Notes  of CTAB Call of 25-April-2018


  • Brett Bieber, University of Nebraska (chair) 

  • Mary Catherine Martinez, InnoSoft (vice chair) 

  • David Bantz, University of Alaska 

  • Tom Barton, University Chicago and Internet2 

  • Chris Hable, University of Michigan 

  • Ted Hanss, University of Michigan 

  • Jon Miner, University of Wisc - Madison 

  • Ann West, Internet2  

  • Emily Eisbruch, Internet2    

  • Nick Lewis, Internet2  

  • Kevin Morooney, Internet2,  


  • Joanna Rojas, Duke regrets

  • Chris Whalen, National Institute of Health  

Action Items from April 25 call:

  • AI Brett will resolve remaining comments in the Community Consensus Process Doc
  • AI Brett author blog for privacy policy guidance  
  • AI Brett author blog for logo guidance  
  • AI David Walker update the Federation wiki re privacy policy and logo info (once the guidance is final). These will be linked from the BE FAQ

Updates on older action items: 

  • AI Tom, Mary Catherine and ChrisH will participate in conversation with InCommon Ops on cycle times for escalating health check failures 

    • Update: call scheduled for April 26

  • AI Brett, David, and Ann will work on scoping the privacy policy guidance effort. ChrisW will help moving forward  

    • Update: there is a Google doc with FAQ questions about privacy policy guidance   


 Baseline Expectations

  • Community Consensus Process Doc 

  •  Community Consensus Process Doc should go into Trust and ID doc repository, once approved. Emily has assigned a doc repository ID : TI.107.1

  • AI Brett will resolve remaining comments in the Community Consensus Process Doc

Logo Guidelines

    • Thanks to ChrisH and Brett for their work on this

    • Looked at SAML2int guidelines around logos

    • Nothing in the logo guidelines is in conflict with what’s advised in SAML2int

    • MC: it was not hard to obtain logos for the most part in her work as an InCommon service provider

    • The logo guidelines should go on the wiki.  No need for a Doc Repository ID

    • Include popup info on the federation manager about the logo field.

    • Perhaps update the health check email? Or if it already links to the FAQ  and the FAQ includes the logo guidance, that is fine

    • Socialize using  a blog post,

    • Include in  the health check email a statement that we update the FAQ often.

    • Suggestion to add links to the Federation Manager and baseline emails

Privacy Policy Guidance

    • David Bantz suggests we address the question on “why are we requiring a privacy policy” .  Indicate this is a first step. We will probably need a future step of making privacy policies more  available / useful to end users

    • Where will this be published? Add it to the baseline expectations FAQ page….   Link to it from Federation Definition page perhaps

    • Privacy Policy Guidance will not need a doc repository ID

    • Should be socialized using a blog post  

  • AI Brett author blog for privacy policy guidance  
  • AI Brett author blog for logo guidance  
  • AI David Walker update the Federation wiki re privacy policy and logo info (once the guidance is final). These will be linked from the BE FAQ
  • AI Check w InCommon Ops on incorporating the info appropriately into the health check emails.


  • Ann noted that the processes around community consensus/dispute resolution will benefit from the COmanage process which is being implemented within Internet2 to help facilitate collaborations
  • Ann has asked Chris Hubing and Paul Caskey to look at the community consensus work and the process. 
  • We should talk thru this on a future CTAB call.
  • Bill Kaufman may do a COmanage demo for this group in the near future



  • TomB: We transitioned from AAC to CTAB with intention to spend more time on baseline expectations and less time  on the FICAM certifications (bronze and silver profiles). 
  • History is that bronze and silver certifications were never required by the federal agencies. 
  • NIST recently revised the FICAM standard to produce version 3.   
  • There are requirements around procurements in version 3. 
  • Less value to Research and education in version 3.
  • TomB has discussed paths forward in his role as a member of the Kantara board.
  •   recent developments likely do NOT threaten the use of InCommon credentials to access federal agencies without using bronze and silver
  • FICAM program now focuses on commercial users of a federal agency.  
  • But higher ed users of federal agency services don’t need a heavyweight compliance  framework.
  • Should CTAB provide feedback to OMB? Or join with Kantara’s response?
  • TomB: We have overlap with Kantara, but also some separate, distinct interests. 
  • Suggestion that we wait to see what Kantara develops and then decide how to proceed.

Monthly Assurance calls (to be discussed at future call)

  • Should we try to continue monthly assurance calls?
  • These monthly calls are mentioned in the “Stay Informed’ Box on the right on the Assurance wiki:

CTAB Meeting at 2018 Global Summit, Wednesday, May 9, noon-1:00PM

  • This will be a closed meeting for CTAB members


  • No labels