CTAB Call of April 16, 2024


Warren Anderson, LIGO
David Bantz, University of Alaska (chair)
Tom Barton, Internet2, ex-officio
Gabor Eszes, Univ of Virginia (rep from CACTI)   
Richard Frovarp,  North Dakota State
Mike Grady, Unicon
Scott Green, Eastern Washington University 
Johnny Lasker, Internet2
Ryan McDaniel, University of Alaska Anchorage
Jon Miner, University of Wisc - Madison (vice chair
Rick Wagner, UCSD 
Kathy Wright, Clemson, InCommon TAC rep to CTAB


Pål Axelsson, SUNET
Matt Eisenberg, NIAID 
Ercan Elibol, Florida Polytechnic University 
Christopher Keith, Brown University
Kyle Lewis,  Research Data and Communication Technologies
Albert Wu, Internet2 
Kevin Morooney, Internet2
Andrew Scott, Internet2
Ann West, Internet2 


  • InCommon Futures2 IAM Online 4/17 1PM Eastern

Woking Group & Liairsons’ Updates

    • InCommon TAC April 4, 2024- concentrated on charters for working groups:
    • CACTI: No meeting yet. See CTAB 2024-04-02 notes for CACTI 2024-03-27 summary.  ​​https://spaces.at.internet2.edu/x/GgLBEQ

    • SIRTFI Exercise Working Group: 
      • Continuing scenario development coaching for working group members to lead to internal WG practice in June
      • Will explore how IDPs should implement RAF2

    • Assurance - Nothing Significant to Report - expect an update next CTAB

TechEx is Dec 9-13, 2024 in Boston

  • Deadline to submit proposals is - May 13
    • https://na.eventscloud.com/website/69276/call-for-proposals-3/ 
      • In past years, CTAB has done a joint session with InCommon TAC and/or CACTI review the past year’s work and looking forward. Soliciting feedback from the community
      • Suggestion to focus on Baseline Expectations and community consultations
      • REFEDs Assurance Framework 2 - Updated guidance to academic IdPs?
      • Additional consultation on “federation-ready expectations” ?
      •     Entity categories, subject identifiers, signaling MFA
      • SIRTFI and exercise
      • Operationalizing Baseline Expectations ? (more as reminder or warning)
      • Mention annual validation emails process, new things site admins should know.
      • Maybe a venue for Site Administrator-facing change updates/office hours as 2024 is a big year for change
      •     Johnny will chat with Albert about this

Improving Federation Interoperability Next Steps - where do we begin?

    • What conventions, good practices, and/or explicit expectations for SPs, IdPs, and Federations will foster collaboration? - that is,  simplified (less custom 1:1) integrations to connect users via their IdP to useful services with high levels of trust and assurance.
    • Potential areas of focus
      • Managing IdP/SP Metadata (Configuration and Exchange)
      • Persona (user) attributes supported
      • REFEDS MFA Profile Conformance 
      • REFEDS Assurance Framework Conformance
      • REFEDS Entity Categories Conformance

    • Comments:
      •   Retrieving up to date metadata using metadata query service (MDQ)
      •   Mike Grady shared that some orgs fear failure of MDQ based on one previous incident. Johnny noted  MDQ is reliable these days.
      • Vendor-specific attribute requirements are a barrier to federation
      • Suggestion: encourage vendors to attend TechEx and tell their stories of easier integrations through standardizing their requirements.  This could encourage other vendors.
      • We need to clearer about what vendors need to do
      • Standardization of attributes will be helpful (username versus loginID)
      • Some IDPs are more successful than others in resisting the Service Provide requirements for non standard data format. 
      • Some vendors will only consume data with customization 
      • It would be helpful to show how others have solved this, show the integration and mapping. Would need to show this anonymously, without attributing a solution to a particular institution. 
      • Can we document what the needs are of vendors who won’t join InCommon?
      • Translate an SP’s OKTA instructions into something that makes sense
      • Warren: Small item people are not necessarily aware of: When an IdP rekeys its metadata certificate, some user remapping is needed on the part of RPs using CILogon, which uses the key as a global unique-ifier.
      • Perhaps provide a test tool (like NIH compliance testing tool); offer a feedback loop
      • It’s about setting out best practices and giving a score as motivation
      • Ryan: AI ( artificial intelligence)  might help with mapping patterns, if InCommon members share their mappings to a database.

Next CTAB call: Tuesday, April 30, 2-24

  • No labels