Notes, CTAB Call of 28-Mar-2018
Notes and Action Items, CTAB Call of 28-March-2018
Attending:
- Brett Bieber, University of Nebraska (chair)
- David Bantz, University of Alaska
- Tom Barton, University Chicago and Internet2
- Chris Hable, University of Michigan
- Ted Hanss, University of Michigan
- Jon Miner, University of Wisc - Madison
- Mary Catherine Martinez, InnoSoft
- Chris Whalen, National Institute of Allergy and Infectious Diseases (NIAID)
- Ann West, Internet2
Emily Eisbruch, Internet2
Regrets: Joanna Rojas, Duke
New Action Items
[AI] (Jon) Consolidate the Community Consensus docs
[AI] (Brett) add opening paragraph about the iterative process
[AI] (ChrisH) work with Brett on the logo advice
DISCUSSION
Staffing update
• Baseline expectations for trust in federation implementation will require additional work/shepherding
https://www.incommon.org/federation/baseline/
• There was an Increase in InCommon fees two years ago. This fee increase supports additional staffing
• Federation Service Manager will be the title for a new staff person who can help support Baseline Expectations,to be posted soon
• In addition Nick Lewis, Internet2 Program Manager now working in Cloud Services area, particularly in Security, will be providing operational support on Baseline Expectations https://www.internet2.edu/people/detail/1989/
Community Notification of Finalized FOPP/PA changes
• The community notification of changes to the InCommon Participation Agreement (PA) and the InCommon Federation Operating Policies and Practices (FOPP) was sent recently.
• InCommon has received few questions
• One institution asked to withdraw, but not because of baseline expectations
• Brett received a question from U. California
system
• Brett noted that at U-Nebraska, communications from InCommon may go to networking team or to trust and identity team.
• Suggestion to encourage government agencies to share info with each other around baseline expectations
• Would be helpful to pull out data on the govt agencies and how many are meeting the expectations currently versus needing attention
• Feedback - it would be helpful to clarify the use of the “M” on the health check report - is “M” good or bad on the report?
Community Consensus Process & “Rules of the Road”
- suggested edit: explain that this is a recommended process.
- CTAB will learn and make iterations with the community’s help.
• Jon and David worked on suggested changes around the email lists for each consensus topic.
- draft strawman for lists and communication in consensus process
• Decision not to “seed” the email list for consensus consultations. invite the community to participate
• CTAB should try to encourage the appropriate people to show up. Deliberately solicit voices
• Makes sense to merge those suggestions from Jon into the Community Consensus Process doc.
[AI] (Jon) Consolidate the Community Consensus docs
• Will likely be an iterative process
[AI] (Brett) add opening paragraph about the iterative process
Privacy Policy (David, Chris W)
- David and Chris reviewed various institutions' privacy policies
- Few share info on “what info about me is released to what services?”
- Should there be a link on the IDP Login page to a privacy statement?
- REFEDs has privacy policy guidance https://wiki.refeds.org/display/CODE/Privacy+policy+guidelines+for+Service+Providers
https://wiki.geant.org/display/eduGAIN/How+to+write+the+Privacy+Policy
https://geant3plus.archive.geant.net/uri/dataprotection-code-of-conduct/V1/Pages/default.aspx
- Having a person to contact with privacy issues is important
- Would be helpful to have Guidance for and IDP Operator on "Who on a campus can help draft a privacy policy if there is no privacy officer"
- HEISC working group could be a good resource
https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/about-heisc
https://spaces.at.internet2.edu/display/2014infosecurityguide/Privacy
- What should be the timeframe within which CTAB insists a privacy policy must be in place?
- First requirement is that there be a link to something.
Three short-term suggestions to the community:
• Link to whatever privacy policy you have in your POP (This works for the 50% that have POPs)
• Refer to privacy policies available through Educause HEISC, even if not federation related
• Develop a web page that links to established organiztional policies related to privacy (data sharing, FERPA release, AUP, etc) as a first step
You can look at privacy policies by organization:
https://incommon.org/federation/info/all-orgs.html
Eventually a webinar on the privacy policy topic could be helpful.
Logo Advice:
AI (ChrisH) will work with Brett on the logo advice
What formats? e.g. jpg/png/svg?
What sizes? Rasterized or non-rasterized?
Background?
Solid/transparent, white black?
Dimensions?
Aspect ratio, e.g. square, rectangular
Design mockups and scenarios for representation:
Discovery pages (IdP)
Consent interfaces (SPs)
Who to talk to on your campus?
Communications office
SP owners
key items:
Should be something the user recognizes and associates with the service or IdP.
MDUI Discussion (Brett) (saved for next call)
CTAB Meeting at 2018 Global Summit, Wednesday, May 9, noon-1:00PM
This will be a closed meeting for CTAB members
Will have a Zoom bridge
Next CTAB Call: Wed. April 11, 2018