Page tree
Skip to end of metadata
Go to start of metadata

CACTI call of Tuesday, January  7, 2020



  • Tom Jordan, University of Wisc - Madison (chair)  
  • Jill Gemmill, Clemson  (vice chair)  
  • Rob Carter, Duke   
  • Margaret Cullen, Painless Security  
  • Nathan Dors, U Washington 
  • Matthew Economou, InCommon TAC Representative to CACTI 
  • Michael Grady, Unicon 
  • Karen Herrington, Virginia Tech    
  • Les LaCroix, Carleton College 
  • Chris Phillips, CANARIE  
  • Bill Thompson, Lafayette College  


  • Kevin Morooney   
  • Ann West  
  • Steve Zoppi   
  • Nick Roy 
  • Jessica Coltrin 
  • Emily Eisbruch   
  • Mike Zawacki 


  • Marina Adomeit, SUNET
  • Christos Kanellopoulos, GEANT

Pre-Read Materials

  1. Notes from face-to-face meeting, focusing on what to pursue in a 2020 workplan
  2. Notes from ACAMP session on new talent recruitment


CACTI Leadership

  • There is a transition of CACTI chairs at today’s meeting
  • Thanks to Chris Phillips for his service as first chair of CACTI
  • Thanks to Tom Jordan (new chair) and Jill Gemmill (vice chair) for stepping up to CACTI leadership
  • CACTI roster is linked from

Global  Summit 2020, March 29 to April 1

  • Deadline for submitting working meetings at Global Summit is January 10, 2020- do we want one and if so, what format?  
  • Only two CACTI members are definitely planning to attend GS 2020 
  • Decision: CACTI will not meet at 2020 Global Summit
  • Perhaps those CACTI members who are at Global Summit can get together for dinner
  •  Kevin Morooney will share info on the CACTI workplan at 2020 Global Summit, at some of these opportunities:
    • Trust and Identity PAG will likely meet at Global Summit
    • Kevin has been asked to share InCommon Roadmap 
    • Session, “So you are rebooting your IAM Infrastructure”
    • Executive Track, Monday afternoon March 30, 2020 -  150 people, Kevin will have a presentation there 

OpenStack Survey from David Chadwick (Jill)

      • Survey:
      • What is the level of OpenStack adoption in our community?
      • At U Wisconsin, not doing a lot with OpenStack
        • Federated identity for cloud
        • Using Cloud native, leveraging azure, etc. not building private cloud infrastructure
        • Some interest in OpenStack in research space
        • No single cloud for core infrastructure
      • Carleton, federating thru Shib, have some Wordpress activity and that is a challenge to federate, but not looking at OpenStack
      • NickR filled out the OpenStack survey for InCommon Operations 
        • It’s weighted towards those who are running OpenStack
      • More interest in private cloud in Europe
      • CANARIE is using OpenStack
        • When IDP as a service is adopted, then how does ? fit it
      • David Chadwick had project around keystone

2020 CACTI Workplan Discussion  

  • How do we define a vision for "what is next" in some broad categories of impact, and
    • what are reasonable outcomes to strive for in 2020?
  • How to create a more balanced portfolio for CACTI’s work
    • Previous CACTI work has been focused on technology
  • Christos has shared the European approach focused on outcome more than technology
  • Kevin: Global Summit coming up March 29 to April 1, 2020, so it's great for CACTI to develop workplan for Kevin to share 
  • Important theme is making it easier, such as
    • easier for IDP operators to connect to federate,
    • easier for researchers 
  • Used to have to know about DNS to connect to an internet provider.
    • Now that’s not needed, stuff just works.
    • Hope to get to that point (it just works) with what InCommon has built. 
    • It is a challenging transition to that point. 
  • Having reference body of knowledge is important
    • InCommon Academy / curriculum / best practices are working towards that
  • Keith Wessel leading a Big Ten working group , best practices for provisioning cookbook, this group met at 2019 TechEx, work is coming to completion soon
  • Suggestion to use the term cookbook rather than best practices

