CTAB Call Tuesday, August 24, 2021


  • David Bantz, University of Alaska (chair) 
  • Brett Bieber, University of Nebraska (vice chair) 
  • Pål Axelsson, SUNET  
  • Rachana Ananthakrishnan, Globus, University of Chicago 
  • Ercan Elibol, Florida Polytechnic University  
  • Richard Frovarp,  North Dakota State  
  • Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
  • Andy Morgan, Oregon State University  
  • John Pfeifer, University of Maryland   
  • Dave Robinson, Grinnell College, InCommon Steering Rep, ex-officio  
  • Chris Whalen, Research Data and Communication Technologies   
  • Jule Ziegler,  Leibniz Supercomputing Centre  
  • Robert Zybeck, Portland Community College   
  • Johnny Lasker, Internet2  
  • Kevin Morooney, Internet2  
  • Ann West, Internet2 
  • Netta Caligari, Internet2  



  • Tom Barton, Internet2, ex-officio
  • Meshna Koren, Elsevier
  • Jon Miner, University of Wisc - Madison
  • Albert Wu, Internet2 regrets
  • Emily Eisbruch, Internet2, regrets


 Intellectual Property reminder

Reminder: register for CAMP / ACAMP if you have not done so https://incommon.org/academy/camp-meetings/2021-camp-week/

Blog on Baseline Expectations 

Working Group / Related Committee updates

  • InCommon TAC  
    • EricG was not able to attend the last InCommon TAC meeting
    • InCommon TAC has been  working on Deployment Profile
    • David Walker has been active in that effort

  • REFEDS Assurance WG 

  • Assured Access Working Group
    • Final Report is now in the document Repository
    • https://spaces.at.internet2.edu/display/TI/TI.157.1
    • Assured Access working group work is complete
    • There will be a combined CAMP session Monday Oct 4th on the work of the Assured Access Working Group and the REFEDS assurance working group
      • Discussing guidance document for Version 1 of REFEDs assurance framework
      • Planned changes for next iteration of REFEDs assurance framework
    • AnnW noted there are several NIH related sessions at CAMP, including 
      • a BOF on MFA, 
      •  NIH session that will focus on the Sept 15 deadline and what upcoming assurance requirements deadlines are, 
      • session looking at proxies in the federation

Upcoming CTAB election: member rotation / recruiting / etc. 

  • Netta reported on advisory committee rollover process
  • August and Sept: Netta will connect with flywheel (Albert)
  • Three people are scheduled to roll off CTAB; however there are no term limits, so current members scheduled to roll of can be renominated
  • October at CAMP and ACAMP: good chance to do recruitment
  • November: new roster will be chosen
  • Jan / Feb 2022 : new year and onboarding of new members
  • Priorities for outreach to potential new CTAB members:
    • There is always  a need for more voices from the Service Provider community
    • One CTAB member suggests encouraging an individual from the Library community on his camp
    • Proxies and science gateways
    • Individuals involved with NSF
    • As part of recruitment, CTAB should look at what’s on the CTAB roadmap, including MFA issue
    • It will be helpful to include info on community involvement in our CAMP / ACAMP presentations, including how to express interest
  • IAM Online for September 15 will focus on recruitment for community/advisory groups
    • You’re the Boss! Getting Involved with InCommon Community Groups
    • Sept. 15, 2021
    • 2 p.m. ET | 1 p.m. CT | Noon MT | 11 a.m. PT

BEv2 Progress - Dashboard

  • Restarting the bi-weekly targeted emails around BEv2 this week.
  • Some “flat lining” of organizations making progress on meeting BEv2
  • Campuses may be occupied with back to school tasks
  • The timeline shows that in mid-December CTAB may need to start doing outreach to non complying entities

Endpoint Encryption Scenarios review 

  • Discussed Scenario 1: Legacy Browser Support
  • What are possible legal ramifications if CTAB is lenient around the need to continue with legacy browsers that don’t support TLS 1.2+ and/or newer ciphers?
  • Organizations will need to  have a plan to address this situation.
  • It was noted that organizations will not want to be publicly identified as having substandard security. 
    • Use a “naughty list” ?
  • Will the info be available for other organizations to access and make decisions based on? (a non compliance entity category)
  • We don’t want to have a two tier federation
  • We don’t have  waivers for other aspects of Baseline Expectations
  • It will be challenging to scale the process if we provide waivers 
  • Noted it would be helpful to get a new Qualys SSL scan with endpoint encryption results
    • there was a  scan on Aug. 12, 2021 for entities not previously getting a grade of A  
  • Suggestion to gather community input on mitigation approaches to supporting legacy browsers
  • This is the kind of issue a security architect would look at your network configuration to address.  There is  only so much detail we're going to be able to  provide here.
  • Summary: we want the entire federation to adopt  the same set of practices, the same baseline expectations.
    This implies each federation participant must adhere now or have a plan for mitigation and then a process for checking up on that plan

Not discussed on this call

Next CTAB Call: Tuesday, Sept. 7, 2021



  • No labels