CTAB Call Tuesday July 13, 2021
Attending
- David Bantz, University of Alaska (chair)
- Richard Frovarp, North Dakota State
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Andy Morgan, Oregon State University
- Chris Whalen, Research Data and Communication Technologies
- Jule Ziegler, Leibniz Supercomputing Centre
- Tom Barton, Internet2, ex-officio
- Johnny Lasker, Internet2
- Albert Wu, Internet2
- Emily Eisbruch, Internet2
Regrets:
- Meshna Koren, Elsevier
- Jon Miner, University of Wisc - Madison
- Brett Bieber, University of Nebraska (vice chair)
- Pål Axelsson, SUNET
- Rachana Ananthakrishnan, Globus, University of Chicago
- Ercan Elibol, Florida Polytech Institute
- John Pfeifer, University of Maryland
- Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
- Robert Zybeck, Portland Community College
- Kevin Morooney, Internet2
- Ann West, Internet2
Discussion
Intellectual Property reminder
Baseline Expectations version 2 (BEV2) Closing Activities and Timing
- Agreed to move forward with Monday July 19, 2021 for adoption of Baseline Expectation V2
- InCommon staff will Update the InCommon Website
- Replace with new Baseline Expectations text
- InCommon Federation will switch to enforcement mode
- Entities will need to meet BEv2 to be submitted
- Does not impact existing entities that are not “touched”
- Does not impact existing entities that are not “touched”
- InCommon Federation Manager will get updated with greater clarity around encryption
- InCommon staff will Update the InCommon Website
- NIH Requirements
- There was originally some confusion between BEv2 requirements and NIH requirements. There have not been questions showing confusion on that for several months
- Sept. 15, 2021 is the milestone for NIH requirements
- https://www.incommon.org/news/the-national-institutes-of-health-new-research-and-scholarship-requirements/
- TomB: a few people are meeting later today to chat about NIH requirements
- There was originally some confusion between BEv2 requirements and NIH requirements. There have not been questions showing confusion on that for several months
- Next Phase for BEv2
- After July 16 we begin next phase
- Should be about 6 to 8 months
- Draft Plan https://docs.google.com/document/d/1Nh8f5CYTWMpvd-dBOmpvO_N8511dJvpgK7iJC-QlDeQ/edit# (DO NOT INCLUDE LINK IN PUBLIC NOTES)
- Should be about 6 to 8 months
- Assemble list of non adhering entities (list already exists)
- Need to schedule and conduct office hours, this will help organizations not in compliance
- Office hours suggested for August, September, October and November
- Suggestion to hold office hours on the alternate weeks from CTAB meetings (Tuesdays at 1pm ET)
- Albert: Internet2 Marcomm group is ready to help CTAB publicize BEv2 and funnel those with issues to office hours
- August 2021 - begin publishing list of non adhering entities
- may want to revisit this if list continues to be very large
- may want to revisit this if list continues to be very large
- Perhaps publish list of organization that are adhering, at least to Site Admins and Execs
- August 2021 - resume bi weekly notifications with a new message, more targeted
- September 2021 - start tracking using ? pages, once the list is down to 100 or fewer
- Last time, for BEV1, we created wiki pages and assigned them to CTAB members to contact non adhering organizations
- Do not want to begin that with a list over 100
- October 2021 - engagement begins
- After July 16 we begin next phase
- Extensions for BEv2
- For BEv1, we posted a web form where orgs could request an extension, for after Dec 2021
- Albert has received emails stating that organizations can’t adhere to BEv2 by July 19 but do plan to adhere to BEv2 by end of summer 2021
- Extension Request Form will be available when CTAB starts nudging outreach
- Extension Request Form will be available when CTAB starts nudging outreach
- Concern about hard deadline right before the winter break
- For BEv1, there was a December 2018 deadline, but CTAB did not suggest to InCommon Steering to remove any entities until February 2019
- For BEv1, we posted a web form where orgs could request an extension, for after Dec 2021
- SIRTFI and BEv2
- It was noted that SIRTFI is fuzzier than the other new BEv2 requirements
- TomB: From the point of view of the SIRTFI working group, the degree to which SIRTFI requirements are met is a business decision. It is rare for everything to be perfectly implemented at all times. It’s about due diligence
- It was noted that SIRTFI is fuzzier than the other new BEv2 requirements
- Wiki Updates and other communication
- Albert : we will continue to refine the wiki
- Albert will publish the next steps on a wiki page for the community
- Albert is working with Internet2 Marcomm on case studies, showing solutions to issues in fulfilling BEv2
- There will be a communication on July 17, stating we have transitioned to BEv2
- Albert : we will continue to refine the wiki
- More on Next Steps for BEv2
- Generally follow processes/flow from BEv1 closing
- Revive community dispute docket described here: https://www.incommon.org/federation/dispute-resolution/
- Develop next round of notification email templates
- Get ready to publish non-adhering entities/orgs
- Ready extension request submission/tracking
- Schedule office hours (for Fall and Winter, monthly?)
