CTAB Call Tuesday March 7, 2023
Attending
David Bantz, University of Alaska (chair)
Warren Anderson, LIGO
Pål Axelsson, SUNET
Tom Barton, Internet2, ex-officio
Matt Eisenberg, NIAID
Richard Frovarp, North Dakota State
Eric Goodman, UCOP - InCommon TAC Representative to CTAB
Mike Grady, Unicon
Scott Green, Eastern Washington U
Johnny Lasker, Internet2
Kyle Lewis, Research Data and Communication Technologies
Jon Miner, University of Wisc - Madison (co-chair)
Andy Morgan, Oregon State University
Andrew Scott, Internet2
Rick Wagner, UCSD
Ann West, Internet2
Albert Wu, Internet2
Emily Eisbruch, Independent, scribe
Regrets
Ercan Elibol, Florida Polytechnic University
Meshna Koren, Elsevier
Kevin Morooney, Internet2
Pre-reads
- InCommon CTAB 2023 Work Plan
- This is now a public document
Discussion
- Internet2 Intellectual Property Reminder: https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
Working Group updates
- InCommon Steering discussed a futures plan (David)
- An effort led by Ann West to formulate an action plan for next few years for InCommon Federation
- There may be surveys coming out in relation to futures
- Albert will ask if the powerpoint is available for CTAB to view
- An effort led by Ann West to formulate an action plan for next few years for InCommon Federation
- SIRTFI Exercise Working Group (Kyle)
- This is item #1 on InCommon CTAB 2023 Work Plan
- First meeting was earlier today, working to identify a chair
- Enthusiasm
- There may be micro events leading up to the tabletop exercise
- Given TechEX timing this year, it might be before the “big event” TTX
- InCommon TAC (Eric)
- Continued discussion on Workplan
- Detailed discussion on (new) SAML2Int/Deployment Profile and Entity Category support.
- Deployment Profile seems to lean towards adoption of subject-id
- Entity Categories refers to the categories coming out of Seamless Access (Anonymous, Pseudonymous, Personalized)
- Is there a demand in the community for subject-ID and entity categories? Or a need to generate a demand?
- Seamless Access entity categories (Anonymous, Pseudonymous, Personalized) are meant for publishing community
- Likely Personalized will be more challenging to release than Anonymous and Pseudonymous
- Likely Personalized will be more challenging to release than Anonymous and Pseudonymous
- Question: where is support for R&S category?
- Albert: there was a jump when NIH required R&S; otherwise there has been flat growth. If more SPs demand R&S, there will be more IDPs supporting it. Some campuses are more focused on research than others, so we may never get to 100% of IDPs supporting R&S
- R&S is a way to simplify attribute release
- Some IDPs use eRA and release attributes either by unilateral ARP or by releasing generally, ie, it’s not just by supporting the R&S EC.
- Albert: there was a jump when NIH required R&S; otherwise there has been flat growth. If more SPs demand R&S, there will be more IDPs supporting it. Some campuses are more focused on research than others, so we may never get to 100% of IDPs supporting R&S
- Detailed discussion on (new) SAML2Int/Deployment Profile and Entity Category support.
- Continued discussion on Workplan
- CACTI (Richard & Mike)
- Discussion on VC (verifiable credentials) and digital wallets
- Most of the work on digital wallets is outside the sphere of CACTI, higher ed IT and federation. IEEE is looking at VC and digital wallets
- Some organizations are working on managing the trust keys
- Next IAM online is on self sovereign identities incommon.org/academy/iamonline/
- Discussion on VC (verifiable credentials) and digital wallets
- REFEDS MFA (Albert)
- Group will shift towards 2.0 version
- Changes needed will be “contained”
- There will be an effort to clarify how things apply
- Focus on clarifying forceAuthn behaviors
- forceAuthn is a SAML and CAS spec thing
- forceAuthn is a SAML and CAS spec thing
- How to characterize and clarify the 12 hour window
- Group will shift towards 2.0 version
- REFEDS Assurance (Kyle)
- Continues to refine final draft to make ready for public consultation
- About 80% through processing the comments
- Continues to refine final draft to make ready for public consultation
- InCommon Steering discussed a futures plan (David)
- NIST 800-63-4 updates (Tom)
- https://www.nccoe.nist.gov/digital-identity-guidelines-webinar-series
- Or https://content.govdelivery.com/accounts/USNIST/bulletins/3487f14
- This is item #2 on InCommon CTAB 2023 Work Plan
- The editorial group has completed initial review of 63, 63A, and 63B. Next up: 63C.
- Tom Barton reports the review work is on track
- IAL1 versus IAL2 - suggestion to reduce evidence needed for IAL1
- Trusted referees construct - draft talks about trusted referees as agent of CSP, unclear what that means. Suggestion to clarify that.
- 800-63C focuses on federation, and the group will likely have suggestions for that
- InCommon and FAL1 or FAL2, identity provider requirements and relying party requirements
- Potentially find a way to separate InCommon membership from membership in an FAL2 federation.
- Webinars are coming up
- https://www.nccoe.nist.gov/digital-identity-guidelines-webinar-series
- Operationalizing Baseline Expectations discussion (Warren)
- This is item #3 on InCommon CTAB 2023 Work Plan
- Group met last week, good discussion
https://docs.google.com/document/d/15A1iSaSrvh6MDX5eXWYN-S42pxhXbWDJ1-2r24AK_MI/edit?pli=1#heading=h.ath0gekz8skw - Purpose: develop a concrete set of proposals for general discussion within CTAB
- Warren’s spreadsheet was not the focus
- Instead, the group discussed how much this should be a prescriptive versus suggesting exercise
- Although SysAdmins are the points of contact for InCommon, it is the InCommon Exec who is more responsible for some of the issues. There is not a systematic way to track the Execs, in case there is a change, and how to contact the Execs
- Issue that Exec can’t always log into federation manager; it depends on coordination within the institution
- Group will meet again in 2 weeks, Albert is flywheel
Next CTAB Call: Tuesday. March 21, 2023