CTAB Call Tuesday February 7, 2023 


Attending

Jon Miner, University of Wisc - Madison (co-chair)  (led this CTAB call)
Tom Barton, Internet2, ex-officio   
Matt Eisenberg, NIAID    
Ercan Elibol, Florida Polytechnic University  
Richard Frovarp,  North Dakota State  
Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
Mike Grady, Unicon  
Johnny Lasker, Internet2  
Kyle Lewis,  Research Data and Communication Technologies 
Andy Morgan, Oregon State University  
Kevin Morooney, Internet2   
Andrew Scott, Internet2  
Rick Wagner, UCSD  
Ann West, Internet2  
Albert Wu, Internet2  
Emily Eisbruch, Independent, scribe

Regrets

Warren Anderson, LIGO
Pål Axelsson, SUNET
David Bantz, University of Alaska (chair)   

Scott Green, Eastern Washington U
Meshna Koren, Elsevier 

Pre-reads:   draft 2023 CTAB Work Plan

Discussion

Working Group Updates 

    • BE v2 (defer to work item 2 - operationalizing) (Albert)
      • Work on assessing when an entity is out of adherence with baseline expectations
    • REFEDS Assurance (Kyle)
      • Going through comments to get ready for release
    • REFEDS MFA (Albert)
      • Looking at consultation feedback
      • Significant feedback received
      • Thanks to everyone who participated in the consultation
    • CACTI (Richard)
      • Password managers discussion
      • May move to a single CACTI meeting per month, twice as long
    • InCommon TAC (Eric)
      • Looked at accomplishments from 2022 and TAC draft work plan for 2023
      • Looking at NIST review, pre outreach from Tom Barton
    • SIRTFI exercise round 2 - Call for participation: https://spaces.at.internet2.edu/display/federation/call-for-participation-2023-sirtfi-exercise-wg 
      • 8 people signed up!
      • Kyle looking for a new chair
      • Question: are there different levels of participation?
      • Answer : you don’t need to be part of the planning group to do the tabletop exercise
      • In 3-4 months there will be a call for participation in the exercise
    • NIST 800-63-4 comments (co-work with TAC & CACTI) 
      • Slack channel set up; 21 people in channel
      • 18 people with update access to the google shared drive
      • Editorial group identified and scheduled

Finalize 2023 CTAB Work Plan  

    • CTAB and InCommon Operations leadership looked at bandwidth (capacity)
      We will try to maintain two active items on the CTAB workplan
    • currently working on
      1)  SIRTFI exercise and
      2) NIST 800-63 Rev 4 consultation - review and feedback,
    • SIRTFI is under control, so we can have one more active currently
  • Item 3 on CTAB workplan: Clarity on BE enforcements / operationalizing Baseline should be a priority this year
    • InCommon ops team is working on mechanism to detect anomalies
      • Metadata accuracy - key contacts, URL, etc
      • Contacts management / checking
      • Endpoint encryption technical process 
    • CTAB needs to clarify what to do with info on out of compliance entities
      • Process/procedure for escalation and timeframes.
    • AI -Jon and Albert?  reach out to Warren about getting work on moving this item along 
  • Group discussed workplan item 5. Framing the next chapter of federation maturity
    • Need to review all the existing documents on best practices and make the wisdom more widely available
    • Potential dimensions important to trust in federation interoperation:
      • IAM practices - assurance, identity lifecycle management, account mgmt (linking, mapping, decorations)
      • data standards / use - schemas, entity categories, etc.
      • technical interoperability (SAML, SAML2Int, etc)
      • Security and operational practices
      • User experience / support
      • Others?

Next CTAB Call: Tuesday, Feb 21, 2023

  

  • No labels