CTAB Call July 9, 2024

Attending

• Warren Anderson, LIGO
• David Bantz, University of Alaska (chair)
• Tom Barton, Internet2, ex-officio
• Gabor Eszes, Univ of Virginia (rep from CACTI) 
• Richard Frovarp,  North Dakota State
• Mike Grady, Unicon  
• Johnny Lasker, Internet2
• Kyle Lewis,  Research Data and Communication Technologies 
• Ryan McDaniel, University of Alaska Anchorage
• Jon Miner, University of Wisc - Madison (vice chair)  
• Kevin Morooney, Internet2
• Albert Wu, Internet2 
• Emily Eisbruch, Independent, scribe  

Regrets

• Pål Axelsson, SUNET   
• Scott Green, Eastern Washington University
• Christopher Keith, Brown University
• Matt Eisenberg, NIAID 
• Ercan Elibol, Florida Polytechnic University 
• Andrew Scott, Internet2
  Ann West, Internet2 
• Rick Wagner, UCSD
• Kathy Wright, Clemson, InCommon TAC rep to CTAB

Discussion

• Intellectual Property Reminder  - All Internet2 activities are governed by the  Internet2 Intellectual Property Framework.
• Public Content Notice  - CTAB minutes are public documents. Please let the CTAB and note taker know if you plan to discuss something of a sensitive nature.

Working Group Updates

• InCommon Steering: updates on BaseCamp (“hitting the mark”), TNC;
      I2 staff updates on activity stream* of InCommon Futures2, Certificate Service;
  • Kevin: We have engaged a consortium called IDEA, with 25 institutions, started in Great Plains.  IDEA does course sharing.  Marc Walman and Brett Beiber are involved.  We have been engaging the leadership. Met with Uber Cabinet, (like Steering) , deans and associate deans from various institutions
  • We want all IDEA course management systems to be SPs in InCommon to make participation in the IDEA consortium more seamless
  • All HE institutions have instructional needs
  • We hope to reposition InCommon in marketing and branding
  • Internet2 Community Engagement team engaged Gravity Global to help 
    •    Ann West is working on this

• SITRFI
  • on summer pause; will reconvene 15 Aug
    
    
• CACTI
  • Didn't meet in June
    
    
• Assured Access Working Group 2 https://spaces.at.internet2.edu/display/aawg/2024+Assured+Access+Working+Group
  • had our kickoff meeting two weeks ago; meeting again this we

• InCommon Operations
  • • Getting InCommon site admins onto the new platform
           

TNC / REFEDS meeting impressions  - Albert

• Meeting was in Rennes, France, from June 10–14, 2024
• https://tnc24.geant.org/about/
• TNC is European counterpart to Internet2 TechEx
• TNC focuses on people gathering and networking 
• Relatively few sessions compared to TechEx, many side meetings
• TNC cohosts REFEDs (TechEx also cohosts REFEDs)
• TNC lightning talk by Mathew Economou on SIRTFI exercise 
• Kudos to Kyle and Mathew 
• Edugain is starting to pilot  OpenID federation 
• The session T&I ON THE FLY WITH GUY was interesting. Davide Vaghetti (GARR) talked about the plan to pilot the federation in edugain  
• https://tnc24.geant.org/sessions/#s560
• Community is moving becoming more multi protocol
• Digital Wallets were a topic, though there was no dedicated session on Digital Wallets
• REFEDS meeting was only half day   
  
  • ​​https://refeds.org/meetings/48th
  • Albert did an InCommon update
  • Albert chatted with the Seamless Access team on how the Seamless access discovery service might progress

• Albert had good conversation with the Chinese delegation at TNC
• Japanese delegation is interested in SIRTFI participation 
• Some uncertainty from Chinese on why we care so much about identity proofing
• Also, there are cultural differences around participation. In our community everyone who shows up is welcome to participate. In China, an explicitly invite is expected

Suggestion for future work of CTAB: Bridge concepts of scalable trusted exchange of information (lofty, generic, philosophical) to operational needs (business practices, encoding, protocols, configuration).

• • Federation is the concept that needs curation: careful specification and supporting notions. Applies to on-campus, 1:1, and R&E/national federations.
  • Needs such as assurance, agreement on attribute semantics, will have different implementations depending on choice of products and protocols.
  • What mechanisms could replace our “enforcement” by InC membership?
  • Value proposition to campus IT is that these standards and expectations will streamline software integrations and make them more robust.
  • Edugain is configuring OPEN ID Federation in parallel to SAML Federation 
  • We should abstract what is valuable about SAML
  • We want to position InCommon so the community is motivated to adopt best practices.
  • InCommon often highlights the difference between multi lateral and bilateral federation. We sometimes tend to dismiss bilateral federation as out of scope.  But bilateral federation is widespread and important.  We need to reconcile that. Explain how to do both. 
  • Need to explain federation expectations / best practices in a document that is a helpful point of entry
  • InCommon TAC is going thru a similar exercise of looking at its mission in light of InCommon Futures2
  • Need more deployment guidance for the community
  • (Eduperson is not easy if you do not know LDAP)
  • There is little consistent info on how to use the eduperson attributes
  • If we fill in the gap we are providing a natural extension to baseline expectations
  • We have a broad, global community
  • When we try to become more explicit, there is pushback
  • But unless we become more explicit, we don’t have a way to convince newcomers to do things in the right way
  • There are about 40 spec documents currently
  • It’s too much for a newcomer
  • We are specific on REFEDs assurance framework, need to be specific on more topics
  • There are numerous Personal Information frameworks, including
    •   eduPerson
    •   SCHAC
    •   voPerson
    •   SAML subject identifiers
  • There are numerous transport specs
  • There are numerous docs around policy and practice (Baseline Expectations, SIRTFI, SAML2int, REFEDs assurance framework etc)
  • David: this work of providing clearer guidance is daunting, but essential 
  • InCommon could potentially help with certificate rollover
  • Big Ten CIC Cookbook is a helpful reference, deals with how to do Identity management well, around cloud
    • The PDF version: https://btaa.org/docs/default-source/technology/the-cloud-services-cookbook5eee.pdf?sfvrsn=b0fb707_2
    •  from BTAA 
  • Richard: Suggestion to create doc that layers information and versions it
    
  • Warren: As an SP, I need to know the level of identity proofing
  • Albert: Newer SPs sometimes don’t understand the challenges and ask for the highest level of identity proofing even if they don’t really need it

Next CTAB Call: Tuesday, July 23, 2024