- On July 19 - officially publish BE2 text on web site
- TBD: how will we actually measure “Encryption” when it comes to entity removal time, what are the operational implications of each option?
- Generally follow processes/flow from BEv1 closing
Assured Access Working Group
Note from Brett B - I’ve tried to incorporate the feedback from the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation consultation. If others could review the document’s recent changes and let me know if there’s anything else yet to incorporate, that would be great. Next steps would be to finalize the document and announce the final version. I can work on that next week if there’s no additional changes.
- Assured Access Working Group Wiki
- Consultation on REFEDS Assurance Framework Implementation Guidance for the InCommon Federation closed June 25, 2021
- Logistics on CTAB approval for report after the consultation has been completed. InCommon TAC uses this procedure:
- when there’s a community consultation, and the consultation ends, InCommon TAC just accepts or rejects.
- best process: don’t make new changes after consultation, just make changes suggested during the consultation.
- Brett has made the suggested changes from the consultation already.
- This document is critical for the NIH requirements.
- If this document is good enough, sufficient, the CTAB should likely move it along.
- when there’s a community consultation, and the consultation ends, InCommon TAC just accepts or rejects.
- Importance of LOCAL-ENTERPRISE
- Note: It is still being decided which NIH services will be part of the new NIH requirements framework
- Part of the challenge is to present something that the majority of federation participants can assert.
- Some chicken and egg.
- Value of interest is LOCAL-ENTERPRISE
- There is a big gap between level 1 and level 2. Most services are somewhere in between.
- LOCAL-ENTERPRISE is to fill the gap
- LOCAL-ENTERPRISE is runtime measurable
- There is a big gap between level 1 and level 2. Most services are somewhere in between.
- Today, no organizations assert LOCAL-ENTERPRISE.
- We want to get InCommon participants to start asserting LOCAL-ENTERPRISE. Should be straightforward.
- We may want to add assertion of LOCAL-ENTERPRISE into Baseline Expectations as implementation guidance
- Note: It is still being decided which NIH services will be part of the new NIH requirements framework
- It is important to finalize/publicize the “REFEDS Assurance Framework Implementation Guidance for the InCommon Federation” report in advance of the September 15 NIH deadline.
- Next Steps for REFEDS Assurance Framework Implementation Guidance for the InCommon Federation
- CTAB hopes to vote to accept the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation at next CTAB meeting, July 27, 2021
- ChrisW will not be present at the CTAB meeting on July 27. ChrisW votes now to approve the report, since Kyle has been heavily involved
- CTAB hopes to vote to accept the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation at next CTAB meeting, July 27, 2021
2021 NSF Cybersecurity Summit FYI
- Rachana and Brett have submitted a proposal for 2021 NSF Cybersecurity Summit
- https://www.trustedci.org/2021-cybersecurity-summit
- to share assurance work and using federated identities to increase security.
Next CTAB call: Tuesday, July 27, 2021