Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Skip to end of metadata
Go to start of metadata

CTAB of Wed. Feb. 20, 2019


Attending

  • Mary Catherine Martinez, InnoSoft (chair) 

  • David Bantz, University of Alaska

  • Rachana Ananthakrishnan, Globus, University of Chicago

  • Tom Barton, University Chicago and Internet2

  • Brad Christ, Eastern Washington University

  • Eric Goodman, UCOP - TAC Representative to CTAB  

  • Adam Lewenberg, Stanford 

  • Jon Miner, University of Wisc - Madison

  • John Pfeifer, University of Maryland

  • Ann West, Internet2

  • Albert Wu, Internet2

  • Emily Eisbruch, Internet2   

Regrets:

  • Brett Bieber, University of Nebraska

  • Chris Hable, University of Michigan

  • John Hover, Brookhaven National Lab

  • Chris Whalen, Research Data and Communication Technologies

DISCUSSION


Steering Representative

  • Brad Christ, Eastern Washington University, is that Steering Liaison to CTAB
  • Brad chaired the Attributes for Collaboration and Federation Working Group last year
  • Welcome Brad


TAC and CTAB Representatives

  •  InCommon TAC would like a representative from CTAB to join their calls
  • TAC are bi-weekly on Thursdays (2/28 onwards) at 1:00 PM EST.
  • Please let MC know if you are interested. 
  • Eric Goodman, UCOP, is the InCommon TAC Liaison to CTAB
  • Eric served on the MFA Profile working group and other InCommon working groups
  • Welcome Eric


Baseline Expectations - Dockets  

  • Albert will be making additional assignments to CTAB members for outreach to organizations who have not responded around Baseline Expectations
  • Albert has added the sponsor information to the wiki for SPs that are non responsive
  • The CTAB member doing outreach should look at the sponsor info
  • March 14, 2019 is the final cutoff before final stage of preparing list of orgs not meeting Baseline Expectations and submitting list to Steering for final decision. 
  • For completely unresponsive entities, there will notification of intent to remove org from metadata.
  • There are  only 1 or 2 CTAB meetings before March 14, 2019
  • Best way to prepare the list for Steering?
  • Suggestion that CTAB should recommend what should be done for each case.  
  •  prepare comprehensive recommendations, with information on the risks 
  • BradC: CTAB  should provide maximum guidance on what we are asking Steering to do


 

Updates from 2019 TIIME Conference in Vienna https://tiimeworkshop.eu/

Baseline Expectations Discussion at TIIME https://tiimeworkshop.eu/proceedings/2019/sessions/session26/

FIM4R session https://indico.cern.ch/event/775478/

    1. At TIIME conference, TomB presented to the FIM4R group. They were impressed with the progress InCommon has made.

    2. Tom presented some of the CTAB roadmap plans

    3. Heard some concerns  on the MFA issue.   

        • concerns that implementation of MFA in Shib IDP (prior to version 3.4) is not trivial. Must do javascript things and must be familiar with inner workings.

        • version 3.4 of Shib has native DUO inside, this concern about MFA applies to Shib 3.3 and before.

          •   IdP <3.4 with Duo implemented; asserting the REFEDS MFA context if requested did turn out trivial - db, University of Alaska

        • Other concern, when a research  SP wants to express an MFA requirement,  some IDPs they will say Yes or No but some IDPs will not know what this is about and this could lead to a poor user experience


  • TomB emphasized "collaboration ready" in his presentation to FIM4R group at TIIME.  

  • Research IT people do find appeal in “collab ready”. This might not appeal as much to enterprise IDP people.


  • There is interest in security issues and also ease of setup

  • SIRTFI addresses security concerns

  • comment: if this phase of the CTAB roadmap is to make organizations "collab ready, " everyone has a role to help make that happen.

  • Analysis TomB did  for Attributes WG showed that most campus IDPs do work with Science Gateway SPs

  •  There is widespread  use of the Science Gateways, central IT may not always be aware


Next steps for CTAB roadmap

    • More fine grained definition of proposed  MFA “ask”,
    • assign priority to each item, from each stakeholder group perspective
    • Need to define the vision clearly. Is “collaboration ready” the ultimate goal?
    • Perhaps add  “Trusted Collaboration ready,”   so adding security protection measures, so SIRTFI also key
    • It was noted “Collaboration ready” may need more definition. To be ready to support academic collaboration, this means R&S and SIRTFI
    • Rachana noted that  Globus could live without MFA, but R&S is required
    • DavidB: regarding requirement for Error URL, need greater specificity.   
    • IDP as a service working group is being spun up by InCommon TAC
    • Need easier onboarding to the federation. Would be helpful to have a conversion tool. Though this might be out of scope.
    • InCommon TAC has discussed SP Front ending as a service. (A SATOSA or simpleSAML type proxy.)  TAC decided that is out of scope for now.
    • Comment: may need a connector for those  using OKTA or ADFS to assert R&S?

Feedback on proposed CTAB Roadmap from InCommon staff

      • Albert asked InCommon staff for feedback on CTAB proposed roadmap

        • Nick Roy responded with concern that in the proposed CTAB Roadmap there are a lot of major requirements in a relatively short timeline.

        •  For example, changes to Federation Manager may require InCommon Staff resources and this will need to be planned for.  

        • Also concerns around MFA and need for clarity around what we would be requiring.

Remainder of Agenda to be discussed on Next CTAB Call:

    1. Connection between Baseline next steps with working group activities

      • Deployment Profile

      • OIDC/OAuth Deployment WG

      • others

    2. Next step?

  1. Logistics

    1. Do we have a call week of Global Summit (March 7)?

    2. CTAB wiki - does anyone have concerns if we move CTAB wiki into its own space?

Next CTAB call : Wed. Feb 27, 2019

  • No labels