteer(s) to scribe (new standing item)
    9. Agenda bash
  2. Announcements
    1. Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
  3. Main Business

    1. Planning our engagement with NIST (Nicole, Kevin H)

Ann had an engagement with Connie from NIST and found there’s a significant interest in  I2

Connie is slated to come talk to us (CACTI) in July

  1. They are interested in:
    1. Verifiable Credentials / global interop
      1. Trade and Technology Council - US-EU coordination on this stuff. Specific to this administration
    2. Understanding our IAM roadmap
    3. Getting re-connected with us on identity assurance / security / trust things, getting relationship rebuilt
      1. Understanding the current state of Internet2 T&I / InCommon w/r/t this stuff
  2. Possible areas of cooperation with NIST:
    1. Authentication contexts, session lifetimes and signaling. 
    2. Post quantum cryptography. Money allocations within the CHIPS act for R&E.
    3. Providing CACTI/InCommon input into other NIST SPs such as NIST 800-171 (MFA)
      1. What “counts” as phishing-resistant MFA, etc.
    4. Possible NIST participation in CACTI (as SME) and NGCWG, etc.
    5. How we can work together on wallets – next area of research on both sides
    6. Could we help communication between the R&E community and NIST?
    7. A more in depth discussion of the NIST roadmap to understand their direction better.
  3. Discussion:
    1. We see situations where NIH and NIST are not always coordinated when they talk about similar things.  Our constituents (e.g. universities with health services and financial aid) need to adhere to both.  Is there a way we can help coordinate/harmonize these items?
    2. May want to consider inviting CTAB including their NIH SME.
    1. CACTI next discussion topics
      1. See updated list and come prepared to discuss priorities [Spreadsheet updated during this discussion]
        1. Columns in spreadsheet pulled from last year’s topic document
        2. Regrouped some related topics (cf. column C “Grouping”)
      2. Open to new topics. Consider adding new proposed topics at the bottom
        1. REFEDS conversations around Microsoft announcements regarding multi-lateral federation.  Broader subject is what sort of engagement we should have with commercial vendors.
        2. Increasing usage of cloud native Radius solutions (Juniper) which do not work with Eduroam.
        3. Are there architectural changes that we could make to make interoperability with commercial solutions easier.
      3. Tracking new technologies such as post quantum cryptography, webauthn/passkeys
        1. Post quantum https://www.schneier.com/blog/archives/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms.html 
      4. Ensuring R&E needs are met by evolving standards
        1. NIST, NIH, REFEDS, etc..
        2. REFEDS RAF version 2 is in open comments. https://wiki.refeds.org/display/CON/Consultation%3A+REFEDS+Assurance+Framework+%28RAF%29+v2.0  ai Discuss at next planning meeting
        3. SAML2int https://kantara.atlassian.net/wiki/spaces/fiwg/pages/4063349/Working+Drafts 
      5. CACTI is responsible for all Internet2 Trust and Identity services.  Invite sent to Paul Caskey and/or Sara Jeanes to discuss the certificate service which has not often been discussed. 
      6. Are there opportunities for Incommon to help member institutions as the industry deals with changing technologies such as cloud computing and workforce retention and development. Improve ease of use, etc… 
    2. eAC RADEXT discussion update (Rob G) 
  • Margaret forwarded eAC meeting notes to CACTI list
    1. From RobG in chat:  “the eAC received your request and thanks you for it. a good portion of our last meeting was spent discussing the latter, but more time is needed to formulate a response, though consensus is a response should be gathered. discussion focused on two fronts: 1. ensuring updates to Best Practice Guide work already underway align with best privacy practices and 2. knowing Best Practices aren't always followed, could performance indicators be leveraged to include on monthly reports educating a site to the degree their aligning with best practice recommendations. For example, could TLRS logging be used to inform the percentage of inbound auth requests not using anonymized outer identities?”


  1. FedCM and NGCWG updates (Chris P, others?) ai Chris P provide updates via email
  2. Next time: Cert service discussion with Sara Jeanes

Next Meeting: Wednesday, July 19, 2023

  • No labels