CTAB Call February 20, 2024
Attending
- Warren Anderson, LIGO
- Pål Axelsson, SUNET
- David Bantz, University of Alaska (chair)
- Tom Barton, Internet2, ex-officio
- Richard Frovarp, North Dakota State
- Mike Grady, Unicon
- Scott Green, Eastern Washington University
- Kyle Lewis, Research Data and Communication Technologies
- Ryan McDaniel, Virginia Tech
- Jon Miner, University of Wisc - Madison (vice-chair, second banana)
- Rick Wagner, UCSD
- Kevin Morooney, Internet2
- Andrew Scott, Internet2
- Albert Wu, Internet2
- Emily Eisbruch, Independent, scribe
- Gabor Eszes, Univ of Virginia (rep from CACTI)
- Kathy Wright, Clemson, InCommon TAC rep to CTAB
Regrets
- Ann West, Internet2
- Matt Eisenberg, NIAID
- Ercan Elibol, Florida Polytechnic University
- Christopher Keith, Brown University
Discussion
- Internet2 Intellectual Property reminder
Updates from allied committees and working groups
- REFEDS Working Groups announcement (Pål and Albert):
- REFEDS 2024 Work Plan - be sure to add your +1 if you are interested in participating
In the 2024 workplan preparation for REFEDS there are two new working groups suggested by Pål Axelsson and Albert Wu.
To kick start these new working groups we're trying to get a startup meeting for each of them. The goal for the meeting is two decide if we want to do start the working group and thereafter define goals and meeting schedule.
To be able to get people in from all around the globe into the startup meetings we propose a wide array of timeslots, please indicate all that are possible for you and remember this is for the first startup meeting, not all WG meetings. Please fill in the Doodle so that we can choose good timeslots, https://doodle.com/meeting/participate/id/el8Px01e. All the suggested meetings times are in the week Feb 26 - Mar 1.
To give us a kickstart and describe each working group we've written embryos for charter and description of each working group.
Defining a Standard Mechanism to Signal an Entity’s Support for REFEDS Specifications (in Entity Metadata)
https://docs.google.com/document/d/1IXeCpKYl4LVc5RiDH0ZUKsNK-3BRNk_Qt_DkwFkncaE/edit
REFEDS publishes standards and specifications deployed by the global research and education community to enable scalable, secure, and seamless federated access. These specifications have been developed by and continue to evolve through community volunteer working groups.
These specifications satisfy a wide range of capabilities and needs. They generally perform one or both of these functions:
- To signal an entity’s qualification or support for a particular performance requirement via declarations in entity metadata (ala configuration time)
- To articulate requirements (and performance of those requirements) during a user sign-in event (ala transaction time)
Define a set of metadata about a federation and how to publish this metadata
https://docs.google.com/document/d/18bN43yKKGoTbCDNuKLzh3eI91kAx_v0OA3YUmllS9sM/edit
- This is a first step to adding baseline expectations into edugain.
- Ryan noted barriers (registrar concerns) to using edugain, around FERPA requirements.
- Pal: each country has its own legislation around privacy requirements.
- eduGain steering committee hopes to implement baseline expectations as a first step
- It’s more than just EU and USA, other countries have different views of privacy
- Filtering can potentially be used to mitigate concerns.
- Albert hopes these issues will surface and be tackled
- Digital wallets also play a role in this topic, transferring info about the logged in user
- Currently the IDP has much control of what to release
- In the digital wallet model, the user has more control
- To find information about federations requires that you go to each one of them you're interested in and manually gather the information or go to either the eduGAIN technical site or the REFEDS Metadata Explorer Tool and look for what is manually registered there. To minimize the work to maintain and publish this information this working group discusses and defines a set of federation information metadata that include information and policy links plus contact information including how to publish this metadata. Standardizing this metadata is part of facilitating the introduction of REFEDS Baseline Expectations for Federation Operators.
- To find information about federations requires that you go to each one of them you're interested in and manually gather the information or go to either the eduGAIN technical site or the REFEDS Metadata Explorer Tool and look for what is manually registered there. To minimize the work to maintain and publish this information this working group discusses and defines a set of federation information metadata that include information and policy links plus contact information including how to publish this metadata. Standardizing this metadata is part of facilitating the introduction of REFEDS Baseline Expectations for Federation Operators.
- InCommon TAC (David)
- Draft guidance document for access entity categories
SWAMID and REFEDS also addressing use of the new categories - 2024 Q1-Q2 TAC Work Plan
- Extended discussion of potential testing of IdPs for interoperability
- InCommon update - Kevin continues to update slides about InCommon Futures 2
- Albert: Seamless access work is ongoing
- Internet2 Confluence wiki will move to Seamless Access tomorrow
- Internet2 Confluence wiki will move to Seamless Access tomorrow
Review and approve CTAB 2024 work plan
- Public Link to CTAB workplan: https://spaces.at.internet2.edu/pages/viewpage.action?spaceKey=ctab&title=ctab-2024-work-plan
- Add your name as appropriate!
- Commit to charter as prep for wider call to participate
- This is a first half of 2024 work plan
- Three work plan items for first half:
- 1. Update REFEDS Assurance Framework Implementation Guidance for InCommon Participants
- 2. SIRTFI Tabletop Exercise
- 3. Baseline Future: Improving Federation Interoperability
- This working group needs a charter and set of deliverables
- On Deck in the CTAB workplan:
- 4. Snippets from the field: gaps in InC capabilities and practices for relying parties, (Mike Grady proposal)
- 5. AuthZ -
- can we formulate good scalable practices to make authZ (nearly) as federation scalable as authN,
there are many use cases
some use cases came out of open science community
need for campus data stewards to be allowed to participate to answer questions like “who is a health care worker?”
To define entitlement value, someone must own the definition of the qualification
Must specify who gets to make that claim
Wallet design is an important factor
Attribute definition may be determined in a different way for wallets
How to architect and organize at global scale?
Need vocabulary around federated authorization that everyone understands
note: this AUTHZ work item may overlap w REFEDs working group
- can we formulate good scalable practices to make authZ (nearly) as federation scalable as authN,
- 6. Working towards a set of federation principles that are not protocol dependent (mapping away from SAML)
OID Federation may be helpful
What does CTAB want to get out of Internet2 CommEx Meeting in Chicago?
- https://internet2.edu/2024-internet2-community-exchange/
- March 4-7, 2024 in Chicago
- (David/Jon/Albert are going and presenting)
- Draft outline of questions to solicit input from session attendees (David)
- Please email David if you have suggestions
Next CTAB Call: Tuesday March 19 (March 5 CTAB call is cancelled due to CommEx)