CTAB Call of December 12, 2023
Attending
- Warren Anderson, LIGO
- David Bantz, University of Alaska (chair)
- Richard Frovarp, North Dakota State
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Scott Green, Eastern Washington U
- Johnny Lasker, Internet2
- Jon Miner, University of Wisc - Madison (co-chair)
- Rick Wagner, UCSD
- Kevin Morooney, Internet2
- Andrew Scott, Internet2
- Ann West, Internet2
- Albert Wu, Internet2
- Emily Eisbruch, Independent, scribe
New CTAB Members Joining this Call
- Ryan McDaniel, Virginia Tech
- Christopher Keith, Brown U.
Regrets
- Pål Axelsson, SUNET
- Tom Barton, Internet2, ex-officio
- Matt Eisenberg, NIAID
- Ercan Elibol, Florida Polytechnic University
- Mike Grady, Unicon
- Meshna Koren, Elsevier
- Kyle Lewis, Research Data and Communication Technologies
- Andy Morgan, Oregon State University
Discussion
- Internet2 Intellectual Property reminder
- This is the final CTAB call for 2023
Welcome new members/introductions/thank you
- Welcome to New CTAB members Ryan McDaniel, Virginia Tech and Christopher Keith, Brown U.
- Thanks and appreciation to these members who are leaving CTAB at the end of 2023:
- Andy Morgan, Oregon State University
- Meshna Koran, Elsevier
- Eric Goodman, UCOP (both retiring and departing CTAB)
- Andy Morgan, Oregon State University
Committee updates
- CACTI (Richard)
- Extensive discussion on the Next Generation Credential Working Group draft report
- Discussion around W3C FedCM
- Discussion on eduroam future in US
- More K12 coming online for instance
- More K12 coming online for instance
- November meeting focused on Trusted Access Platform statement of work and priorities for 2024 and the Component Architects process
- Extensive discussion on the Next Generation Credential Working Group draft report
- InCommon TAC (Eric)
- Review of draft 2023 ”TAC Accomplishments” report (and discussion of the accomplishments noted therein) https://spaces.at.internet2.edu/x/7ALAE
- Discussion of 2024 TAC workplan.
- Review of draft 2023 ”TAC Accomplishments” report (and discussion of the accomplishments noted therein) https://spaces.at.internet2.edu/x/7ALAE
- CACTI (Richard)
Reminder of AAC and CTAB history (Ann)
- In 2007-2008, Bob Morgan and Steven Carmody worked with a group around alignment with how we do assurance.
- CAF (Community Authentication Framework).
- Then the Feds put in place FICAM (Federal Identity Credential and Access Management) under GSA.
- FICAM put together a trust relationship with the federation agencies and approved trust framework providers.
- InCommon developed InCommon Bronze and InCommon silver profiles, to align with SP 800-63 LOA1 and LOA2.
- InCommon offered a new community program, the Assurance Advisory Committee (AAC).
- The first AAC chair was Mary Dunker of Virginia Tech.
- (So Virginia Tech has a long history of contributing in this space and we are delighted that Ryan McDaniel is joining CTAB.)
- Virginia Tech achieved InCommon Silver certification.
- Eventually InCommon decommissioned the silver and bronze profiles, in part because there were no federal agencies that required them.
- AAC morphed into CTAB in January 2018. CTAB was tasked with developing a more incremental approach.
- CTAB developed Baseline Expectations for Trust in Federation.
- The work of CTAB has yielded successful collaborations with NIH and NSF.
2024 CTAB Planning
- We are still gathering items for the CTAB 2024 work plan
- Items currently on the CTAB workplan include:
- Placeholder for InCommon Futures 2 Report Activities
- In 2009, InCommon Steering created the InCommon Futures Report. That futures report is here: https://incommon.org/wp-content/uploads/2019/04/InCommonFuture_20090701.pdf
- InCommon was 5 years old and had approximately 100 member organizations.
- That 2009 report called for investment and growth of InCommon.
- About 2 years ago, Internet2 had a leadership Exchange where the Internet2 Roadmap process kicked off.
- Chair of InCommon Steering, Mark Walman, ND State University, attended.
- Mark Walman and Kevin Marooney decided that InCommon should do a futures report to build on the 2009 report.
- Thus the InCommon Futures 2 report was born. Engaged a vendor called Second Muse.
- Much community work has been invested and soon the final draft will be ready.
- https://incommon.org/news/incommon-strategic-planning-project-currently-under-way/
- https://incommon.org/news/seen-and-heard-at-the-2023-internet2-community-exchange-4-iam-insights/
- The real work begins after the InCommon Futures 2 report is complete.
- Internet2 Community Exchange in spring 2024 will be an opportunity for important work https://internet2.edu/2024-internet2-community-exchange/
- Internet2 roadmap is here https://internet2.edu/roadmap/
- Update RAF Implementation Guidance for InCommon Participants
- REFEDS Assurance Framework Implementation guidance
- New version of RAF framework is available https://refeds.org/assurance
- Kyle Lewis is part of the RAF update
- Providing community implementation guidance will be key
- REFEDS Assurance Framework Implementation guidance
- SIRTFI exercise -2024
- Tabletop exercise to go through a fictional InCommon security breach (successfully done in 2022 and 2023)
- Use SIRTFI process to handle the breach
- Plan to do a SIRTFI exercise again in 2024
- In 2023, there was international, cross federation engagement with the SIRTFI exercise
- Tabletop exercise to go through a fictional InCommon security breach (successfully done in 2022 and 2023)
- Federation Ready - (Formulating ways for InC to promote increased interoperability or “Federation Ready” entities)
- What strategies and capabilities do we want organizations to adopt?
- This is an umbrella item
- Will complement the work of InCommon Futures 2
- Define and clarify what we mean by being compatible in the federation, from point of view of policy, practice, support, and technical interoperability
- This conversation goes beyond InCommon, it applies to the international federation community
- What strategies and capabilities do we want organizations to adopt?
- Authorization
- AuthZ - can we formulate good scalable practices to make authZ (nearly) as federation scalable as authN
- Attributes, entitlements, roles
- Process can be ad hoc and burdensome
- Some degree of standardization is needed
- Could increase assurance if authorization is handled more efficiently
- Open Science is a key use case
- AuthZ - can we formulate good scalable practices to make authZ (nearly) as federation scalable as authN
- Protocol Issues
- Work toward InCommon as an identity federation not tied to a specific protocol (explicitly including OIDC) or software (facilitating or accommodating other-than-TAP suite)
- Work toward InCommon as an identity federation not tied to a specific protocol (explicitly including OIDC) or software (facilitating or accommodating other-than-TAP suite)
Next CTAB Call: Tuesday, Jan 9 at 1pm ET