CTAB Call of April 30, 2024


Attending

David Bantz, Universty of Alaska (chair)    
Gabor Eszes, Univ of Virginia (rep from CACTI)   
Richard Frovarp,  North Dakota State   
Mike Grady, Unicon    
Christopher Keith, Brown University   
Kyle Lewis,  Research Data and Communication Technologies 
Ryan McDaniel, University of Alaska Anchorage    
Kathy Wright, Clemson, ( InCommon TAC rep to CTAB )   
Albert Wu, Internet2    


Regrets

Warren Anderson, LIGO 
Pål Axelsson, SUNET 
Tom Barton, Internet2, ex-officio
Ercan Elibol, Florida Polytechnic University 
Matt Eisenberg, NIAID 
Scott Green, Eastern Washington University 
Johnny Lasker, Internet2 
Jon Miner, University of Wisc - Madison (vice chair) 
Kevin Morooney, Internet2
Andrew Scott, Internet2
Rick Wagner, UCSD
Ann West, Internet2 

Discussion


Working Group & Liaisons’ Updates

  • IIW recap (Albert)
    • IIW Spring 2024 TAC Report Out
    • https://internetidentityworkshop.com/past-workshops/
    • IIW is a gathering of identity interested people, mostly technical folks.
    • It’s an unconference, like InCommon ACAMP
    • Important topics: 
      •   Digital Wallets (Verifiable Credential, or VC)
      •    OpenID for Verifiable Credential (OpenID4VC), OpenID for Verifiable Presentation (OpenID4VP), and more
      • Thoughts related to the growing importance of OpenID are below under "Working towards being protocol neutral"


    • InCommon TAC (David) discussed a number of possible TechEx2024 proposals
      • Subject identifiers and entity categories specs
      • Proxies (~middle things) 
      • Generic TAC/CTAB/CACTI update session…maybe

    • CACTI
      • eAC (eduroam Advisory Committee) is being advised to create Baseline Expectations for eduroam. Brett Bieber is a member of eAC. They have been told they can reach out to us (to CTAB) as well.
      • A working group to generate trust models for next generation credentials is being formed. CTAB is listed as a stakeholder. Charter expected to be finalized after May 1.
      • Note: Baseline Expectations for eduGAIN will be a topic in the coming months.

    • SIRTFI Exercise WG
      • No new updates; in-progress for practice exercise scripting (practice script exercise internal to working group slated for 1st week of June)
      • Discussion on what happens if there is a need to remove an IDP from a federation.  This is not the primary business of SIRTFI Exercise Working Group.    Relates to dispute resolution and escalation Baseline Expectations process. 
      • RAF2 v NIST Risk Assessment (risk analysis) paper update.    With Apryl for InCommon editing. This is an informational report. 

Working towards being protocol neutral  

    • OpenID / OIDC is growing; SAML is declining in importance 
    • Should CTAB encourage its community to move to OpenID? 
    •  Noted other InCommon advisory groups and committees are working on this
    •  Question:  Is the InCommon federation planning to move to OpenID? Will all orgs in the federation need to transition?
      • Answer: In the near furture InCommon members will have the option to stick with SAML. 
      • Speculation: SAML may potentially eventually be phased out, perhaps in a decade. 
    • Need deployment and  implementation guidance 
    • We should carry over things that are foundational and essential
    • It may be useful for CTAB to review the trust model and recommend what critically matters, regardless of what the protocol might be
    • What’s not critical to port?
    • Example: today we do validation on SAML entity ID, but this is not foundational to our trust model. 
    • Having a participation agreement with a delegation authority chain is critical
    • Is OIDC more complex than SAML?  OIDC is complex because it offers many useful options. OIDC spec is easier to read than the SAML spec
    • There are already two academic federations that are using OIDC (both in Italy)
    • In some cases, Baseline Expectations assumes SAML.  CTAB might eventually have a working group to address this.
    • Albert: we should be sure we have a list addressing  “what do I need to do to be federation ready?”    
    • Then evaluate how many of those things are SAML specific. 
    • REFEDS MFA profile is not SAML specific.


TechEx Session Proposals (and CTAB meeting) 

    • For Tech Ex, it's important for CTAB members to attend if they can
    • Attendance is not required. But it’s the one time per year to meet in person.
    • (For Internet2 Community Exchange it is less important for CTAB members to attend)
    • There is enough interest to have a CTAB meeting at TechEx 
    • Tech Ex Call for proposals is now open https://na.eventscloud.com/website/69276/call-for-proposals-3/
    • CTAB and InCommon TAC may have a combined session
    • Topics we want to be sure to get discussed?
    • David: Two items to get in front of the community for discussion:
      • 1. Additional expectations for interoperability (federation ready expectations, beyond baseline) 
      • 2. Becoming more protocol neutral
    • Is that enough for an abstract for a TechEx session?
    • AI Albert, David, Jon M, and Chris will create an abstract for this Tech Ex session. CTAB will work on the details between now and TechEx
    • AI: Albert will look at the specs and protocols coming across to be sure they are protocol specific  
    • CORRECTION FROM SCRIBE UPON LATER REVIEW: this last line was meant to say protocol agnostic


Next CTAB Call: Tuesday, May 14, 2024



  • No labels