Notes of CTAB Call of 25-April-2018
Attending
Brett Bieber, University of Nebraska (chair)
Mary Catherine Martinez, InnoSoft (vice chair)
David Bantz, University of Alaska
Tom Barton, University Chicago and Internet2
Chris Hable, University of Michigan
Ted Hanss, University of Michigan
Jon Miner, University of Wisc - Madison
Ann West, Internet2
Emily Eisbruch, Internet2
Nick Lewis, Internet2
Kevin Morooney, Internet2,
Regrets
Joanna Rojas, Duke regrets
Chris Whalen, National Institute of Health
Action Items from April 25 call:
- AI Brett will resolve remaining comments in the Community Consensus Process Doc
- AI Brett author blog for privacy policy guidance
- AI Brett author blog for logo guidance
- AI David Walker update the Federation wiki re privacy policy and logo info (once the guidance is final). These will be linked from the BE FAQ
Updates on older action items:
AI Tom, Mary Catherine and ChrisH will participate in conversation with InCommon Ops on cycle times for escalating health check failures
Update: call scheduled for April 26
AI Brett, David, and Ann will work on scoping the privacy policy guidance effort. ChrisW will help moving forward
Update: there is a Google doc with FAQ questions about privacy policy guidance
DISCUSSION
Baseline Expectations
Community Consensus Process Doc
Community Consensus Process Doc should go into Trust and ID doc repository, once approved. Emily has assigned a doc repository ID : TI.107.1
AI Brett will resolve remaining comments in the Community Consensus Process Doc
Process to maintain Baseline Expectations is already in doc repository: http://doi.org/10.26869/TI.105.1
Includes dispute resolution process
Logo Guidelines:
Thanks to ChrisH and Brett for their work on this
Looked at SAML2int guidelines around logos
Nothing in the logo guidelines is in conflict with what’s advised in SAML2int
MC: it was not hard to obtain logos for the most part in her work as an InCommon service provider
The logo guidelines should go on the wiki. No need for a Doc Repository ID
Include popup info on the federation manager about the logo field.
Perhaps update the health check email? Or if it already links to the FAQ and the FAQ includes the logo guidance, that is fine
Socialize using a blog post,
Include in the health check email a statement that we update the FAQ often.
Suggestion to add links to the Federation Manager and baseline emails
Privacy Policy Guidance
David Bantz suggests we address the question on “why are we requiring a privacy policy” . Indicate this is a first step. We will probably need a future step of making privacy policies more available / useful to end users
Where will this be published? Add it to the baseline expectations FAQ page…. Link to it from Federation Definition page perhaps
Privacy Policy Guidance will not need a doc repository ID
Should be socialized using a blog post
- AI Brett author blog for privacy policy guidance
- AI Brett author blog for logo guidance
- AI David Walker update the Federation wiki re privacy policy and logo info (once the guidance is final). These will be linked from the BE FAQ
- AI Check w InCommon Ops on incorporating the info appropriately into the health check emails.
COmanage
- Ann noted that the processes around community consensus/dispute resolution will benefit from the COmanage process which is being implemented within Internet2 to help facilitate collaborations
- Ann has asked Chris Hubing and Paul Caskey to look at the community consensus work and the process.
- We should talk thru this on a future CTAB call.
- Bill Kaufman may do a COmanage demo for this group in the near future
Staffing
- Internet2 has posted a Federation Service Manager job. This new hire should start this summer if possible. Could potentially help with community dispute resolution process.
- Internet2 is also hiring a support engineer for trust and identity. Both new hires are due to the InCommon Fee Increase that was approved starting in 2017.
- https://workforcenow.adp.com/mdf/recruitment/recruitment.html?cid=86f9419e-52c4-4ffd-80f8-cfbda5ad990e&ccId=19000101_000001&type=JS&lang=en_US
FICAM / OMB
- TomB: We transitioned from AAC to CTAB with intention to spend more time on baseline expectations and less time on the FICAM certifications (bronze and silver profiles).
- History is that bronze and silver certifications were never required by the federal agencies.
- NIST recently revised the FICAM standard to produce version 3.
- There are requirements around procurements in version 3.
- Less value to Research and education in version 3.
- TomB has discussed paths forward in his role as a member of the Kantara board. https://kantarainitiative.org/trustoperations/arb/
- recent developments likely do NOT threaten the use of InCommon credentials to access federal agencies without using bronze and silver
- FICAM program now focuses on commercial users of a federal agency.
- But higher ed users of federal agency services don’t need a heavyweight compliance framework.
- Should CTAB provide feedback to OMB? Or join with Kantara’s response?
- TomB: We have overlap with Kantara, but also some separate, distinct interests.
- Suggestion that we wait to see what Kantara develops and then decide how to proceed.
Monthly Assurance calls (to be discussed at future call)
- Should we try to continue monthly assurance calls?
- These monthly calls are mentioned in the “Stay Informed’ Box on the right on the Assurance wiki:
- https://spaces.at.internet2.edu/x/4SM
CTAB Meeting at 2018 Global Summit, Wednesday, May 9, noon-1:00PM
This will be a closed meeting for CTAB members