CACTI notes of Wednesday, February 28, 2024

Attendees: Kevin Hickey, Derek Owens, Gabor Eszes, Les LaCroix, Rob Carter, Judith Bush, Chris Phillips, Kevin Mackie, Tom Jordan

With: Nicole Roy, David Walker, Kevin Morooney, Richard Frovarp, Mike Grady, Andrew Scott, Ann West, Ananya Ravipati

Regrets: John Bradley, Rob Gorrell, Gareth Wood, Margaret Cullen

Pre-Read Materials: 

Action Item Review:

We have four approvals for the January 31 notes, Nicole will post shortly

 Agenda

  • Administrivia
      1. Volunteer(s) to scribe
      2. Agenda bash
  • Announcements
      1. Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
        1. CTAB (Richard), TAC (Les), FedCM (Judith)
      2. We have a CACTI working meeting with 20 seats available, at Internet2 Community Exchange, Chicago, Wednesday, March 6th, noon-1:30 p.m. US Central Time
  • Main Business
    1. Futures 2 talk/discussion with Kevin Morooney
      1. Feedback appreciated ahead of the big reveal at CommEx next Wednesday
      2. Original InCommon Futures Report from 2009: https://incommon.org/wp-content/uploads/2019/04/InCommonFuture_20090701.pdf 
      3. This group or some group probably needs to revise the reference architecture. Example: Including commercial stuff in it. What does a contemporary or future-state reference architecture(s) look like? Probably multiple patterns. How do we do things like showing research/federation interoperability given the different parameters present at a given campus?
      4. Inclusion of research reference architectures, like AARC Blueprint Architecture
      5. This is exciting. Good to see some of CACTI’s work show up in places in this presentation. We also need to move faster to “catch up” in some places.
      6. Visualizations in the presentation resonate well
      7. Future role of the governance groups (Steering, CACTI, TAC, CTAB, eAC)
      8. Not enough people to go around
      9. Presentation and the report are important, separate deliverables
      10. CACTI response to FIM4R, future CACTI work on research requirements
      11. Different type of leadership role for InCommon going forward. Institutions need more help with the required direction being pointed out to them. A lot of schools don’t have time to think about where they need to go. Futures2 asks the community what it is looking for/needs.
      12. From chat (Kevin Morooney)
        1. This value proposition communicates that InCommon is the trusted collective for R&E institutions looking to build trusted, cost-effective, up-to-date IAM systems.
        2. InCommon members feel supported by the guidance Internet2 offers them. Technical recommendations and guidelines address a variety of common needs and critical challenges specific to the audience groups that the InCommon community is composed of. This level of targeted support and leadership distinguishes Internet2 and, by extension, InCommon as the authority on IAM for R&E. Members can better identify their level of IAM maturity, and InCommon can better measure how well solutions are meeting specific needs within the membership.
        3.  IAM experts within R&E should know that one of the valuable benefits of InCommon membership is knowing how to quickly and efficiently learn about emerging protocols and requirements in order to integrate them into their IAM system. With targeted guidance, members shift from taking a reactive to a proactive approach with regard to enhancing their security approaches within their IAM infrastructure. Membership engagement and retention increases. New community members join Federation due to enhanced security offerings.
        4.  InCommon takes the lead in upleveling the community to better address the integration challenges that were expressed in the consultation process. These challenges speak to the experience that industry providers have in supporting InCommon products: existing restrictions on admin accounts that are difficult to work around, and the manual, labor-intensive processes required to integrate with InCommon.
        5. Each of the key audience groups that compose the InCommon membership identified aspects of IAM system management that need improvement. While themes exist across the needs of these groups, institutions must be able to see their needs being anticipated by the solutions Internet2 presents moving forward.
      13. Tailoring piece, “how do I make this specific integration work?” Seems hard to be able to account for and effectively communicate.
      14. Lots of places for institutions to go for reference material on things like PCI-DSS, Controlled Unclassified Information, but there is almost no place to go to learn about how to interface with NIH, XSEDE, etc. This is a possible huge value proposition for InCommon. Good frame for “diving in”. 800-63 is another example. 
      15. Knowledge as service. How do you adapt this into a higher ed space?
