CTAB Call Tuesday March 21, 2023
Attending
Warren Anderson, LIGO
David Bantz, University of Alaska (chair)
Ercan Elibol, Florida Polytechnic University
Richard Frovarp, North Dakota State
Eric Goodman, UCOP - InCommon TAC Representative to CTAB
Mike Grady, Unicon
Johnny Lasker, Internet2
Kyle Lewis, Research Data and Communication Technologies
Jon Miner, University of Wisc - Madison (co-chair)
Andy Morgan, Oregon State University
Rick Wagner, UCSD
Albert Wu, Internet2
Regrets
Pål Axelsson, SUNET
Tom Barton, Internet2, ex-officio regrets
Matt Eisenberg, NIAID
Scott Green, Eastern Washington U
Meshna Koren, Elsevier
Kevin Morooney, Internet2
Andrew Scott, Internet2
Ann West, Internet2
Emily Eisbruch, Independent, scribe
Discussion
- Internet2 Intellectual Property Reminder: https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
- For Reference : InCommon CTAB 2023 Work Plan
Working Group updates
- NIST 800-63-4 review
- InCommon NIST 800-63-4 Review - Google Drive
- Deadline for submitting comments was extended to April 14, 2023
- Anyone reflect on NIST webinars re 800-63-4?
- The last one was the most useful. :)
- This is from the standpoint of the webinar providing context for the specific written expectations in the draft documents.
- The first two talked more broadly about the DEI goals of the standard and why DEI is important (e.g., to ensure we don’t exclude populations that might not have identity documents, or might be disadvantaged wrt/technology). Those are important goals, but they were a little less directly focused on requirements as written in the draft standard.
- Watch this web page: recordings are posted typically 2 weeks after the event under each session’s intro: https://www.nccoe.nist.gov/digital-identity-guidelines-webinar-series
- There have been conversations around
- lack of distinction between IAL levels
- trusted referees
- several issues around federation
- issue around what is PII in the docs
- Additional Comments
- There will be a requirement for stronger proofing for the population that can access certain resources.
- There may be some pushback for campuses where IAL2 is not possible so MFA is required.
- Resource providers are getting serious about requirements.
- We want to work towards resource providers having a consistent ask and towards limiting requirement sprawl.
- We want to work towards resource providers having a consistent ask and towards limiting requirement sprawl.
- Tom Barton is taking the lead on filling out the comment matrix
- Eric Goodman is participating on the editorial board
- There will be a requirement for stronger proofing for the population that can access certain resources.
- Additional Comments
- SIRTFI Exercise Working Group
- Meeting every two weeks at this time
- Kyle was appointed the chair
- Planning a workshop alternative to online week-long exercise
- Charted out engagement opportunities at various conferences
- TechEx in Sept. will be before the tabletop exercise this year,
- so at TechEx we will preview the exercise (exercise likely will be scheduled for Oct. but TBD)
- so at TechEx we will preview the exercise (exercise likely will be scheduled for Oct. but TBD)
- CACTI
- Meeting once a month, no meeting since last CTAB meeting
- Meeting once a month, no meeting since last CTAB meeting
- RAF
- No significant update…progress on RAF 2.0 continues towards public consultation
- No significant update…progress on RAF 2.0 continues towards public consultation
- REFEDS MFA
- Mostly focused on session length and need/expectation for ForceAuthn.
- Leaning towards proposing a third identifier “MFA Now” requiring all factors be authenticated for immediately (what many people think of as “ForceAuthn”, but it is more specific about how/when factors should be challenged)
- There was discussion of proving your compliance to federation, not self asserted, getting federation stamp of approval, value federation could bring, beyond baseline expectations
- Are we delivering trust?
- Does REFEDs MFA serve its purpose for our community?
- CTAB concerns: how do we encourage REFEDs MFA use so we can deliver trust in federation? How do we help participants understand how to use REFEDs MFA?
- This group is open, please join if you can help
- Mostly focused on session length and need/expectation for ForceAuthn.
- InCommon TAC
- No meeting (directed people to NIST webinar instead)
- No meeting (directed people to NIST webinar instead)
- Operationalizing Baseline Expectations Group - progress / review (next time)
FedCM hackathon updates (Nicole Roy) <---- postponed till future call
- REFEDS Community Chat on Federated identity and Browsers and Hackathon - update
Thursday, 23 March @ 08:00 PT / 16:00 CET ->
TechEx 2023 Session Proposal
- Info on TechEx 2023 in Minneapolis, Sept 18-22 https://internet2.edu/2023-internet2-technology-exchange/
- Proposals are due April 7
- Agreed that CTAB should present an update at TechEx 2023, to include:
- discussion on operationalizing Baseline Expectations
- start conversation on next chapter of Baseline or after Baseline Expectations
- Encourage conversation for ACAMP, intro to key topics
- NIST assurance levels
- REFEDs MFA
- Albert, David and Jon will prepare a placeholder proposal for TechEx
- discussion on operationalizing Baseline Expectations
- Reminder: In 2019 at New Orleans TechEx, CTAB and TAC did a joint update
Next CTAB Call: Tuesday, April 4, 2023