CTAB Call October 31, 2023



Pål Axelsson, SUNET  

David Bantz, University of Alaska (chair) 

Tom Barton, Internet2, ex-officio

Matt Eisenberg, NIAID 

Richard Frovarp,  North Dakota State  

Eric Goodman, UCOP - InCommon TAC Representative to CTAB 

Mike Grady, Unicon  

Scott Green, Eastern Washington U   

Johnny Lasker, Internet2 

Kyle Lewis,  Research Data and Communication Technologies 

Jon Miner, University of Wisc - Madison (co-chair)

Andy Morgan, Oregon State University

Kevin Morooney, Internet2 

Rick Wagner, UCSD 

Albert Wu, Internet2   

Emily Eisbruch, Independent, scribe 


Warren Anderson, LIGO 

Ercan Elibol, Florida Polytechnic University 

Meshna Koren, Elsevier 

Andrew Scott, Internet2 

Ann West, Internet2 


Working Group updates

  • InCommon TAC 
    • Johnny Lasker provided a demo of enhancements in the Federation Manager to support Baseline Expectations, including GUI indications of the status of multiple components of BE.  
    • CTAB saw the same demo at a recent CTAB meeting. 
    • Plan is to launch these enhancements to Federation Manager on Nov. 8.   
    • The rest of the TAC meeting was focused on reviewing nominees for TAC membership

  • RAF 2.0 (Kyle) 
    • Nothing significant to report; awaiting REFEDS Steering Committee publication

  • SEPWG (Kyle)
    • Participating organizations’ SIRTFI exercise POC training/orientation under way… Kyle will give 2 more training sessions
      tabletop exercise starts 13 Nov (less than two weeks)
    • 16 participating organizations, including federations from New Zealand and Australia

CTAB elections 

  • November 14 is the deadline for sending the CTAB 2024 slate to InCommon Steering
  • We have received 5 nominations for CTAB, there are 4 open seats
  • CTAB members finishing CTAB terms at end of 2023: Meshna, Andy, Jon, David
  • All 5 nominees represent IDPs; Meshna (departing CTAB) represented an SP
  • Note that Rick Wagner has changed jobs at UCSD.  Rick is now Chief Technology Officer (CTO) at the San Diego Supercomputer Center (SDSC)
  • Albert will  open the ballot for election after this CTAB call and conclude it before the Nov. 14 CTAB call,
  • Each CTAB member should vote for 4 people.
  • After election results are known, CTAB will handle election of chair and vice chair
    • Please opt out of ballot for chair and vice chair if you don’t want to be considered. 
  • Suggestion to invite select individuals to CTAB as Subject Matter Experts in 2024
  • Are there representatives of Commercial Service Providers that we should try to recruit as CTAB members or Subject Matter Experts?  
  • A representative from Research.gov  would be helpful 
  • We have good representation from NIH
  • Albert: next steps: identify the 2024 CTAB workplan items
  • Perhaps we should create a 2024 CTAB workplan item around research.gov
  • Albert and Tom meet monthly with a rep from research.gov
  •    Other representatives from CTAB could join that
  • OAuth, OIDC, relationships with browsers, could all be conversations where we want to bring in experts.
  • Suggestion to bring into CTAB people who are more grounded in OIDC space for conversations
  • At TechEx there were meetings on engaging more fully with government agencies that are part of federation, including Dept of Education, NASA, and NIST.

2024 CTAB Work Plan

  • Reserve time for anticipated InCommon Futures charge from Steering
    •    InCommon Steering commissioned InCommon Futures 2.
    •   In 2009 there was InCommon Futures 1 report.  
    •    2024 is InCommon’s 20th birthday.  
    •    First draft will be presented to Steering in early Nov.  
    • Final publication is planned for Feb 1, 2024.
    • There may be items in the InCommon Futures report impacting CTAB work

Likely items for CTAB 2024 workplan

  • Update RAF Deployment Guidance [recipes]
  • Operationalize BE - implementation - what’s CTAB’s role?
  •  AutnZ / Entitlements- how do we structure this work?
    (aka “Who moved my AuthZ cheese”)
    • Campus integrations, how to send data back and forth
    • Example: Zoom integrates with hundreds of campuses, in bilateral manner
    • Open Science need https://open.science.gov/ per KenK & KM
      Access gated to “appropriate” or “qualified” users , need for entitlement information. Can a campus tell us who is a health care worker, Some applications in HHS are only available to healthcare workers. 
  • Benn Oshrin, chair of REFEDs schema board, supports working out mechanics related to entitlement information 
  • It would make sense to review use cases for entitlement info, telescope projects, etc.   
  • Who gets to define what attributes?
  • Not just the IAM teams
  • Wallet architecture will impact this
  • In the Wallet space, IDP will not perform authentication the way it does now
  • Need to define patterns and models
    • SIRTFI Training and Exercise - what’s CTAB’s role? – recommend continue to charter the SEPWG
    • Kyle: There was discussion at end of Tech Ex about passing SIRTFI information, there is interest in the edugain community
    • How to  pass certifications in trusted manner and SIRTFI   
  • Activity to enable better-than-just-email coordination in handling federated security incidents (Kyle’s suggestion)
    • Tom notes that the SIRTFI WG considered this at several points along the way. Review of minutes might be worthwhile.

  • Work of CTAB  and InCommon TAC may start to converge
    • Look at the CTAB and the TAC workplans for synergy, cross link the workplans

  • Baseline Expectations - Next
    • Require RAF conformance assertion - because InCommon IdP already conform
    • Require Idp to support REFEDS MFA Profile (not necessarily to perform MFA, but to be able to respond correctly to MFA requests)?
    • Building on work of rolling out Access entity categories and SAML2Int 
    • Promote use of entity categories
    • Fresh metadata, and MDQ
    • InCommon Operations plan for 2024: shut down the legacy aggregate, move everybody to MDQ.  MDQ has an aggregate equivalent
    •     Discuss this more on a future next CTAB call 
    • Promote adoption of REFEDS framework and be able to assert ‘enterprise’ level of assurance (IAL? AAL?) – apologies: I meant Conformance Criteria, not local-enterprise –Kyle
    • Edugain will eventually require baseline for most federations, plan for how to fix gap
    • Albert will start a 2024 CTAB workplan 

    • What are the things we want IdPs SPs to be able to do to be “federation ready”?
    • FYI, developing mechanism to enable such signaling at metadata exchange time is being proposed at REFEDS: https://wiki.refeds.org/display/WOR/2024+Work+Plan+Preparation 

Next CTAB Call: Tuesday, Nov. 14, 2023

Note from December 2023: Due to schedule conflicts, the Nov. 14 and Nov. 28, 2023 CTAB calls were cancelled

  • No labels