CTAB Call of December 12, 2023

 Attending

• Warren Anderson, LIGO
• David Bantz, University of Alaska (chair)  
• Richard Frovarp,  North Dakota State  
• Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
• Scott Green, Eastern Washington U
• Johnny Lasker, Internet2
• Jon Miner, University of Wisc - Madison (co-chair)
• Rick Wagner, UCSD
• Kevin Morooney, Internet2  
• Andrew Scott, Internet2
• Ann West, Internet2  
• Albert Wu, Internet2   
• Emily Eisbruch, Independent, scribe  

New CTAB Members Joining this Call

• Ryan McDaniel, Virginia Tech  
• Christopher Keith, Brown U.

Regrets

• Pål Axelsson, SUNET 
• Tom Barton, Internet2, ex-officio
• Matt Eisenberg, NIAID 
• Ercan Elibol, Florida Polytechnic University 
• Mike Grady, Unicon 
• Meshna Koren, Elsevier
• Kyle Lewis,  Research Data and Communication Technologies
• Andy Morgan, Oregon State University
  
  

Discussion

• Internet2  Intellectual Property reminder
  
• This is the final CTAB call for 2023
  

Welcome new members/introductions/thank you

• Welcome to New CTAB members  Ryan McDaniel, Virginia Tech  and Christopher Keith, Brown U.
  
• Thanks and appreciation to these members who are leaving CTAB at the end of 2023:
  
  • Andy Morgan, Oregon State University
    
  • Meshna Koran, Elsevier
    
  • Eric Goodman, UCOP  (both retiring and departing CTAB)
    
    
    

Committee updates 

• • CACTI (Richard)
    
    • Extensive discussion on the Next Generation Credential Working Group draft report
      
    • Discussion around W3C FedCM
      
    • Discussion on eduroam future in US
      
      • More K12 coming online for instance
        
    • November meeting focused on Trusted Access Platform statement of work and priorities for 2024 and the Component Architects process
      
      
  • InCommon TAC  (Eric) 
    
    • Review of draft 2023 ”TAC Accomplishments” report (and discussion of the accomplishments noted therein) https://spaces.at.internet2.edu/x/7ALAE
      
    • Discussion of 2024 TAC workplan.

Reminder of AAC and CTAB history (Ann)

• • In 2007-2008, Bob Morgan and Steven Carmody worked with a group around alignment with how we do assurance. 
  • CAF (Community Authentication Framework). 
  • Then the Feds put in place FICAM (Federal Identity Credential and Access Management) under GSA. 
  • FICAM put together a trust relationship with the federation agencies and approved trust framework providers.
  • InCommon developed InCommon Bronze and InCommon silver profiles, to align with SP 800-63 LOA1 and LOA2. 
  • InCommon offered a new community program, the Assurance Advisory Committee (AAC). 
  • The first AAC chair was Mary Dunker of Virginia Tech.
  • (So Virginia Tech has a long history of contributing in this space and we are delighted that Ryan McDaniel is joining CTAB.)  
  •   Virginia Tech achieved InCommon Silver certification.   
  • Eventually InCommon decommissioned the silver and bronze profiles, in part because there were no federal agencies that required them.
  • AAC morphed into CTAB in January 2018. CTAB was tasked with developing a more incremental approach.
  • CTAB developed Baseline Expectations for Trust in Federation. 
  • The work of CTAB has yielded successful collaborations with NIH and NSF.
    

2024 CTAB Planning 

•  We are still gathering items for the CTAB 2024 work plan
• Items currently on the CTAB workplan include:
  

•      Placeholder for InCommon Futures 2 Report Activities

• •  In 2009, InCommon Steering created the InCommon Futures Report. That futures report is here:  https://incommon.org/wp-content/uploads/2019/04/InCommonFuture_20090701.pdf
  • InCommon was 5 years old and had approximately 100 member organizations.  
  • That 2009 report called for investment and growth of InCommon.
    
  • About 2 years ago, Internet2  had a leadership Exchange where the Internet2 Roadmap process kicked off.
  • Chair of InCommon Steering, Mark Walman, ND State University, attended. 
  • Mark Walman and Kevin Marooney decided  that InCommon should do a futures report to build on the 2009 report. 
  • Thus the InCommon Futures 2 report was born.  Engaged a vendor called Second Muse.  
  • Much community work has been invested and soon the final draft will be ready.  
    
  • https://incommon.org/news/incommon-strategic-planning-project-currently-under-way/
  • https://incommon.org/news/seen-and-heard-at-the-2023-internet2-community-exchange-4-iam-insights/
  • The real work begins after the InCommon Futures 2 report is complete.
    
  • Internet2 Community Exchange in spring 2024 will be an opportunity for important work https://internet2.edu/2024-internet2-community-exchange/
    
  • Internet2 roadmap is here https://internet2.edu/roadmap/

• Update RAF Implementation Guidance for InCommon Participants

• • REFEDS Assurance Framework Implementation guidance
    
  • New version of RAF framework is available https://refeds.org/assurance
    
  • Kyle Lewis is part of the RAF update
    
  • Providing community implementation guidance will be key
    

• SIRTFI exercise -2024

• • Tabletop exercise to go through a fictional InCommon security breach  (successfully done in 2022 and 2023) 
    
  • Use SIRTFI process to handle the breach
    
  • Plan to do a SIRTFI exercise again in 2024
    
  • In 2023, there was international, cross federation engagement with the SIRTFI exercise
    

• Federation Ready  - (Formulating ways for InC to promote increased interoperability or “Federation Ready” entities)
  

• • What strategies and capabilities do we want organizations to adopt?
    
  • This is an umbrella item
    
  • Will complement the work of InCommon Futures 2
    
  • Define and clarify what we mean by being compatible in the federation, from point of view of policy, practice, support, and technical interoperability 
    
  • This conversation goes beyond InCommon, it applies to the international federation community
    

• Authorization

• • AuthZ - can we formulate good scalable practices to make authZ (nearly) as federation scalable as authN
    
  • Attributes, entitlements, roles
    
  • Process can be ad hoc and burdensome
    
  • Some degree of standardization is needed
    
  • Could increase assurance if authorization is handled more efficiently 
    
  • Open Science is a key use case
    

• Protocol Issues

• • Work toward InCommon as an identity federation not tied to a specific protocol (explicitly including OIDC) or software (facilitating or accommodating other-than-TAP suite)
    

Next CTAB Call: Tuesday, Jan 9 at 1pm ET