CTAB Call July 23, 2024

Attending

Warren Anderson, LIGO  
David Bantz, University of Alaska (chair)  
Gabor Eszes, Univ of Virginia (rep from CACTI)    
Richard Frovarp,  North Dakota State  
Mike Grady, Unicon   
Kyle Lewis,  Research Data and Communication Technologies  
Ryan McDaniel, University of Alaska Anchorage  
Kevin Morooney, Internet2
Albert Wu, Internet2 

Regrets

Pål Axelsson, SUNET 
Tom Barton, Internet2, ex-officio
Matt Eisenberg, NIAID 
Ercan Elibol, Florida Polytechnic University 
Scott Green, Eastern Washington University
Christopher Keith, Brown University
Jon Miner, University of Wisc - Madison (vice chair) 
Rick Wagner, UCSD 
Kathy Wright, Clemson, InCommon TAC rep to CTAB
Andrew Scott, Internet2 
Johnny Lasker, Internet2
Ann West, Internet2 
Emily Eisbruch, Independent, scribe

Discussion

Administrivia

• Intellectual Property Reminder  - All Internet2 activities are governed by the  Internet2 Intellectual Property Framework.
• Public Content Notice  - CTAB minutes are public documents. Please let the CTAB and note taker know if you plan to discuss something of a sensitive nature.

Working Group Updates

• InCommon Steering (monthly - no update this week)
  
  
• InCommon TAC
  • Brilliant demo of SWAMID federation tools
  • Checks assurance assertions, entity category support, metadata components
  • Used to verify appropriate metadata prior to inclusion in federation aggregate
  • See https://wiki.sunet.se/display/SWAMID/SWAMID+Policy
    
    
• SITRFI Exercise (paused until August 15)
  
  
• CACTI
  • Subgroups for outreach – work continues
  • CACTI will invite InCommon TAC and CTAB members to start a conversation about how Internet2 committees can engage with the OpenID Foundation about OpenID standards.
  • CACTI meets every month, Wednesdays, at 13:30 Eastern; Upcoming meetings on Aug 14 and Sept 11

• Eduroam Advisory Committee - no update
  
  
• Assured Access Working Group v2  
  review in progress; no updates yet
  3rd meeting is this week
  
  

CTAB Forward 

• How should CTAB shape its work (to further Federation trust/interoperability and to align with InCommon Futures 2)
• Per discussion on the last CTAB call, there is consensus towards developing best practices/expectations.  These will not be strictly required as the current baseline expectations are. These will be business or architecture guidelines to facilitate ease of deployment. 
  
  Next steps:
  • Proposed Working Group to identify and describe federation needs for increased trust, assurance, interoperability, and rapid deployment:
    • State needs in generic business terms rather than in terms of specific protocols or other technology-specific terms.
    • Identify the data, policies, and behaviors needed to implement; protocol-specific deployment only if and as necessary.
    • Describe fit to & support for InCommon Futures2 work areas
    • Propose new federation expectations to be adopted by InCommon community at TechEx2024.
    Illustration - not meant to detail what expectations to be included or the product format:
    
  • 

• •  David, Jon and Albert will work on drafting a charter for the new working group

Discussion

• • • Will this working group be a venue to discuss possibly requiring conformance criteria for REFEDS Assurance Framework (RAF)?
    • David: Likely yes, the working group will define what is needed for a common understanding between IDPs and SPs for different types of assurance levels.
    • Albert: it’s about creating a sustaining framework for introducing and maturing interoperability and security capabilities in the federation.
    • Creating maturity ladder
    • What are the things you need to do to interoperate at a certain level (such as IAP High) 
    • Mike Grady, Rick, Gabor have all agreed to be on this working group.
    • It is open to others 
    • Albert: SWAMID has a set of profiles and policies governing what makes an entity SWAMID ready.
    • They are similar to Baseline Expectations but they are more precise
    • That is the direction we want to explore
    • We need more precise definitions of interoperable solutions
    • Explain the right way of doing things; goal is to clarify what we expect
    • Kyle: There is a strategic goal of getting federation to signal conformance criteria
    • InCommon TAC just released report on adopting access categories
    • We can't require R&S, But for interoperating with NIH, the case for R&S is clear
    • We need a statement for InCommon’s position regarding recommendations
    • We have not made that clear
    • That final step makes the difference in promoting adoption
    • How to turn recommendations into actual practice in federation
    • Warren: could part of the new Working Group charter be to clarify some of the current baseline expectations?  Some are vaguely worded.  
    • Albert: Because this work is large in scope, the working group will likely end up doing a survey on what are the areas for which we need to provide more detailed guidance/policy.  This will include baseline expectations.  
    • We have detailed doc on how to adopt Baseline Expectations 2. We never did a similar document for Baseline Expectations 1

Connections between TAC and CTAB Subcommittees

• How does this working group differ from the InCommon TAC Federation Readiness Test working group? 
• CTAB group will focus more on the question of why do we test rather than what to test.
• Kevin: regarding InCommon Futures 2, we want to keep our eyes on the  issue of how all the advisory bodies work together

• Albert: Every group starting up now is tackling issues from technology, policy and adoption perspectives.  This may create some confusion.
• We hope this will be resolved in time as more guidance is available
. Coordinated overlap is OK at this stage 

  Baseline Expectations issue on signing requests and validating signatures and SAML metadata

• There is an issue in SAML metadata about signing requests and validating signatures that likely needs to be patched/ clarified.
• There is a flag in SAML metadata to indicate if you want SAML assertion to be signed 
• That flag is not being used in InCommon
• Default is false (we don’t need you to sign)
  • Mike Grady noted that this is not really a correct interpretation of the meaning of that flag, that flag pertains to signing the assertions within the response, there is still signing of the response which is the default (at least in the Shibboleth IdP).

New REFEDS subcommittee 

• Subcommittee of REFEDs schema board is starting up
• W3C Verifiable Credentials (VC)  subcommittee will look at how to map data 
• Signup for the subcommittee  is here: https://wiki.refeds.org/display/STAN/VC+Subcommittee

Next CTAB call:  Tuesday, August 13, 2024