CTAB Call of December 12, 2023


  • Warren Anderson, LIGO
  • David Bantz, University of Alaska (chair)  
  • Richard Frovarp,  North Dakota State  
  • Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
  • Scott Green, Eastern Washington U
  • Johnny Lasker, Internet2
  • Jon Miner, University of Wisc - Madison (co-chair)
  • Rick Wagner, UCSD
  • Kevin Morooney, Internet2  
  • Andrew Scott, Internet2
  • Ann West, Internet2  
  • Albert Wu, Internet2   
  • Emily Eisbruch, Independent, scribe  

New CTAB Members Joining this Call

  • Ryan McDaniel, Virginia Tech  
  • Christopher Keith, Brown U.


  • Pål Axelsson, SUNET 
  • Tom Barton, Internet2, ex-officio
  • Matt Eisenberg, NIAID 
  • Ercan Elibol, Florida Polytechnic University 
  • Mike Grady, Unicon 
  • Meshna Koren, Elsevier
  • Kyle Lewis,  Research Data and Communication Technologies
  • Andy Morgan, Oregon State University


Welcome new members/introductions/thank you

  • Welcome to New CTAB members  Ryan McDaniel, Virginia Tech  and Christopher Keith, Brown U.
  • Thanks and appreciation to these members who are leaving CTAB at the end of 2023:
    • Andy Morgan, Oregon State University
    • Meshna Koran, Elsevier
    • Eric Goodman, UCOP  (both retiring and departing CTAB)

Committee updates 

    • CACTI (Richard)
      • Extensive discussion on the Next Generation Credential Working Group draft report
      • Discussion around W3C FedCM
      • Discussion on eduroam future in US
        • More K12 coming online for instance
      • November meeting focused on Trusted Access Platform statement of work and priorities for 2024 and the Component Architects process

    • InCommon TAC  (Eric) 

Reminder of AAC and CTAB history (Ann)

    • In 2007-2008, Bob Morgan and Steven Carmody worked with a group around alignment with how we do assurance. 
    • CAF (Community Authentication Framework). 
    • Then the Feds put in place FICAM (Federal Identity Credential and Access Management) under GSA. 
    • FICAM put together a trust relationship with the federation agencies and approved trust framework providers.
    • InCommon developed InCommon Bronze and InCommon silver profiles, to align with SP 800-63 LOA1 and LOA2. 
    • InCommon offered a new community program, the Assurance Advisory Committee (AAC). 
    • The first AAC chair was Mary Dunker of Virginia Tech.
    • (So Virginia Tech has a long history of contributing in this space and we are delighted that Ryan McDaniel is joining CTAB.)  
    •   Virginia Tech achieved InCommon Silver certification.   
    • Eventually InCommon decommissioned the silver and bronze profiles, in part because there were no federal agencies that required them.
    • AAC morphed into CTAB in January 2018. CTAB was tasked with developing a more incremental approach.
    • CTAB developed Baseline Expectations for Trust in Federation. 
    • The work of CTAB has yielded successful collaborations with NIH and NSF.

2024 CTAB Planning 

  •  We are still gathering items for the CTAB 2024 work plan
  • Items currently on the CTAB workplan include:

  •      Placeholder for InCommon Futures 2 Report Activities

  • Update RAF Implementation Guidance for InCommon Participants
    • REFEDS Assurance Framework Implementation guidance
    • New version of RAF framework is available https://refeds.org/assurance
    • Kyle Lewis is part of the RAF update
    • Providing community implementation guidance will be key

  • SIRTFI exercise -2024
    • Tabletop exercise to go through a fictional InCommon security breach  (successfully done in 2022 and 2023) 
    • Use SIRTFI process to handle the breach
    • Plan to do a SIRTFI exercise again in 2024
    • In 2023, there was international, cross federation engagement with the SIRTFI exercise

  • Federation Ready  - (Formulating ways for InC to promote increased interoperability or “Federation Ready” entities)
    • What strategies and capabilities do we want organizations to adopt?
    • This is an umbrella item
    • Will complement the work of InCommon Futures 2
    • Define and clarify what we mean by being compatible in the federation, from point of view of policy, practice, support, and technical interoperability 
    • This conversation goes beyond InCommon, it applies to the international federation community

  • Authorization
    • AuthZ - can we formulate good scalable practices to make authZ (nearly) as federation scalable as authN
    • Attributes, entitlements, roles
    • Process can be ad hoc and burdensome
    • Some degree of standardization is needed
    • Could increase assurance if authorization is handled more efficiently 
    • Open Science is a key use case

  • Protocol Issues
    • Work toward InCommon as an identity federation not tied to a specific protocol (explicitly including OIDC) or software (facilitating or accommodating other-than-TAP suite)

Next CTAB Call: Tuesday, Jan 9 at 1pm ET

  • No labels