CTAB Call Tuesday July 12, 2022



  • David Bantz, University of Alaska (chair)  
  • Jon Miner, University of Wisc - Madison (co-chair)  
  • Sarah Borland, University of Nebraska  
  • Andy Morgan, Oregon State University  
  • Chris Whalen, Research Data and Communication Technologies  
  • Robert Zybeck, Portland Community College  
  • Tom Barton, Internet2, ex-officio  
  • Johnny Lasker, Internet2  
  • Kevin Morooney, Internet2,  
  • Ann West, Internet2  
  • Albert Wu, Internet2  

    •    Pål Axelsson, SUNET  

    •    Ercan Elibol, Florida Polytech Institute

    •    Richard Frovarp,  North Dakota State

    •    Mike Grady, Liaison from CACTI to CTAB  

    •    Eric Goodman, UCOP - InCommon TAC Representative to CTAB  

    •    Meshna Koren, Elsevier

    •    Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio

    •    Rick Wagner, UCSD  

    •    Jule Ziegler,  Leibniz Supercomputing Centre

    •    Emily Eisbruch, Internet2  



Working Group updates 

  • InCommon TAC (30 June): reports from TNC and other events 
      • Verifiable credentials moving into mainstream, with various wallet models (self control of your credentials)  and OIDC intense interest. 
      • Ann West noted that the EU is looking at this, with the most recent instantiation being a wallet approach where the person can choose release and multiple authorities put claims in. GDPR is interpreted differently across the countries of EU, so self release makes it easier to cross borders.
      • Erasmus as example, student mobility. GEANT is being funded by EU and piloting wallet technology, UX. 

  • InCommon Steering
  • R&S 2.0/ Entity Categories Working Group (David B): 
    • REFEDS feedback on proposal:   
      • Entity categories must be self-contained when it comes to the guidance around attribute release; 
      • they must not have dependencies on each other. 
      • Rather than tie the entity categories together with the fallback mechanism we have been debating
      • it would be better to create a fourth entity category with its own attribute bundle and associated guidance
      •      (in addition to Anonymous Authorization, Pseudonymous Authorization, and Personalized Access)

  • REFEDs MFA Working Subgroup 
    • REFEDS MFA Profile proposal
    • Working on section 5.1, SAML binding
    • Looking at how to describe how ForceAuthn works and relationship to Duo
    • We need to provide helpful guidance, but how much should be in a specification
    • European folks are on vacation, so this is on hold for a bit
    • Hope to vote in next few months

  • SIRTFI Exercise Working Group
    • Getting ready to invite people to participate in the test

Mid-year check on CTAB work plan

  • Public CTAB Work  Plan : https://spaces.at.internet2.edu/display/ctab/ctab-2022-work-plan

  • Action: add status of Internet2 monitoring of Baseline Expectations compliance as default CTAB agenda item
  • Kevin M noted that InCommon Steering will do a check-in on the status of the various committee and advisory group work plans in fall 2022

Baseline Expectations v2 Close Out - what’s next  

    • Helpful to have CTAB recommendations for proposed actions to InCommon Steering by  July 26 (to remove specific entities);  

    • See the dispute resolution process  

    • Next steps

      • For those missing elements in BE2 + scoring C or F on SSL test, prepare removal unless remediated docket
      • Notify affected orgs
      • Focus on IDP first
      • Alert InCommon Steering
      • CTAB perform due diligence to determine final recommendation for each entity

    • Current status for BEv2  
      •    23 outstanding IDPs
      •    164 outstanding SPs

Baseline Expectations TLS/Endpoint Encryption Proposal

  • Draft proposal has been updated  
  • Suggestions on mechanics: 
    • InCommon sends Site Admins an email when that there is action needed, InCommon tells the site Admin to sign into federation manager to see the details
    • How does an entity inform  InCommon that they are working on remediation?
    • Albert: prefer that the site admin signs into Federation Manager to indicate the work they are doing to mitigate their TLS endpoint encryption security status. This will require a development effort as Federation Manager does not currently have that capability. 
    • A group from CTAB will need to stay on top of this docket.
    •    This group might want to meet on a regular basis, perhaps quarterly
    • Some possibility for automated notification
  • CTAB  started to approve this BE TLS framework, but there were  a few questions remaining and time ran out for this CTAB call


TechEx/CAMP Planning, Denver 5-9, 2022 in Denver

  Dec. 5-9, Denver, CO

Next CTAB Call: Tuesday, July 26, 2022


  • No labels