Page tree
Skip to end of metadata
Go to start of metadata


CACTI Call July 7, 2020



  • Tom Jordan, University of Wisc - Madison (chair)  
  • Rob Carter, Duke   
  • Matthew Economou, InCommon TAC Representative to CACTI  
  • Michael Grady, Unicon   
  • Karen Herrington, Virginia Tech    
  • Les LaCroix, Carleton College  
  • Chris Phillips, CANARIE    
  • Bill Thompson, Lafayette College  


  • Kevin Morooney  
  • Ann West  
  • Steve Zoppi   
  • Nick Roy   
  • Jessica Fink  
  • Emily Eisbruch    
  • Mike Zawacki  


  • Jill Gemmill, Clemson  (vice chair) 
  • Marina Adomeit, SUNET
  • Nathan Dors, U Washington
  • Margaret Cullen, Painless Security  
  • Christos Kanellopoulos, GEANT  

Action Items from this call

  • AI Jessica will share the glossary with CACTI  when it’s ready.  CACTI will discuss after BaseCAMP

Older Action item   

  • AI Jessica - help coordinate a quarterly update from CACTI to community on best practices, trends and directions (coordinate with other InCommon governance groups) 

Intellectual Property reminder


Trust and Identity Glossary

  • Jessica reported that with InCommon BaseCAMP coming up July 20-24, 2020, there is a need for an updated Trust and Identity Glossary, with common definitions for terms like IdP, SP, etc.
  • There have been several glossaries developed over the years including:
  • A new updated Trust and Identity Glossary is now being created
  • Once developed the new glossary will need curation ongoing for consistency  
  • Would CACTI want to take charge of ongoing glossary curation?
  • question: Where will this glossary live?  Canvas? Google doc linked from Canvas? Wiki? 
  • answer: not sure yet, but it should be public for easy linking
  • Suggestion to work with REFEDs on the glossary.  Could help in connecting w IDPro and others
    • It was noted that sometimes terminology is solution specific
    • Midpoint, Grouper, etc. may use terms differently (privileges, permissions, groups, roles etc.)
    • Makes most sense to produce an InCommon trust and identity glossary, and offer it to others
  • Suggestion not to overthink this, scope the glossary to the BaseCAMP audience
  • Perhaps assign an editor so there will be a person moderating
  • AI Jessica will share the glossary with CACTI  when it’s ready.  CACTI will discuss after BaseCAMP

Update on IDPro Academic Profile work   

  • ChrisP: Heather Flanagan has added a section in the IDPro Body of Knowledge for Academic IAM 
  • Creating top level categories
  • Need to determine what is meaningful to add
  • Nick suggested focus on research identity (FIM4R)
  • Any effort we apply to the IDPro effort will nudge things in the favor of Higher Ed
  • Positive efforts but the road is long

  • It was noted that Keith Hazelton is arranging a meeting around branding for Trusted Access Platform components, to address negative connotations that may exist in some quarters around adopting open source software

Packaging - CACTI / Component architects discussion on community requirements for packaging 

Review of updated HE registry-aaS prospectus and next steps  

  • Following up on May 26, 2020 discussion with UCSD. See CACTI Public Meeting Notes of 26-May-2020
  • TomJ has revised the HE registry-aaS prospectus document.
  • How much is viable for US Higher Ed to do in the registry area without the framework that exists in Europe?
  • Which parts can we tackle and which parts might be outside of our power?
  • Identity registry for Higher Ed, can we pull this off?
  • It was noted that all HE institutions have developed some identity registry inside their own spaces
  • Question: what is so different / harder about a cross institutional registry
  • Comment: it’s a technical challenge  and there are regulatory issues
  • New legal agreement will be required for InCommon
  • Europe has general citizen registry 
  • There are many pieces we must fill in 
  • Comment: future would be fraught with state level changes in privacy laws
  • Les and Bill: Don’t think a cross institutional registry is feasible without significant and sustained top-down priority and funding at the national level.
    • Needs serious top down priority and funding
  • Outsourcing identity proofing and authentication could be a viable service in our current context.
  • Yet it's a big lift given technical challenges and existing solutions at each institution
  • Question: Is there a partner to engage to navigate  the bigger project?
    • It was noted partnering w federal govt can lead to different priorities in new administrations
  • For identity proofing and authentication, we can look at hosting COmanage and CI logon as examples
  • Around authentication and identity proofing, there are questions of how to track it, need references to documents, devils in details
  • For authentication, aspects that are federation specific but challenging to support
  • Issues with implementing SAML
  • Integrations of Microsoft campuses is a challenge
    • ADFS orgs cannot fully participate in federation without local modifications
  • Difficult for the long tail, the group we want to attract to federation
  • Suggestion that we should focus on offering services like those that proxies offer for SPs, but we might do it for IDPs
  • We would contract with vendors to do the needed customization (filters, identifiers)
  • This project is better “low hanging fruit”

  • Each state has some different requirements
  • Having something central provides standards
  • Suggestion that we should focus on standards for deep and broad  interoperability
    • let regionals run the infrastructure to help conform to state level policies and laws
  • Distributed ORCID ID
  • Operating with common standards and practices
  • Work for broad adoption
  • Eduroam program hints this is needed at state level for K12 eduroam
  • Is there a business proposition at the state level? 
  • Suggestion to be more participatory in the ORCID space
  • ORCID already has the framework
    • Comment: ORCID is a player but different from what we are talking about
  • It was noted that if the framework is operated at a state level, it will be necessary to handle individuals operating in multiple states
  • Matching and match algorithms will be important
  • Operating a service like this is a big deal, there is crush traffic on certain days
  • Verification step-up service experience showed a separate federation may be needed
  • Subscriptions needed apart from InCommon membership
  • How much of what UCSD requested could we achieve from identity cross matching , use a persistent identifier , less operational lift, more driven by the user, user would provide info to help with linking two or more identities
  • There is the challenge of identity assurance in places where you can’t get strong legal findings to link identities.
    • 25 years ago looked at directory synchronization issues.
    • Attribute authority interface.
    • Build tooling that lets organizations pull info about users.
    • Develop interface standard.
    • Here’s how we agree to format this data. 
    • Agree to export data in a certain format. That might be enough
    • HIPPA-Like approach, make the collaboration easier

  • Ann: question of what we are not doing
  • Internet2 is a community asset
  • Helps the community do things that are tough to do alone
  • Is this the right thing to be doing?

  • Suggestion that we should be looking at user interfaces
  • User enrollment is hard
  • Perhaps do a user interface analysis?
  • Focus on the UX issue versus the data sharing
  • Making the enrollment process better for scientific collaborations
  • Getting users onboarded in a better way
  • Concern about phishing users, need to get identifiers
  • Should be simple to email someone to get them registered
  • Scientists should be able to kick off the enrollment flow

  • NEXT STEPS    
    • Look at the original problems from UCSD
    • clarify the problem we are trying to solve

Parking Lot

  1. (From June 9, 2020 call) TomJ  - Add as an agenda item for a future CACTI call: Operationalizing containers

Next CACTI Meeting: Tuesday, July 21st, 2020 


  • No labels