CTAB Call Tuesday, August 24, 2021
Attending
- David Bantz, University of Alaska (chair)
- Brett Bieber, University of Nebraska (vice chair)
- Pål Axelsson, SUNET
- Rachana Ananthakrishnan, Globus, University of Chicago
- Ercan Elibol, Florida Polytechnic University
- Richard Frovarp, North Dakota State
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Andy Morgan, Oregon State University
- John Pfeifer, University of Maryland
- Dave Robinson, Grinnell College, InCommon Steering Rep, ex-officio
- Chris Whalen, Research Data and Communication Technologies
- Jule Ziegler, Leibniz Supercomputing Centre
- Robert Zybeck, Portland Community College
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2
- Ann West, Internet2
- Netta Caligari, Internet2
Regrets
- Tom Barton, Internet2, ex-officio
- Meshna Koren, Elsevier
- Jon Miner, University of Wisc - Madison
- Albert Wu, Internet2 regrets
- Emily Eisbruch, Internet2, regrets
Discussion
Intellectual Property reminder
Reminder: register for CAMP / ACAMP if you have not done so https://incommon.org/academy/camp-meetings/2021-camp-week/
Blog on Baseline Expectations
- Thanks to David Bantz for authoring this blog on Baseline Expectations, dated Aug. 26, 2021, “Good News and More News Regarding InCommon Baseline Expectations”
- https://incommon.org/news/good-news-and-more-news-regarding-incommon-baseline-expectations/
Working Group / Related Committee updates
- InCommon TAC
- EricG was not able to attend the last InCommon TAC meeting
- InCommon TAC has been working on Deployment Profile
- David Walker has been active in that effort
- EricG was not able to attend the last InCommon TAC meeting
- REFEDS Assurance WG
- https://wiki.refeds.org/display/GROUPS/Assurance+Working+Group
- Jule - last week’s meeting discussed section 3.1 about identifier uniqueness. The goal is to present it in a more understandable way.
- Facilitating transition of EduPersonPrincipalName to identifiers that are really unique and persistent.
- https://wiki.refeds.org/display/GROUPS/Assurance+Working+Group
- REFEDS MFA Sub Group
- https://wiki.refeds.org/display/GROUPS/MFA+Subgroup
- Hope to present a 3-hour workshop around MFA
- Workshop was suggested by Albert
- AnnW noted that NIH is interested in attending this workshop
- Assured Access Working Group
- Final Report is now in the document Repository
- https://spaces.at.internet2.edu/display/TI/TI.157.1
- Assured Access working group work is complete
- There will be a combined CAMP session Monday Oct 4th on the work of the Assured Access Working Group and the REFEDS assurance working group
- Discussing guidance document for Version 1 of REFEDs assurance framework
- Planned changes for next iteration of REFEDs assurance framework
- AnnW noted there are several NIH related sessions at CAMP, including
- a BOF on MFA,
- NIH session that will focus on the Sept 15 deadline and what upcoming assurance requirements deadlines are,
- session looking at proxies in the federation
Upcoming CTAB election: member rotation / recruiting / etc.
- Netta reported on advisory committee rollover process
- August and Sept: Netta will connect with flywheel (Albert)
- Three people are scheduled to roll off CTAB; however there are no term limits, so current members scheduled to roll of can be renominated
- October at CAMP and ACAMP: good chance to do recruitment
- November: new roster will be chosen
- Jan / Feb 2022 : new year and onboarding of new members
- Priorities for outreach to potential new CTAB members:
- There is always a need for more voices from the Service Provider community
- One CTAB member suggests encouraging an individual from the Library community on his camp
- Proxies and science gateways
- Individuals involved with NSF
- As part of recruitment, CTAB should look at what’s on the CTAB roadmap, including MFA issue
- It will be helpful to include info on community involvement in our CAMP / ACAMP presentations, including how to express interest
- IAM Online for September 15 will focus on recruitment for community/advisory groups
- You’re the Boss! Getting Involved with InCommon Community Groups
- Sept. 15, 2021
- 2 p.m. ET | 1 p.m. CT | Noon MT | 11 a.m. PT
BEv2 Progress - Dashboard
- Restarting the bi-weekly targeted emails around BEv2 this week.
- Some “flat lining” of organizations making progress on meeting BEv2
- Campuses may be occupied with back to school tasks
- The timeline shows that in mid-December CTAB may need to start doing outreach to non complying entities
Endpoint Encryption Scenarios review
- Discussed Scenario 1: Legacy Browser Support
- What are possible legal ramifications if CTAB is lenient around the need to continue with legacy browsers that don’t support TLS 1.2+ and/or newer ciphers?
- Organizations will need to have a plan to address this situation.
- It was noted that organizations will not want to be publicly identified as having substandard security.
- Use a “naughty list” ?
- Use a “naughty list” ?
- Will the info be available for other organizations to access and make decisions based on? (a non compliance entity category)
- We don’t want to have a two tier federation
- We don’t have waivers for other aspects of Baseline Expectations
- It will be challenging to scale the process if we provide waivers
- Noted it would be helpful to get a new Qualys SSL scan with endpoint encryption results
- there was a scan on Aug. 12, 2021 for entities not previously getting a grade of A
- there was a scan on Aug. 12, 2021 for entities not previously getting a grade of A
- Suggestion to gather community input on mitigation approaches to supporting legacy browsers
- This is the kind of issue a security architect would look at your network configuration to address. There is only so much detail we're going to be able to provide here.
- Summary: we want the entire federation to adopt the same set of practices, the same baseline expectations.
This implies each federation participant must adhere now or have a plan for mitigation and then a process for checking up on that plan
Not discussed on this call
- Happenings in entity categories - primer and next steps
- SA Entity Categories (anonymous and pseudonymous)
- R&S 2.0
- CTAB at CAMP - what would CTAB like to talk about?
- How would CTAB like to leverage ACAMP?
- https://www.incommon.org/academy/camp-meetings/2021-camp-week/
Next CTAB Call: Tuesday, Sept. 7, 2021