CTAB call Tuesday, February 9, 2021
Attending
- David Bantz, University of Alaska (chair)
- Brett Bieber, University of Nebraska (vice chair)
- Pål Axelsson, SUNET
- Rachana Ananthakrishnan, Globus, University of Chicago
- Tom Barton, University Chicago and Internet2, ex-officio
- Ercan Elibol, Florida Polytechnic University
- Richard Frovarp, North Dakota State
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Meshna Koren, Elsevier
- Jon Miner, University of Wisc - Madison
- Andy Morgan, Oregon State University
- Dave Robinson, Grinnell College, InCommon Steering Rep, ex-officio
- Chris Whalen, Research Data and Communication Technologies
- Jule Ziegler, Leibniz Supercomputing Centre
- Robert Zybeck, Portland Community College
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2
- Albert Wu, Internet2 HERE
- Emily Eisbruch, Internet2 HERE
Regrets:
- John Pfeifer, University of Maryland
- Ann West, Internet2
Action Items
- AI Jule reach out to HeatherF around EduPersonAssurance and REFEDs R&S 2.0 Working Group
- AI ChrisW ask at RAS Governance council about eRA commons use cases
Intellectual Property reminder
Discussion
Welcome
- Welcome Dave Robinson, CIO from Grinnell College in Iowa - InCommon Steering Liaison to CTAB
Around the Community - Updates from Other Efforts
- REFEDS Baseline Expectations Consultation
- Consultation is closed. Working Group is reviewing comments received
- REFEDS Assurance Working Group - WG Meeting Notes
- Tom, Pal and Albert participate
- Working group is discussing MFA, assurance proofing
- For REFEDs MFA, some clarifications are needed on how to apply
- hope to make the REFEDs MFA profile clearer for adopters
- for example how to handle Fail Open Close issues
- Reviewing existing assurance framework and definitions, possibility to define different levels of identity proofing, rather than only referencing external resources
- InCommon Steering update
- Deciding on key questions for InCommon Steering to tackle in 2021
- Focus on communication and outreach
- Need to do a better job of explaining what InCommon offers, and how new orgs / entities can come on board
- outreach to both IDPs and SPs
- For existing InCommon participant organizations, there is a need to explain how to get more value from the federation
- Learned about InCommon Catalysts program
- IDP as a Service and how that fits in
- Market survey was done 5 years ago to gather data around InCommon Federation adoption and perceptions
- REFEDs R&S 2.0 Working Group
- Discussion on identifiers and restructuring the document
- Making it apply to OIDC
- Home institution attribute
- R&S 1.0 and R&S 2.0 will be in parallel in the future
- EduPersonAssurance discussion, need more advocating for this.
- Pal advocates for EduPersonAssurance, but needs others
- Need to explain the value for EduPersonAssurance or it will likely be dropped
- Jule will help at the Assurance Working Group to better define need for EduPersonAssurance and then reach out to REFEDs R&S 2.0 Working Group
- AI Jule reach out to HeatherF around EduPersonAssurance and REFEDs R&S 2.0 Working Group
- A lot of the work is driven by needs of SPs and IDPs
- scopedAffiliation is another possible addition to REFEDs R&S
- It was agreed that CTAB would like updates from other efforts on an ongoing basis.
- InCommon TAC requests email updates from groups of interest
Baseline Expectations V2 updates
- Baseline Expectations 2 Implementation Plan (timeline/schedule)
- Developers have provided an API for BEv2 health check
- Working on scripts for mail merge and health check report
- Albert will work on graphs and adherence statistics
- Johnny is working on mail merge and messages for notification and health check status
- Also figuring out how to handle bounces of emails
- Suggestion to have placeholder for CTAB office hours in March
- Have not yet heard many objections from community
- But it will be good to have officer hours in case
- Albert has started FAQ for Baseline Expectations 2.0
- https://spaces.at.internet2.edu/display/BE/be2-faq
- Doc for collecting questions: Questions for BE2 FAQ
- JonM, got an interesting question.
- UW-Madison hosts an entity for Illinois. Illinois asked about the SIRTFI requirement in BE2.
- JonM asked them to check their contract (and contacts).
- We may get more of this type of question.
- Good to collect such questions
- Meshna: For an SP, there can be challenges asserting both Data protection Code of Conduct https://wiki.refeds.org/display/CODE/Data+Protection+Code+of+Conduct+Home and SIRTFI compliance.
- Must go through lawyers.
- Lawyers ask for clarifications.
- SIRTFI can be vague, and it must be vague by nature. But creates an issue with the lawyers.
- Need place to get answers about SIRTFI and what is OK
- TomB: there’s a process to address such questions around SIRTFI, there is REFEDs Steering committee. Need to shine better light on the process
- Would be helpful for SIRTFI working group to know which SIRTFI items caused concern from the lawyers or others.
- Please send to TomB or the SIRTFI working group any info on SIRTFI issues causing concern
CTAB/NIH Assured Access Working Group Status Update
- Assurance Access Working Group wiki: https://spaces.at.internet2.edu/display/aawg
- First meeting was last Thursday
- Reviewed charter for the Working Group and goals
- About 12 people attended
- Plan to meet weekly
- Next meeting, will talk about how to divide up work over next 8 weeks
- Discuss how to get more participation in the working group and how to share progress
- Ryan from U Nebraska and Brett will show proof of concept around complying with NIH requirements
- Will share existing mapping of I9 with NIST SP800-63A
- Noted that timeline is short
- NIH will start to implement new requirements in a few months
- Advice for IdP operators on how to map/assert assurance
- Encourage other RO and agencies to adopt same/equivalent assurance profiles
NIH / eRA requiring MFA - update from NIH coordination call
- There was a high-level communication oriented call w Jeff E from NIH
- In addition, there was another call with implementation group
- MFA requirement
- eRA will require MFA as of Sept 15, 2021
- NIH is big organization and not everything moves at same pace
- There is a Proxy NIH Login, supports a variety of credential types
- There are tens of thousands of eRA (Electronic Research Administration) users
- eRA (Electronic Research Administration) is retiring older login approaches
- eRA is encouraging users to get login.gov credentials
- They are also happy to promote federated credentials
- A few steps needed until federated credentials can work with eRA
- Account linking will be offered for organizations who need to use login.gov short term, but should use federated login in the long run.
- Need to be able to signal to eRA
- Identity assurance
- The identity assurance needs will not be address across all of NIH, it will be per service
- For some NIH services, the IAP values of a certain level may be required
- Other NIH services may require NIST 800-63-3
- eRA (Electronic Research Administration) is 800K credentials stored at NI
- Set up years ago for researchers who receive a grant at a university or other research institution to report on funding for grant
- How does this work with Login.gov?
- Need to Map eRA process into IAL framework
- Every year, now organizations will need to login using eRA
- It seems likely that NIH will eventually get rid of eRA commons
- Globus platform users have applications that require identity from eRA commons: impact and communication to such stakeholders
- [AI] ChrisW ask at RAS Governance council about eRA commons use cases
Next CTAB Call: Tuesday, Feb. 23, 2021