CTAB Call Tuesday March 22, 2022
• David Bantz, University of Alaska (chair)
• Jon Miner, University of Wisc - Madison (co-chair)
• Ercan Elibol, Florida Polytechnic Universit
• Richard Frovarp, North Dakota State
• Eric Goodman, UCOP - InCommon TAC Representative to CTAB
• Andy Morgan, Oregon State University
• Rick Wagner, UCSD
• Jule Ziegler, Leibniz Supercomputing Centre
• Robert Zybeck, Portland Community College
• Tom Barton, Internet2, ex-officio
• Johnny Lasker, Internet2
• Kevin Morooney, Internet2
• Ann West, Internet2
• Albert Wu, Internet2
• Pål Axelsson, SUNET
• Sarah Borland, University of Nebraska
• Meshna Koren, Elsevier
• Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
• Chris Whalen, Research Data and Communication Technologies
• Emily Eisbruch, Internet2, scribe
Working Group Updates
- REFEDS Assurance Working Group
◦ Discussing validation requirements, are additional checks needed to prevent forgery of identity documents?
- REFEDs MFA Sub Group
- discussion about what the community wants and is willing to have consensus around for MFA requirements.
- How prescriptive to become?
- Clarify what it means to adopt MFA signaling; what to expect, how service providers should interpret the signal.
- REFEDs MFA Sub Group
- Made decisions on timeframe; currently drafting scenarios;
- May 2022 will be the phase zero exercise. November 2022 will be the real exercise. Debrief at CAMP and ACAPM. Heard about examples of other tabletop exercises.
- InCommon TAC Updates
- Discussion on commercial SPs are supporting SAML and how that aligns or does not align with the federation model.
- Azure, Google, Zoom, Box, Atlassian… are multi tenant SPs that have taken different approaches.
- To what extent does the mesh federation align with the way these SPs are delivering their services?
- NIH is working to get MFA for their websites that have protected access NIH is interested in REFEDs assurance conformance, single value, eduperson assurance. Next step following that: local enterprise
- Time frames are moving out somewhat
- Login.gov service - no timeframe to resume remote proofing at IAL 2 level.
- The service is not working tremendously well for those who go there
- Working on an alternative: IDME credential
- Identity proofing bound to a federated credential (step-up identity proofing)
Baseline Expectations v2 Status
- wiki: Baseline Expectations for Trust in Federation
- 60 organizations are outstanding for meeting BEv2; Many are updating their contacts
- Some organizations have asked for more time
2022 CTAB Work Plan
- What should CTAB accomplish in 2022?
- Where does MFA subgroup work fit in the workplan? \
- Need better signaling for use of MFA
- Entity categories
- Combine MFA and Entity categories into a single work product?
- Suggestion to provide info to participants when they log into federation on things they could improve on, without enforcing a Baseline Expectations 3
◦ Issue: hard to get IDPs to agree to implement data release
◦ For CTAB work plan: promote responsible release of info on the part of IDPs
◦ Clarify how service providers should ask for needed information
◦ How to operationalize this? Something other than baseline expectations
◦ Focus on scenarios of integration, find common ground, we have enough toolsets, NIH paved a good path for the research side.
- There was an effort about 5 years ago telling SPs how to ask for attributes, developing standards
- but those standards were not enforced
- David and others will reflect in the work plan document today's discussion on operationalizing issues around data release.
- CTAB members, please add your name to items YOU will work on
Next CTAB Call : Tuesday April 5, 2022