CTAB Call Tuesday February 21, 2023 


David Bantz, University of Alaska (chair)   
Warren Anderson, LIGO\

Pål Axelsson, SUNET  

Tom Barton, Internet2, ex-officio  
Ercan Elibol, Florida Polytechnic University 
Richard Frovarp,  North Dakota State
Eric Goodman, UCOP - InCommon TAC Representative to CTAB

Mike Grady, Unicon

Scott Green, Eastern Washington U 

Johnny Lasker, Internet2

Kyle Lewis,  Research Data and Communication Technologies

Jon Miner, University of Wisc - Madison (co-chair) 

Rick Wagner, UCSD  

Albert Wu, Internet2   


Matt Eisenberg, NIAID 
Meshna Koren, Elsevier 
Andy Morgan, Oregon State University
Kevin Morooney, Internet2
Andrew Scott, Internet2 
Ann West, Internet2 
Emily Eisbruch, Independent, scribe  


Working Group updates

    • NIST 800-63-4 review
      • Continuing on schedule.

      • Finished reviewing feedback on consultation. Will be drafting the response.
      • Plan is to create a new profile identifier. i.e., leave current profile/identifier as is (because there are significant implementations in the wild that would be impacted by changing the expectations around that identifier). A new profile id will be generated, and some of the new (but “backwards compatible”) set of expectations will be published for the new identifier.
      • Will there be guidance for SPs and IdPs on how to deal with the fact that there are multiple identifiers? 
        • Yes
      • Will we look at the ability of products to make these distinctions?
        • Broadly, yes. 
        • Looking at ForceAuthn in particular.
        • Also, we assume most users deploy proxy solutions to meet InCommon requirements. It’s possible (likely) that those proxies would be able to understand either incoming request type, and depending on what the backend supports, either pass the request through to the IdP or signal failure (e.g., if the backend meets the old requirements but not the new ones, and the SP requests the new ones). 
        • Based on conversation, will reach out to Mike Grady to get some feedback on their experiences implementing REFEDS MFA support with non-Shib/SSP backends.

    • REFEDS Assurance
      • Halfway through final review of RAF 2.0 prior to public consultation; expect ~6 more weeks before ready for public consultation release

    • CACTI
      • No update. Meeting monthly now.

    • InCommon TAC
      • Had presentation and discussion with Apryl Motley @ InCommon about Internet2 messaging on value of InCommon
      • Detailed discussion of 2023 TAC workplan

    • SIRTFI Exercise Working Group
      • 13 volunteers signed up for the working group
      • next step is to set up kickoff meeting

Baseline Expectations v2 CatchUp  

  • InCommon Operations plans new tooling in the Federation manager to detect when an entity falls out of compliance with Baseline Expectations.
  • Currently compliance is checked when changes are made to metadata.
  • The work, called “Baseline Expectations Catchup”, kicks off in March and includes
    • The checking process for entities compliance with Baseline Expectations will be implemented as a separate scheduled asych process apart from when updates to metadata are made
    • Updating how we track encryption scan scores over history 
    • Checking when a contact no longer works
  • Hope to have some results to report by TechEx 2023.

 2023 CTAB Work Plan

  • Only minor changes were made to the work plan since last CTAB call, mostly formatting improvements
  • There are three sections in CTAB work plan: 
    • Active items
      • 1. SIRTFI Exercise Planning Working Group (SEPWG)
      • 2. NIST 800-63 Rev 4 consultation - review and feedback
      • 3. Clarity on Baseline Expectations enforcements / operationalizing Baseline
        • Warren is willing to lead this work, and may start with a discussion group. He has prepared a spreadsheet, enumerating the baseline expectations.
        • There is more if we break out the components of SIRTFI
        • Looking at things that can be subject to automated checking and things that can’t (for example, no clear metric for respecting user privacy)
        • Comment: thanks Warren for this great start
        • Decision: a small group will review the spreadsheet Warren created, and tee up topics for the CTAB calls. Albert will likely set up a meeting on the off-week from CTAB
        • Question: should we be double-checking, or simply trust, SIRTFI self attestations?
        • Should we ask for a periodic (once per year) attestation from an organization that they meet Baseline Expectations? Advantages:
          • Yearly attestation could be a good time to be sure the contacts are still accurate, and 
          • Can help new InCommon executives and admins understand their responsibilities with regard to InCommon federation.  Validation for new execs and new admins is an issue that needs an  improved workflow.
    • Candidate CTAB Workplan items
      • 4. Framing the next chapter of federation maturity
      • 5. Assurance - next steps, rollout
    • Items CTAB checks but does not lead
      • 6. Review REFEDS Entity Categories

  • Albert will update the CTAB work plan on the wiki. Will publish publicly by next CTAB call.

Next CTAB call: Tuesday, March 7, 2023

  • No labels