  • Is there a role for CACTI in supporting 2nd Collab Success Program (CSP) Cohort in terms  of making it easy? 
    • CACTI can be sure CSP students are teaching us (teachers) on what’s challenging
    • Agreed that feedback from the field is crucial
    • Joining someone else’s circle is helpful
    • There are various circles to be aware of, including those in charge of identity management and end users

  • Carleton has adopted one piece of the Trusted Access Platform, would like to adopt more
  • CLAC has group of 70+ schools. Few  are using the Trusted Access Platform. Adoption might increase if it was easier
    • CLAC schools may have less research emphasis and this could be  a factor in low adoption of Trusted Access Platform
    • There would be interest in how easy it would be to “turn on” a whole range of capabilities
    • Emphasize to CLAC schools how trusted access platform and federation  facilitates identity management. 

  • May need to better explain the value proposition for adopting the Trusted Access Platform
    • Suggested Value prop: “Once you have trusted access platform deployed you have access to a wide range of SAS and cloud based services  of interest to the Higher Ed environment”
    • Emphasize that federation and Trusted Access  Platform are about security, access control, holistic solution
    • A goal is to be able to talk about federation so  that it’s obvious the benefit, such as with eduroam?
    • There is much to do to connect with eduroam, but people don’t complain about it due to strong and easy to comprehend value 
      • Eduroam provides ubiquitous access to the network
  • Transition from environment where you can do anything to situation where environment doesn’t give you so many choices.
  • Grouper Deployment Guide is a start in providing a prescriptive environment
  • Baseline Expectations (BE) is an example of that shift also. BE has been well received

  • Effort Required to Participate in Federation
    • At  U Wisconsin , Integrating SAS solutions requires effort across the organization.  Would like this much effort around federation
    • How much effort is required to integrate w a vendor depends on a vendor’s capabilities. When you consider a vendor and they are in InCommon, you know that integration with them will be simpler.
  • AnnW discussed security professionals conference with EDUCAUSE
    • There is a new Access Management? track
    • Ann suggested someone from our community join that EDUCAUSE program committee

  • Question: have we done analysis/comparison of alternatives to federation? 
  • To provide clearer value proposition. Where does federation save me money and give my stakeholders better access?
    • Perhaps share this info on the InCommon website.
  • TomJ did some of that analysis to sell statewide federation a few years back. Focus on idea of replicating user stores for multiple services. Password reset issues. Cost savings are realized in other services, not within Access management itself.  Can seem transparent to the organization. 

  • OpenID Connect and the federation is important.
  • We may be left behind if we don’t invest in integrating with OPENID Connect.


  • Broad categories:
    •  figuring out what’s hard and what we can do to make it easier, 
    • making ITAP more opinionated by default, 
    • outreach element
  • Workplan should be in terms of outcomes we want in next year
  • Outcomes examples: 
    • cookbook
    • quickstarts for all the ITAP pieces
    • More universities to join InCommon Federation and adopt InCommon Trusted Access Platform

  • Let’s continue outcomes discussion on the CACTI email list. TomJ will start a thread  on the CACTI email lis


      1. Potential areas of impact
        • BaseCAMP, InCommon Academy as current examples 
        • Working group on getting new talent into the community (not in the F2F meeting notes because it came up at ACAMP)
        • Your ideas here..
        • How does the software fit into cloud-native environments?
        • How do SaaS-oriented services (IdP as a Service, etc) fit?
        • Your ideas here..
        • Cross-institutional needs - FIM4(research || libraries || etc)
        • Campus / CIO needs and priorities (provisioning, compliance, guest access, etc)
        • Your ideas here..
        • Commercial vendor ecosystem (Net+ and beyond)
        • Outreach to other key conferences and/or groups (e.g. NSF CI Security Conference)
        • Outreach to key public sector partners (NSF, NIH, others?)
        • Your ideas here..
        1.  Growing and sustaining the IAM community
        2. Growing and sustaining the InCommon Trusted Access Platform portfolio
        3. Addressing community needs
        4. Engaging with larger ecosystems

Next Meeting: Tuesday, January 21st, 2020



  • No labels