CTAB Call May 28, 2024

Attending  

• Warren Anderson, LIGO 
• Pål Axelsson, SUNET  
• David Bantz, University of Alaska (chair)    
• Tom Barton, Internet2, ex-officio 
• Richard Frovarp,  North Dakota State  
• Mike Grady, Unicon   
• Kyle Lewis,  Research Data and Communication Technologies 
• Johnny Lasker, Internet2  
• Emily Eisbruch, Independent  
• Albert Wu, Internet2     

Regrets:

• Ercan Elibol, Florida Polytechnic University 
• Matt Eisenberg, NIAID 
• Gabor Eszes, Univ of Virginia (rep from CACTI)   
• Scott Green, Eastern Washington University
• Christopher Keith, Brown University 
• Ryan McDaniel, University of Alaska Anchorage    
• Jon Miner, University of Wisc - Madison (vice chair)   
• Andrew Scott, Internet2 
• Rick Wagner, UCSD
• Kathy Wright, Clemson, (InCommon TAC rep to CTAB )  
  Kevin Morooney, Internet2  
• Ann West, Internet2 

Discussion

• Intellectual Property Reminder  - All Internet2 activities are governed by the  Internet2 Intellectual Property Framework.
• Public Content Notice  - CTAB minutes are public documents. Please let the CTAB and note taker know if you plan to discuss something of a sensitive nature.
• Agenda Bash

Working Group Updates

• CACTI

• • Discussion about InCommon Futures 2 and communication channels
  • Dmitri Zagidulin, from the Digital Credential Consortium, has joined CACTI

• eduroam Advisory Council

• •  David reached out the Brett B, chair, as they are looking at Baseline Expectations for eduroam. 
  • Albert noted there will be some collaboration between eduroam Advisory Council and CTAB
  • The eAC is just getting going on looking at baseline expectations 

• InCommon TAC

• • Federation Readiness Check WG: https://drive.google.com/drive/folders/1SmoYwAKaLojdWOHQfQkDQwASokSKkDRF

• • •  David will work with this working group effort
      
      
  • Deployment Guidance for REFEDS Entity Categories - consultation closed; WG addressing comments
    •   Many comments, doc has been updated
    •   TAC agreed to publish the updated version
    •   Albert has requested a DOI document ID 
      
      
  • TAC reactions to Futures2 five areas of work, will discuss further on an upcoming call
    
    

• SIRTFI 
  • nothing significant to report
  • today is 2nd script-writing session with WG
  • prepping for practice exercise for WG in June (this is for the WG)
  • train them on how to run the exercise)
  • will prep TTX call for participation to go out right after labor day weekend in September
    
    

Tribal Colleges and Universities Cyberinfrastructure Workshop updates

• This workshop was held in Tulsa May 14-16, 2024 https://lp.constantcontactpages.com/ev/reg/g5fy7zc/lp/2ab66db7-cd72-4493-9fa2-d1c79ec6ae2a
• Albert was one of the guests presenting about federated identity 

• Goal: help colleges develop IT strategic plan and build up cyber capabilities 
• Takeaways
• There are 38 total colleges 18? Colleges were In attendance 
• Many have about 100 -  200 students

• • Many are located in remote areas

• • Often they have insufficient bandwidth
  • IT teams are often between 1 and 5 staff for entire campus
  • Colleges are closely tied to the tribal councils
  • IT directors are closely connected to campus research initiatives 
    •   That can be a plus
  • SKC Salish Koonetai  https://www.skc.edu/  joined InCommon and has tested successfully
  • Turtle Mountain Community College is in talks with InCommon

• • Several others expressed interest

• We hope to help these institutions whether they join InCommon or not
• NSF CC* grant was represented at the conference
• There is an effort to help the tribal colleges apply for CC* grant funds
• Will there be work for CTAB?

• • • Perhaps not immediately. To help very small schools it’s important to make joining as a consortium more natural.

• • • Eduroam has a notion of “support organization.”  InCommon needs to develop this concept

• • • InCommon should likely promote the Service Provider side of the equation

Moving forward / Next steps on RAF2.0 Guidelines

• Kyle will work on spinning up a working group in June 
• Soliciting internal and external participation
• Guidelines for participants on using RAF
• New edition of: TI.157.1 (REFEDS Assurance Framework Implementation Guidance for InCommon Participants, recommendations section)
• The focus is on updating the Assured Access doc based on RAF2.
• Kyle: There is a chicken and egg problem with RAF2
• Those who conform to InCommon Baseline Expectations are in compliance with RAF2
• If signaling RAF2 becomes part of Baseline Expectations, this will help the process of moving the community forward
• Currently NIH/NIAID  Is not formally requiring RAF2 
• No service of NIH is requiring identity assurance
• Much distributed authority in NIH
• Albert: we focus a lot on getting the IDP to do things, we don’t often ask the SP to explicitly declare what they need, this leads to inconsistent behavior
• Should we ask SP to specify identity proofing needs?
• Asking about identity proofing needs will force the SP to think about identity assurance as an item they should care about.
•  This might create demand for IDPs to implement ??
• One strategy: InCommon could create expectation of federation operators to ask their SPs to specify identity proofing needs.
• Potential questions:
  • what level of MFA do you need for your operations?
  • What is needed for optimal experience for the end user?
  • What do you absolutely require?
  • What are the business requirements of your service?
• NIST requires AAL2
• NIH/NIAID accepts MFA profile
• LIGO experience: we would like assurance to be signaled, but we will step you up, using proxy
• It’s tricky to ask SPs what they need
• Note that MFA and RAF are different
• RAF does not have request mechanism from IDP at login, MFA does
• Europe tries to have IAP medium for every user
• There is step up 
• Having a “killer service” helps
• Albert: InCommon is about to move  site admin access to Federation Manager  to rely entirely on federated access, single sign on.
  
• Could make a case to demand IAL2, but it is a tall order to ask all IDPs to have two people to assert IAL2 or IAL high. 
• Thus starting by asking the IDP to ask its SPs probably makes sense.
• Albert: as part of operationalizing baseline expectations, we are requiring regular attestation of conformance with baseline expectations
• Step one is for an SP to articulate what they are looking for
• We provide a reasonable SP default setting, we can decide what attributes are required by default
• Start with positive gold star approach
• Put out communications stating “by meeting Baseline Expectations you can assert RAF2” 
• See if that gets the ball rolling
• Identity assurance in allocation of Zoom accounts is an interesting case study
• Discussion to be continued in future calls: query approach, badging approach, get community input on this

Next CTAB Call: Tuesday, June 11, 2024