CACTI call of Tuesday, January 21, 2020
- Tom Jordan, University of Wisc - Madison (chair)
- Rob Carter, Duke
- Matthew Economou, InCommon TAC Representative to CACTI
- Michael Grady, Unicon
- Karen Herrington, Virginia Tech
- Christos Kanellopoulos, GEANT
- Chris Phillips, CANARIE
- Bill Thompson, Lafayette College
- Kevin Morooney
- Ann West
- Steve Zoppi
- Nick Roy
- Jessica Coltrin
- Emily Eisbruch
- Mike Zawacki
- Jill Gemmill, Clemson (vice chair)
- Marina Adomeit, SUNET
- Les LaCroix, Carleton College
- Margaret Cullen, Painless Security
- Nathan Dors, U Washington
New Action Item from this Call
AI CACTI members please review workplan including the tab on differentiators in the workplan. Add your differentiating use cases
- GÉANT TI roadmap documents
eduroam Advisory Committee Membership Approval Vote (Jessica)
- CACTI is asked to approve the proposed slate of members for the eduroam Advisory Committee
- There was an effort to get a representative slate for this new committee, from various communities
- Hoped to have a representative from museum and cultural institution side, but did not find a willing candidate there
- ChrisP: in the Global eduroam governance committee, input from municipalities, and operations team representation has been important
- The eduroam Advisory Committee may want representatives from US eduroam operations.
- On the current slate, there are two representatives of operations, but not from US eduroam operations.
- Suggestion for CACTI to vote for the slate with suggestion to see if CACTI members have contacts in museum community, municipalities, and US eduroam operations, who might be added later
- Current slate has 11 members, max is 13 members according to charter http://doi.org/10.26869/TI.135.1
- ACTION: CACTI approved the proposed slate for eduroam Advisory Committee Membership
Kevin's messages to Execs at 2020 Global Summit
Kevin will have several presentations at 2020 Global Summit in Indianapolis https://meetings.internet2.edu/2020-global-summit/
- Global Summit InCommon roadmap session
- Focus on the current and future value proposition of InCommon
- Session on “So you’re rebooting your IAM infrastructure” https://meetings.internet2.edu/2020-global-summit/detail/10005724/
- Kevin will do dry runs of this presentation prior to Global Summit for InCommon steering exec, InCommon PAG,
- One topic will be: Did you come for federation and stay for TAP or vice versa?
- Kevin will speak at the Exec track
- For Exec Track, Kevin would like to share the nature of the processes, of the rich ecosystem of community engagement in Trust and Identity. It is helpful when execs know about the high degree of community engagement in decision making.
2020 Workplan Discussion
- "If we could do just one thing this year and be assured of success, what would it be?" -Tom
- Which themes are highest priority for CACTI?
- For adoption and federation membership , may want to call out smaller, higher ed institutions, where there is less track record of federation membership
- Making it easier to adopt the InCommon trusted access platform (ITAP)
- A first step may be to better understand problems, suggestion to do interviews with Collaboration Success Program cohort
- Perhaps ask question about why those who have not adopted don’t adopt ITAP approach or federation.
- Suggestion to conduct a survey of schools who are becoming less engaged and find out why and what is lacking
- focus on finding out what current needs are, get a broader perspective, to be sure we are "skating to where the puck is going"
- Need to understand the gaps
- It was noted there is not yet a truly cohesive story to the ITAP suite. https://www.incommon.org/trusted-access/
- Chicken and egg problem, that RFPs ask for examples that are already working
- Grouper is an established tool. Midpoint is another component of ITAP.
But where is the cohesive identity management governance story?
- Need a way to bring it all together, one place for all access control policy. We are in landscape of pieces coming together.
- Password reset, credential management are not handled easily in the ITAP suite.
- Some commercial solutions have such issues more worked out.
- CACTI can provide advocacy for all of higher ed identity management needs, not just those institutions that select the ITAP suite.
- At the same time, CACTI can be a champion of ITAP, saying this is what we have developed based on what we have heard from and learned from the community
- Grouper and COmanage may fill in the gaps even for institutions using commercial solutions
- Outreach and best practices are important themes for this year
- Building curriculum and knowledge base is key, recommending a product is less important
- Collaboration Success Program can contribute by showing and reporting back on tested patterns and practices
- International Partners are important
- What does it take to run an identity program or a security program?
- Acquiring products is one aspect
- Elements of program operations around how to do role management mapping, how to handle security, etc.
- Staffing and recruitment, what is the essential skill set
- IAM assessment tool has been used, delivered at CAMP for several years, used it at TIER workshops, helps to assess your organization, based on community thinking, my institution is weak in this spot and OK in that spot. Ann forwarded the IAM assessment tool to CACTI
- AnnW and JackS have talked about a tool to assess product capability.
- Could be used to assess ITAP.
- Could produce a spider web diagram as you assess characteristics on various axes.
- Big Ten working group on provisioning and deprovisioning, chaired by Keith Wessel
- the group is creating a cookbook and has produced as assessment tool for products
- Keith hoping to get schools to try the assessment tool.
- Could be a helpful starting point
- Service Provider reach is a gap in the current landscape
- Service providers may lack the GO TO community around IdM, Internet2 may be able to help fill that need
- CIOs don’t always have the tools to meet the researchers' needs,
- the FIM4R effort hopes to address the needs of researchers, libraries etc
- Needs of administration sometimes carry the day, and may be more aligned with what commercial vendors may offer
- Concern that level of effort to maintain ITAP infrastructure (containers) is currently rather high.
- It’s not as turn-key as the community would like.
- SteveZ noted that there is the issue of how much the community is willing to pay for the easier, more turnkey infrastructure.
- Infrastructure around containers is a working group conversation.
- There may be a lack of appreciation for what the community has delivered, with a much lower budget than the commercial entities.
- Many campuses are willing to pay high prices to commercial entities. This relates to mindset.
- Large research institutions have high dependency on multilaterial federation. The story may be different for smaller schools
- Different risk factors for different organizations
- Important to look at what is the support model for deploying an IAM approach
- ITAP is focusing on self supporting and community supporting models
- People already active in the community have an idea how to get help
- Commercial partners can also provide support and can help manage risk around the community
- InCommon Academy can help address the concerns about risk
- Often we talk about open source, but it’s the least interesting thing about our ITAP offerings. Microsoft is open source now. The differentiators and ITAP capabilities for higher ed are what is interesting.
- Agreement we need to talk about the differentiators. Deprovisioning is important in our Higher Ed space, and ITAP addresses this.
- NEXT STEPS: CACTI members should review these notes and add comments to the workplan.
- TomJ will start discussion on the CACTI email list to refine the proposed workplan
- AI CACTI members please review workplan including the tab on differentiators in the workplan. Add your differentiating use cases
Next CACTI Meeting: Tuesday, February 4th, 2020