CTAB call of January 12, 2021
Attending
- David Bantz, University of Alaska (chair)
- Brett Bieber, University of Nebraska (vice chair)
- Pål Axelsson, SUNET
- Rachana Ananthakrishnan, Globus, University of Chicago
- Tom Barton, University Chicago and Internet2, ex-officio
- Ercan Elibol, Florida Polytechnic University
- Richard Frovarp, North Dakota State
- Meshna Koren, Elsevier
- Jon Miner, University of Wisc - Madison
- Andy Morgan, Oregon State University
- John Pfeifer, University of Maryland
- Chris Whalen, Research Data and Communication Technologies
- Jule Ziegler, Leibniz Supercomputing Centre
- Johnny Lasker, Internet2
- Ann West, Internet2
- Albert Wu, Internet2
- Emily Eisbruch, Internet
From InCommon Steering
- Dave Robinson, CIO at Grinnell College in Iowa
- Jeremy Livingston, CISO Stevens Institute of Technology
Regrets
- Eric Goodman, UCOP - TAC Representative to CTAB
- Robert Zybeck, Portland Community College
- Kevin Morooney, Internet2
Reading/Reference Material
- Baseline Expectations 2 Implementation Plan (timeline/schedule)
New Action Items from this Call
- AI (CTAB) provide possible written response to REFEDS Baseline Expectations Consultation prior to Jan 31, 2021
- AI (Brett) work with Albert to launch new Assured Access Working Group
- AI (ChrisW) talk with Jeff Erickson about membership in the Assured Access Working Group
- AI (Albert) add Jeremy and Dave from InCommon Steering to CTAB email list
Action Item from Dec 15, 2020 CTAB Call
- AI: (Albert) chat with Dean on whether we should expand the list of InCommon newsletter recipients
DISCUSSION
REFEDs baseline expectations Consultation
- The consultation for the REFEDS Baseline Expectations specification is now open
https://wiki.refeds.org/display/CON/Consultation%3A+Baseline+Expectations - This specification is high level, not detailed
- Consultation has been open since mid December 2020
- CTAB meets on Tuesday, Jan. 26, 2021
- The consultation closes Jan. 31, 2021
- Pal: It will be helpful for CTAB to review the document and decide if there are comments we should add
- SAML comment on the consultation is interesting
- AI CTAB will provide possible written response to REFEDS Baseline Expectations consultation prior to Jan 31, 2021
Prospective InCommon Steering Liaison
- Jeremy Livingston and Dave Robinson of InCommon Steering are on this CTAB call
- InCommon Steering will decide who the liaison to CTAB will be
CTAB/NIH Assured Access Working Group
- Thanks to Tom Barton for developing the draft charter for the CTAB/NIH Assured Access Working Group
- For background, see discussion of "Working Group to develop concrete implementation guidance for NIH requirements" in the Dec 15, 2020 CTAB notes.
- This is a working group to respond to the call to action from NIH and provide guidance on how entities should make use of higher levels of assurance
- Leveraging the REFEDs Assurance Framework
- It is NOT the job of this Assured Access WG to
- develop guidance for how to use the REFEDS MFA Profile in certain circumstances
- align NIST SP800-63A with RAF IAPs.
- The REFEDS Assurance WG, chaired by Jule, are taking up these issues - interested parties should participate there.
- Jule: not sure of the timing for the mapping being done in the REFEDs Assurance WG, this is likely not a quick process
- TomB will add to the charter a note about the potential to make recommendations to the REFEDs Assurance WG
- NIH wants to reply on IAP moderate from REFEDs Assurance Framework by June 2021
- Hope this working group can release some partial recommendations relatively quickly to provide community guidance
- TomB: in some cases the Assured Access WG will focus on USA standards
- Might focus on the I9 process in the USA
- Pal: there are culture differences. Sometimes terms are interpreted differently in Europe versus in the USA
- Comment: Adding the term EVerify might get more interest that I9 (E-Verify and Form I-9)
Service Providers
- Comment: to demonstrate the value of this work, and get more momentum, we should explain the bigger picture, including SPs
- Include in scope other SPs, besides the NIH, to make the case to SPs that they should ask for this as well
- Build case for other SPs besides NIH to get behind this
- Could there be another working group deliverable focused on the SP side?
- Not only the why but also the how
- Still will be a per Service Provider process
- TomB: including SPs is a big increase in scope for the Assured Access WG
- Job 1 is getting some organizations ready, then assess and decide where to go next
- Rachana : SP perspective: reading the draft charter for the new working group, this seems like something for SPs to wait and watch
Logistics for new Assured Access Working Group
- Proposed weekly meetings for the Assured Access Working Group.
- Looking for a convener chair
- Could identify chair at first call of the new WG
- DECISION: CTAB agrees to initiate the Assured Access Working Group
- Assured Access Working Group can include members not part of CTAB
- AI Brett will work with Albert to launch new Assured Access Working Group
- Interested individuals for proposed working group:
- Rachana, Chris, Jon, Tom, David. Eric, Ercan, Brett Pal; Albert invite Scott Cantor, Kyle (NIH),Jule
- Add additional individuals from NIH team?? Perhaps those working on Researcher Authorization service. Sumit?
- AI ChrisW will talk with Jeff Erikson on membership in Assured Access Working Group
Looking ahead to BEv2 activities in the next 6 months
- InCommon Ops is creating health check list
- Then targeted emails will be sent no less than monthly
- Will tell participant what they are missing to meet BEv2 and will send them to the BEv2 wiki
- There is a template for contacting non compliant entities
- Timed articles around BEv2 will happen via regular Trust and Identity Newsletters to provide guidance/advice on specific solutions/workarounds
- Hope that by July 2021 we can officially transition to BE v2
- Leading up to July, adoption of BEv2 is voluntary
- After July, it won't be allowed to publish metadata unless you meet BEV2 requirements
- During the transition period
- CTAB reaches out to “stragglers”
- CTAB may host office hours in period leading up to transition
- Will decide based on community feedback and needs
Not discussed on this call
- How do we incentivize adoption of research collaboration enabling/required specs?
- MFA
- R&S / additional entity categories / attributes work?
- Assurance
- Relationship to REFEDS WG efforts
- Messaging to execs / non-IAM specialists
- -------------------------------------------------------------------------
- Teeing up for future call: Baseline 3 data points
- NIH work as a barometer for BE3?
- REFEDS Baseline - where do we go with this?
Next CTAB Call: Tuesday, January 26, 2021