CTAB Call October 29, 2024

Attending

David Bantz, University of Alaska (chair)
Tom Barton, Internet2, ex-officio  
Gabor Eszes, Univ of Virginia (rep from CACTI)   
Richard Frovarp,  North Dakota State  
Mike Grady, Unicon   
Scott Green, Eastern Washington University
Kyle Lewis,  Research Data and Communication Technologies  
Jon Miner, University of Wisc - Madison (vice chair)  
Kathy Wright, Clemson, InCommon TAC rep to CTAB 
Kevin Morooney, Internet2   
Ann West, Internet2  
Albert Wu, Internet2   
Emily Eisbruch, Independent, scribe 

Regrets

Warren Anderson, LIGO
Pål Axelsson, SUNET 
Matt Eisenberg, NIAID 
Ercan Elibol, Florida Polytechnic University 
Christopher Keith, Brown University
Ryan McDaniel, University of Alaska Anchorage
Rick Wagner, UCSD  


Pre Reads

Discussion

  • Public Content Notice  - CTAB minutes are public documents. Please let the CTAB and note taker know if you plan to discuss something of a sensitive nature.

Working Group Updates

    • SIRTFI Exercise Working Group
      • Phase 1 (Communications check with security contacts) passed, 15/15 organizations
      • Phase 2 (exercise point of contact training/orientation) in progress next 2 weeks

    • Assured Access Working Group v2 
      • work continues … ~80% progress

    • InCommon TAC
      • Federation Proxies working group,
        • report should be ready for review by TechEx
        •   Following AARC blueprint, focus on infrastructure proxies, providing guidance, with community proxies it gets more complex, more work is needed
      • SAML Subject ID Deployment Guidance working group,
        • report should be ready for review by TechEx
        •  Looking at launching this as part of attribute bundle deployment
        •  How do IDPs and SPs migrate, could be complex on SP side
        •  SWAMID testing tool may be helpful
        •  IDP: Finding right identifier and defining and supporting it
        •  SP: need to support old and new identifiers, can be complex
        •  Need to help people understand when to use which attribute
        •  EBSCO Publishing platform has been helpful

    • REFEDS Updates
    • REFEDS Working Groups 
      • Framework Registration”  
        • looking for a way for an SP to know what features an IDP supports before the user signs in,
        • need to navigate ambiguities and inconsistencies of REFEDs specs,
      • TrustInfo - entity filtering specification proposed by Seamless access to do IDP filtering. A publisher is interested. 
      • Metadata about Federation
        • this is edugain’s attempt to identify what data to gather from federations
      • Verifiable Credentials Subcommittee (https://wiki.refeds.org/display/STAN/VC+Subcommittee ) -
        • new REFEDs group, has met twice, looking for mappings between data attributes (eduperson) and trying to map that to verifiable credential digital wallet. 
        • It meets at inconvenient time for US time zones.  
        • https://wiki.refeds.org/display/STAN/Meetings
      • Standards and REFEDs
        • question of what is REFEDs
        • original charter did NOT define REFEDs as a standards body, yet we collectively rely on REFEDs for specs.
        • A conversation on that is needed, see TechEx REFEDs meeting
          • Monday 12/09/2024   
8:00 am - 11:30 am  
 
        • One issue is that there is not enough involvement and contribution from the community.
        • Same 5 people in most REFEDs working groups.
        • Nicole Roy and Albert are the primary two InCommon people on the REFEDs work.
          • Might need to look at that as CTAB plans 2025 priorities

 InCommon Interoperability Expectations Planning Working Group

  •   [google drive folder] [charter]
    • Gabor is working group chair, David co-chair
    • Group has met twice, with good participation
    • Started off as intentionally  vague
    • Nice to see the interest; People want to help figure out what this means for the community
    • Realization that the baseline expectations are barebones, bare minimum of what you need to do to remain part of InCommon Federation
    • There is a gulf between baseline expectations and what’s needed for truly interoperable trust federation
    • Hope to have a repeatable process to classify things that should be better defined
    • Hope to create a maturity model
    • This is a layer on top of baseline expectations
    • This layer will continue to evolve
    • Don’t want to define a static set of expectations that become obsolete
    • Need a path to evolve on a regular basis
    • Main task of this working group is to set up this ongoing process
    • As the community identities additional needs for high-level trust between participants, we need to identify how to implement with particular technologies
    • Can lead to different ways of doing the same thing
    • We should make a judgment call on the “right” way to implement a new need
    • Not a compliance framework, it’s a maturity map
    • Starting to step into integrations in the community, with different security requirements, we can’t stay at lowest common denominator, we need a roadmap
    • Biggest challenge with this effort and its continuation: control the intake funnel
    • Wishlist items and best practices both may make their way through this process of harmonization
    • A challenge could be lack of volunteers and resourcing for this effort
    • Need to design a system that can be fulfilled with the resources we can realistically field
    • Standards are fine, but unless they are adopted and practices, it’s pointless
    • Example: Error URL spec was not enforced
    • Engagement with the community that will need to respect these Interoperability Expectations is critical
    • There is the hope to have about 5 expectations coming out of this initial effort
    • Hope to create a framework that can be adopted by other bodies so they can also engage with the effort.
    • Intake process is important, we want to create a process where the community feels invited to submit ideas for potential expectations
    • For those not chosen to be implemented, we must respond to the submitter
    • We must also have a process to retire things that are no longer useful
    • Must have a structure in place
    • There is a silent expectation / assumption that we all use eduperson.
    • There is no such requirement for vendor products. 
    • Gabor: Community as a whole will benefit from this process.
    • Two more meetings of the InCommon Interoperability Expectations Planning Working Group before TechEx. All are welcome


NSF and requirement to use MFA


2025 CTAB Work Plan (did not discuss this on the call)

    • AAWG continuing through spring 2025
    • InCommon Expectations Planning - through mid-spring
    • InCommon Expectations next steps: summer - end of year.


Next CTAB Call: Wed. November 12, 2024

  

 

  • No labels