CTAB Wed. Oct. 23, 2019
Attending
- Mary Catherine Martinez, InnoSoft (chair)
- David Bantz, University of Alaska (vice chair)
- Brett Bieber, University of Nebraska
- Rachana Ananthakrishnan, Globus, University of Chicago
- Tom Barton, University Chicago and Internet2
- Brad Christ, Eastern Washington University
- Eric Goodman, UCOP - TAC Representative to CTAB
- Jon Miner, University of Wisc - Madison
- John Pfeifer, University of Maryland
- Chris Whalen, Research Data and Communication Technologies
- Ann West, Internet2
- Albert Wu, Internet2
- Emily Eisbruch, Internet2
Regrets
- Chris Hable, University of Michigan
- John Hover, Brookhaven National Lab
- Adam Lewenberg, Stanford
New Action Items from this call
- AI (Albert) email CTAB about reviewing the two OWASP cheatsheets as a way to help clarify the proposed Baseline Expectations 2020 Statement - All SP service endpoints must be secured with current, supported, unbroken transport layer encryption.
- AI (MC, Brett and David) reach out to those CTAB nominees who listed CTAB as 1st choice to schedule a discussion.
MC will Slack with Brett and David to coordinate. Mention to the nominees the requirement to get Steering approval for slate of candidates, so the process is understood
Pre-reads and materials of interest:
- International (REFEDS/eduGAIN) Baseline Expectations WG: https://wiki.refeds.org/display/ASS/Baseline+Expectations
Discussion
CTAB membership nomination - review nominations (20 minutes) (MC)
- 7 nominees total
- 2 from same institution
- There should be 7-13 members of CTAB, according to the CTAB charter
- Currently there are 10 voting members of CTAB
- JohnH , Brookhaven, and AdamL, Stanford, have indicated that they will not continue as CTAB members, creating two additional open positions on CTAB
- Could potentially bring on 5 new CTAB members, with reappointment of ChrisW
- May want to recruit someone from a National Lab
- TomB: would be good to have additional international CTAB members who are involved in international baseline expectations work
- Decision: hold a preliminary conversation with those nominees who listed CTAB as 1st choice.
- Rachana thought conversations with TomB, Brett, and MC prior to joining CTAB were helpful when she was asked to join CTAB
- AI (MC, Brett and David) will reach out to those nominees who listed CTAB as 1st choice to schedule a discussion. MC will Slack with Brett and David to coordinate. Mention to the nominees the need to get Steering approval for slate of candidates, so the process is understood
- Plan is that Wed. Dec. 18, 2019 will be a CTAB call including the new members.
BE 2020: review companion wiki doc / “FAQ”?
- What else needs to be done to ready materials for BE 2020 community consensus?
- There is a working draft of an FAQ. Plan is that it will be published on the InCommon website as a companion to the BE material
- There is a chance that once the community examines the proposed BE 2020 statements, for example around error URL, more clarity will be required.
- There is concern regarding this proposed BE statement ( difficult for an organization to be sure it is in compliance):
Statement - All SP service endpoints must be secured with current, supported, unbroken transport layer encryption. - DavidB has looked into this for U of Alaska. There are not a lot of options in the approaches
- Eric: Everyone deals with this in their local environment, it’s related to SIRTFI,
- hard to tie down to one specific metric, regarding how many versions back.
- It’s always nice to have specifics, but if it’s tough
- Suggestion to use OWASP materials / wording to tweak this
- Each CTAB member should each read thru the OWASP cheatsheets:
- https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html
- Question on how often the OWASP cheat sheet documents are updated. Issue of drifting changes
- AI Albert email CTAB about reviewing the two OWASP cheatsheets (done)
- Plan is that Tech Ex will be used for last round of feedback from community on BE 2020 plan prior to moving into community consensus
- See the two CTAB Tech Ex 2019 sessions listed below
TechEx 2019 planning
- Combined federation / CTAB update on Tuesday Dec 10, 2019
- Open CTAB meeting on Wed Dec 11, 2019
https://meetings.internet2.edu/2019-technology-exchange/detail/10005609/ - Possible ACAMP topic?
Next CTAB call: Wed. Nov 6, 2019