CTAB Call Tuesday April 19, 2022


  • David Bantz, University of Alaska (chair)  
  • Jon Miner, University of Wisc - Madison (co-chair)
  • Pål Axelsson, SUNET 
  • Sarah Borland, University of Nebraska
  • Richard Frovarp,  North Dakota State 
  • Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
  • Andy Morgan, Oregon State University  
  • Rick Wagner, UCSD 
  • Jule Ziegler,  Leibniz Supercomputing Centre 
  • Robert Zybeck, Portland Community College 
  • Tom Barton, Internet2, ex-officio here 
  • Johnny Lasker, Internet2  
  • Kevin Morooney, Internet2  
  • Ann West, Internet2  
  • Albert Wu, Internet2 
  • Emily Eisbruch, Internet2  


  • Ercan Elibol, Florida Polytech Institute
  • Meshna Koren, Elsevier
  • Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
  • Chris Whalen, Research Data and Communication Technologies 


 Working Group Updates

    • REFEDS Assurance  - no updates
    • REFEDs MFA Sub Group
      • Editing the proposed draft/ revision to the REFEDs MFA profile
      • Hope to have draft for wider group to discuss in next weeks
      • Discussion on balance between keeping the profile flexible and usable 
      • Want to be clear enough so implementers can make decisions that lead to basis for comparison
      • Given strong authentication needs evolving, how to prepare
      • Is certificate authentication strong enough?
      • What about MFA and Web Authn?
      • Single or multi factor for authentication for Web Authn?
      • What will be curation evolution process
      • MFA profile is de facto a proxy for quality/strength of authentication
      • What about, perhaps, an approach that is “strong” but not literally Multi-factor ?

  • InCommon TAC Updates
    • Focus on work plan items
    • One topic is 3rd party certifiers
    • What kind of mechanisms should be in place?
    • Related to Trustmarks and tags
    • Concept of how federation model works
    • Term: pixie dusting
    • 3rd party interacts and can assert claim for an entity, instead of federation operator
    • Example is R&S
      • Federation operator is not as deeply engaged in the research community
      • So another authority might be able to vouch for a particular Service Provider
    • Comes up in regional networking or system wide scenarios; also comes up in seamless access community, for discovery listing

  • NIH
    • There will be a leadership exchange in May 2022, Mike Tartakovsky and Chris Whalen will be speaking, will summarize for the CIOs where we stand, and reinforce the ask

CTAB Work Plan 

    • Five items are now on the CTAB work plan, other items have been moved to another document
    • CTAB members, please to sign up for work plan items that interest you

CTAB TLS / Endpoint Encryption Proposal

  • Several steps are outlined in the draft proposal, including outreach and eventually moving to dispute process
  • Suggestion for eventually having a public record if an entity is not meeting the encryption standard
  • We would prefer listing entities with current action items pending and do not want to post a list of entities with any security vulnerabilities
  • There is a recommendation for InCommon operations to check as many elements are possible.
    • Albert notes that this is in the works.
    • InCommon Operations hopes to periodically check all the elements that baseline expectations requires.  

  • Scaling and Workload concerns
    • Currently over 1000 entities are not scoring A in SSL Labs scan
    • This is not a one time issue, scores can shift, so think of this as an operational item
    • Are we willing to remove from the InCommon Federation an entity that does not get an A score?
    • If we create exceptions / loopholes, it gets complex
    • Dispute items would come to CTAB
    • Eventually some will escalate to InCommon Steering
    • See  the community dispute resolution process https://www.incommon.org/federation/dispute-resolution/
    • Concerned about the consequence of  triggering community dispute resolution
    • Question of scale, if there are more than a handful each month, will require much effort and time. Load/strain on CTAB resources is a concern
  • Suggestion that we consider this an awareness raising campaign
  • Education and advocacy are important
  • CTAB may want to engage the community on this at some point.

Next CTAB call:  Tuesday, May 2, 2022

  • No labels