CTAB Wed April 24, 2019


  • Mary Catherine Martinez, InnoSoft (chair)
  • Brett Bieber, University of Nebraska
  • David Bantz, University of Alaska
  • Tom Barton, University Chicago and Internet2  
  • Brad Christ, Eastern Washington University
  • Eric Goodman, UCOP - TAC Representative to CTAB
  • Jon Miner, University of Wisc - Madison
  • John Pfeifer, University of Maryland
  • Albert Wu, Internet2
  • Emily Eisbruch, Internet2   


  • Rachana Ananthakrishnan, Globus, University of Chicago -
  • Chris Hable, University of Michigan
  • John Hover, Brookhaven National Lab
  • Adam Lewenberg, Stanford  
  • Chris Whalen, Research Data and Communication Technologies
  • Ann West, Internet2

 Action Items from this call

[AI] CTAB members  chime in on the draft BE Adherence Guide, especially  

a. whether these are the statements we want to bring to consensus and

b. whether wording (degree of required-ness) is appropriate


Should CTAB receive standing updates from related committees and working groups?

    • It was noted that InCommon TAC has updates from other groups as a big portion of each call
    • Decision: CTAB should hear reports on TAC and other groups as needed
    • When appropriate, updates from TAC (to be provided by Eric Goodman or David Bantz) can be inserted into the CTAB agenda during the  agenda bash

Baseline Expectations Closing Update

    • The communications sent to the community in mid-April inspired movement on the part of several organizations who were on the list of “intent to be removed”
    • See  latest status: https://spaces.at.internet2.edu/x/ZAJ0C
    • There are only a few organizations still on the “intent to be removed” list
    • It was decided to provide  a deadline when an organization tells us they are working on making the updates to meet BE
    • Two weeks from the conversation with InCommon ops should be the standard deadline.
    • Albert will update the dockets with  deadlines as they are communicated to the participants

2019 Baseline Expectation Roadmap  

  • Albert  has worked on proposed updates to the foundational baseline expectation doc,  http://doi.org/10.26869/TI.34.1 
  • compliance with SIRTFI has been added in the proposed draft
  • There is a second document, BE Adherence Guide, has more detail
  • It was decided  the next version of the foundational BE doc should be version 2 (not version 1.1)

    SIRTFI and next version of Baseline Expectations
    • Question: Do we want SIRTFI to be a requirement for BE, or a sufficient means of meeting the security baseline expectations?
    • One concern is that SIRTFI is about incident response, not about security as a whole?
    • Also do we need to put a version number for SIRTFI?
    • Brett suggests we state SIRTFI can be  a means of meeting the security requirement
    • This fits with the idea of clarification of the baseline expectation around security
    • SIRTFI’s Traffic light protocol can be an issue. SIRTFI has a requirement to use traffic light protocol to communicate with other participants.
    • Could we break SIRTFI into components?
    • TomB: SIRTFI’s intro provides some flexibility into how strictly each section must be adopted,
    • much of SIRTFI compliance is not observable from outside the organization
    • Last resort can be community dispute resolution process if some entity objects to the level of a federated partner’s adherence
    • Acceptable use policy is part of SIRTFI,
      • Some institutions can’t provide acceptable use policy exactly,
      • may be part of a university system that has a slightly different policy
      • (there can be union negotiation implications to acceptable use policy)
    • For matters that are externally provable , baseline expectations  is proving them.
    • But for matters that are internal, does CTAB want to know the details of the institution’s tradeoff? Or just want the yes/no flag?
    • Could create entity category around a requirement, but not require it as part of BE
    • SIRTFI will evolve, is it currently a good enough common standard that will not cause shock if Baseline Expectations suggests it?
    • How many orgs might leave if SIRTFI becomes part of BE?  https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf
    • It was noted that any proposed change to BE would go out for community consultation, providing a chance for community reaction and feedback
    • Suggestion to add mention of SIRTFI in the draft BE Adherence Guide
    • TomB suggests including SIRTFI in the BE statements, to encourage discussion
    • Suggestion to require SIRTFI for federation manager access
    • Suggestion for annual community tabletop discussion
      • Community BE Tabletop could be a good TechEx Topic
  • We may want to keep track of concerns on proposals around next phase of BE
  • Next steps are for CTAB to keep working on the draft BE updates doc and the BE adherence guide doc

  • [AI] CTAB members  chime in on the draft BE Adherence Guide, especially  

    a. whether these are the statements we want to bring to consensus and

    b. whether wording (degree of required-ness?) is appropriate

Agenda items not discussed on this call

    • Connection and link to BE foundation doc and PA
    • Research orgs frustrations - how do they feed BE2019
    • Discussions within TAC, Net+ regarding IdPs
    • “Jack Suess” Badging thread . see above (David/MC/Albert)
      • Does CTAB wish to chime in?
  • How do we bring next set of BE requirements to the community? (question for Tom)
    • Do we position this as an addendum to current BE?
    • Do we start a new round of community consensus?
    • What is the timing for communication/engagement?
  • Question for the group - future CTAB work / agenda ideas (MC)

Next CTAB  Call:  Wed,, May 8, 2019


  • No labels