      16. Inverted solutions pattern from “the old days”: Now we have a lot of solutions, but it’s hard to choose, organize, and implement. 
      17. There is a need to continue to do the “old stuff” while we move forward.  New ways of doing the old way of “solutions bashing”
      18. Moving up the value chain for the deployed base- value, solutions, consulting; While also iterating on “new stuff”.
      19. “Doing the right things” versus “Doing things right” - community helps people understand where they are. Local “errata”. Different audiences. 
      20. Is TAC about “doing things right” while CACTI is about “doing the right things?” TAC used to be focused on “what is federation and how do we make it work?” A lot of what we’ve been talking about is the “whole problem of institutional IAM”. TAC focuses a whole lot on the federation (SSO) problem.   TAC Federated SSO EAC federated login for wifi  CTAB do it securely
      21. A lot of institutional / IdP representation on our governance, and not a ton of SP/relying party representation. 
      22. “How much of this leadership role and understanding above the line has to do with cloud solutions designed by people who think in enterprise terms, like Learning Management Systems?” There appear to be a lot of SPs that don’t know how to play in the federated space, and they may not even have a business need due to a predisposition towards bilateral relationships. 
      23. This all used to be about inter-institutional federation, it wasn’t about the IAM last mile. We need to be informed by the last mile leadership piece. Report says, “lean into that”, which is very different from where we were. 
      24. The landscape has changed and there may be a missing piece. Every institution has an “internal” federation.  How do you manage the “internal” services?  
      25.  Can the small institutions see themselves in the Futures2 report?  Are they addressed?
      26. CACTI is one of the advisory committees not scoped solely to InCommon.  What is the line between InCommon and other stuff?  There are business models that should be explored.
      27. What does an advising ecosystem look like to achieve the outcomes of Futures2?
        1. CACTI’s charter is over 7 years old.  The roots go back to prior to InCommon (MACE existed before InCommon was founded). Thinking about our involvement with standards groups and bodies. Being intentional about engagement with W3C, IETF, etc. Making sure our use cases are represented there.
        2. Standards representation would be a really good thing to coordinate globally (with GÉANT, etc.) 
        3. Who you send to standards bodies matters.  Those participants need to be seen as valuable contributors to the standards.
          1. In the past, for example, SAML2 (OASIS) institutional participation was common.
          2. Internet2 has offset people’s time to participate in the past.
    2. CACTI 2024 work plan
      1. NGCWG next steps?
        1. Read and consider the comments on the consultation
        2. Think about and discuss, between now and the next call, what we need to do to move forward with this effort
      2. Futures 2
      3. Updated crypto “stuff”
      4. Browser privacy “stuff” - risk for institutions, etc. (This venue may or may not be the best for this topic?)  REFEDS is the anchor for this, and how our community will work with the W3C group. There is the bit about speaking to our constituencies about this, and think it’s important for us to keep tabs on this so we can effectively speak to our constituencies about it.
        1. CTAB is tracking the FedCM work coming out of TAC and CACTI.
      5. What are the community appetites for new or different products/services/biz models?
      6. FedCM, wallets, openID Is this a ticking time bomb? 
      7. Topics that eAC needs us to consider/care about?
        1. Eduroam with Entra versus a generalized pattern like geteduroam.app for access 
      8. “Brain drain” and the “accidental IAM person” - being intentional about addressing this
        1. InCommon academy 
        2. Interactions between InCommon and EDUCAUSE
          1. I wonder if there's a way to partner with EDUCAISE to introduce the InCommon academy?
        3. it(The Academy) the communication arm of the knowledge piece.. idpro.org has more first principle foundational things where you go ‘I should apply group based access control here’  but not ‘how do I run Grouper/ Shibboleth’.   There’s a lot of opportunity to dip into both
  1. Representatives to other groups (EAC Kevin H) AI Reach out to Rob Gorrel
  2. CP comments on things for CACTI in 2024: i think there’s  interesting dialogue on explaining the Future2 model contrasted/juxtapositioned alongside <insert_vendor_here> .. the InCommon members will be comparing the Futures2 story this way.. maybe a task for CACTI or is it the architects group that has refined it’s role?  Some of this is already being done.

Next Meeting: Wednesday, March 27, 2024

  • No labels