CTAB Call Tuesday March 22, 2022

    •    David Bantz, University of Alaska (chair) 

    •    Jon Miner, University of Wisc - Madison (co-chair) 

    •    Ercan Elibol, Florida Polytechnic Universit

    •    Richard Frovarp,  North Dakota State 

    •    Eric Goodman, UCOP - InCommon TAC Representative to CTAB  

    •    Andy Morgan, Oregon State University 

    •    Rick Wagner, UCSD

    •    Jule Ziegler,  Leibniz Supercomputing Centre

    •    Robert Zybeck, Portland Community College 

    •    Tom Barton, Internet2, ex-officio 

    •    Johnny Lasker, Internet2  

    •    Kevin Morooney, Internet2 

    •    Ann West, Internet2 

    •    Albert Wu, Internet2 

    •    Pål Axelsson, SUNET

    •    Sarah Borland, University of Nebraska

    •    Meshna Koren, Elsevier

    •    Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio

    •    Chris Whalen, Research Data and Communication Technologies 

    •    Emily Eisbruch, Internet2, scribe


    Working Group Updates

  •   REFEDS Assurance Working Group
        ◦      Discussing validation requirements, are additional checks needed to prevent forgery of identity documents?

  • REFEDs MFA Sub Group
    • discussion about what the community wants and is willing to have consensus around for MFA requirements.  
    • How prescriptive to become?  
    • Clarify what it means to adopt MFA signaling; what to expect,  how service providers should interpret the signal.

  • REFEDs MFA Sub Group
    • Made decisions on timeframe; currently drafting scenarios;
    • May 2022  will be the phase zero exercise. November 2022  will be the real exercise.  Debrief at CAMP and ACAPM. Heard about examples of other tabletop exercises.  

  • InCommon TAC Updates
    • Discussion on commercial SPs are supporting SAML and how that aligns or does not align with the federation model.  
    • Azure, Google, Zoom, Box, Atlassian… are multi tenant SPs that have taken different approaches.
    • To what extent does the mesh federation align with the way these SPs are delivering their services?

  • NIH

    • NIH is working to get MFA for their websites that have protected access
NIH is interested in REFEDs assurance conformance, single value, eduperson assurance.  Next step following that: local enterprise

    • Time frames are moving out somewhat

    • Login.gov service - no timeframe to resume remote proofing at IAL 2 level.
    •  The service is not working tremendously well for those who go there

    • Working on an alternative:   IDME credential

    • Identity proofing bound to a federated credential
 (step-up identity proofing)

     Baseline Expectations v2 Status

    2022 CTAB Work Plan

  • What should CTAB accomplish in 2022?

  • Where does MFA subgroup work fit in the workplan?
  • Need better signaling for use of MFA

  • Entity categories

  • Combine MFA and Entity categories into a single work product?

  • Suggestion to provide info to participants when they log into federation on things they could improve on, without enforcing a Baseline Expectations 3

        ◦    Issue: hard to get IDPs to agree to implement data release 

        ◦    For CTAB work plan: promote responsible release of info on the part of IDPs

        ◦    Clarify how service providers should ask for needed information

        ◦    How to operationalize this?  Something other than baseline expectations

        ◦    Focus on scenarios of integration, find common ground, we have enough toolsets, NIH paved a good path for the research side.  

  • There was an effort about 5 years ago telling SPs how to ask for attributes, developing standards
  •    but those standards were not enforced

  • David and others will reflect  in the work plan document today's discussion on operationalizing issues around data release.
  • CTAB members, please add your name to items YOU will work on

    Next CTAB Call : Tuesday April 5, 2022

  • No labels