CTAB call Tuesday June 2, 2020

Attending

•  David Bantz, University of Alaska (chair)
• Pål Axelsson, SUNET
• Brett Bieber, University of Nebraska  
• Rachana Ananthakrishnan, Globus, University of Chicago 
• Tom Barton, University Chicago and Internet2, ex-officio 
• Ercan Elibol, Florida Polytechnic University
• Richard Frovarp,  North Dakota State
• Eric Goodman, UCOP - TAC Representative to CTAB  
• Jon Miner, University of Wisc - Madison  
• John Pfeifer, University of Maryland 
• Marc Wallman, North Dakota State University , InCommon Steering Rep, ex-officio 
• Chris Whalen, Research Data and Communication Technologies   
• Robert Zybeck, Portland Community College
• Ann West, Internet2 
• Albert Wu, Internet2 
• Jessica Fink, Internet2 
• Kevin Morooney, Internet2 
• Heather Flanagan, Seamless Access, guest 

Regrets

• Mary Catherine Martinez, InnoSoft (vice chair)
• Chris Hable, University of Michigan
• Jule Ziegler,  Leibniz Supercomputing Centre
• Emily Eisbruch, Internet2, regrets

Administration

• Intellectual Property reminder   
• Agenda Bash
  
  
  

New Action Items from this call

• AI Albert and David will provide info to CTAB members for outreach around BE v2

DISCUSSION

Seamless Access Entity Categories and  Attributes Bundles Working Group updates - Heather

• SeamlessAccess is a service designed to help foster a more streamlined online access experience when using scholarly collaboration tools, information resources, and shared research infrastructure. The service promotes digital authentication leveraging an existing single-sign-on infrastructure through one’s home institution, while maintaining an environment that protects personal data and privacy.
• Heather’s slides
  • In the future there will be a contract language working group within Seamless Access
  • Authentication only
  • Anonymous Authorization
  •  Pseudonymous Authorization
• Sharing of attributes is not the mission of Seamless Access
•  Seamless Access wants to ensure a decent discovery experience, thus working on entity categories
• Goals:
•   make configuration easier for IdPs
•   offer common language/terms/expectations that can be fed into contracts
• Expectations to be worked into contracts, such as between librarians and publishers
• Three use cases for Entity Categories (mutually exclusive, one per SP): 

• InCommon might provide a context for asserting one of these categories. 
• There could be bilateral agreements that supercede these entity categories 
• Q:   We don’t want the IDP to send all the entitlement data, just the pertinent info. How should this be handled?   A: Not sure how this is handled, looking to working group members to address this appropriately
•  Status: Working group is finishing up some fine points on these entity categories. 
• Then this work will be passed to REFEDS for a comment period
• Library community and publisher community will review carefully during the comment period 

REFEDS R&S and work of the REFEDs Entity Category Working Group (Chris W and DavidB)

• The REFEDs R&S profile needs updates
• There are issues around 
• Use of identifiers
• Is an IDP  in conflict with REFEDs R&S if they release more attributes than needed?
• Should CTAB weigh in on whether REFEDS R&S should eventually be incorporated into Baseline Expectation
• CTAB has said it will include R&S as a potential part of a future update to InCommon Baseline Expectations . We may want to pull in the categories work of the Seamless Access group, discussed above, and the work of the REFEDs group.
•  Issue of whether all IDPs can support what might be required around R&S? 
• Shibboleth can support entity categories, but other frameworks possibly not
• Any SAML implementation can support attribute release, it’s the entity category that is more challenging
• SUNET uses  a toolkit to manage attribute release with ADFS
• Baseline Expectation could be: If an SP requires a certain attribute bundle, the IDP can support that
• Would be enforced through a dispute resolution process
• Albert: Possibly we should clarify what attributes the federation expects its participants to support and how to express them
• Seamless Access bundles are intrinsically bilateral (based  on contracts, with no third party vetting)
• R&S bundles are intrinsically multilateral (no contracts)
• TomB: we want to be sure InCommon Baseline Expectations are not too hard, do not require an organization to change their IAM stack in order to comply
• Rachana:
•  It’s helpful if InCommon provides guidelines, best practices, even if not included in Baseline Expectations, 
• the absence of such guidance leads to bilateral agreements 

Baseline Expectations V2

    List  of InCommon participants for targeted outreach around BE V2; contact assignments - Albert

•  Albert has the list of orgs that  received score of F and below in SSL Lab analysis around meeting encrypted endpoint 
• done a while back, 179 entities, 67 organizations
• It’s less than 2% of entities in metadata
• Shannon is running an updated list and will provide that 
• Once Albert provides CTAB with updated list, we would like CTAB members to contact the participants to ask them about the proposed BE V2.

• AI Albert and David will provide info  to CTAB members for outreach around BE v2
  
  
• “Silence” in the BE V2 consensus process does not mean assent 
• How will we determine we have consensus? 
• BE V2 Office Hours were held May 5, 2020 and were reasonably well attended
• Concern that InCommon participants may not be paying attention to the proposal for BE V2
• Kevin suggests we communicate by email and let people know about last chance to provide input
• After community consensus comes community InCommon consultation
• Possibly an implementation plan will draw more attention than a discussion around new proposed standards

 Not discussed on this call

• Deployment profile - 10KM view and potential future BE Albert & others

Next CTAB call: Tuesday, June  16, 2020