CTAB Call Sept 17, 2024


Attending

Warren Anderson, LIGO  
Pål Axelsson, SUNET  
David Bantz, University of Alaska (chair)  
Tom Barton, Internet2, ex-officio  
Gabor Eszes, Univ of Virginia (rep from CACTI)   
Scott Green, Eastern Washington University  
Kyle Lewis,  Research Data and Communication Technologies  
Ryan McDaniel, University of Alaska Anchorage  
Jon Miner, University of Wisc - Madison (vice chair
Kevin Morooney, Internet2
Albert Wu, Internet2  
Emily Eisbruch, Independent, scribe   

Regrets

Richard Frovarp,  North Dakota State
Mike Grady, Unicon 
Matt Eisenberg, NIAID 
Ercan Elibol, Florida Polytechnic University 
Christopher Keith, Brown University
Johnny Lasker, Internet2 
Rick Wagner, UCSD
Kathy Wright, Clemson, InCommon TAC rep to CTAB
Andrew Scott, Internet2
Ann West, Internet2 

Discussion

  • Intellectual Property Reminder  - All Internet2 activities are governed by the  Internet2 Intellectual Property Framework.
  • Public Content Notice  - CTAB minutes are public documents. Please let the CTAB and note taker know if you plan to discuss something of a sensitive nature.

Working Group Updates


  • CACTI  
    • Discussion on these topics
    •  1. Security collaboration w IAM , there is a draft google doc that will become a blog post
    • 2. Talent, sustainability, IDPro effort, exchange of talent at IDPro, hoping for continuity, looking at strategies
    • 3. Trusted access component guidance, there is a draft 
    • 4. OpenID Federation as a body of standards is looking to be relevant in near future. Some governments are looking at proof of concepts or mandating adoption of OpenID. 
      A mini effort to work on a position document to state our initial stance.  Then a longer-running working group likely to close the gap between our current set of standards and technologies and how they can be adapted.    (Gabor cautioned that CTAB and InCommon TAC are also looking at this.)  The work needs to get done.  Need to coalesce the right players around this idea.  
    • Gabor: CACTI also discussed post quantum cryptography
    • There is consensus to spin up a body to get a state of play to look at federation technology
    • Where new technologies are telling us we need to be
    • Some assume that SAML is not the future due to XML inc  
    • But what if that is not a forgone conclusion
    • How can we accommodate pressures
    • Technology for federated access
    • SAML doesn’t accommodate design concerns that weren’t known 20 years ago
    • There is no widely accepted body to go back and revise
    • We are on SAML 2.0
    • But instrumentation is not there
    • Instead of exploring how to change, it's easier to go to next thing on shelf
    • Many orgs are going thru same decision making independently
    • Hope to put this to paper
    • See what can be done
    • Tom: good idea in 2025 to delve more deeply into what a transition to OPENID federation would look like
    • Perhaps we join the edugain proof of concept or have something like that within InCommon
    • Pal: there are European discussions on OIDC Federation
      • There are Incubator projects looking at OIDC Federation within edugain
      • At hypothetical level, thinking about how to write a profile for edugain
      • To be discussed at TechEx
      • There are also discussions in Europe on digital wallets


  • InCommon TAC (Albert)
    • TAC is trying to organize members to read the latest NIST drafts
    •  Judith updated TAC regarding browser changes
    • Google dropped idea of eliminating 3rd party cookies
    • Use storage API instead of 3rd party cookies
    • Apple is becoming more participatory in the standards body


Tech Ex 2024 Planning

  • Makes sense to combine TAC and CTAB meetings at Tech Ex
  • May need a bigger room than originally requested
  • Working meetings spots are hard to schedule without running into conflicts
  • Decision: this should be an Open meeting, but state in description that it is Intended primarily for current members and those engaged in working groups of TAC and CTAB and CACTI. 


2025 CTAB Planning continued

InCommon Expectations Planning, plus follow on work

  •    how does CTAB plan to approach these?
    • OID-Federation - including OIDC/OAuth/wallets
      Albert: suppose we determine to “migrate” to an OID Federation,
      How could we make that work?
      Differences between OID-fed and SAML-fed based (partly) on “lessons learned” from pain points in SAML-fed
    • Need to educate ourselves on the above
    • Helpful demo earlier today
    • Some trust and policy issues are not addressed in OID Federation
    • Concept of “do we reboot SAML or move forward on OID Federation” is large
    • Workstreams have dependencies
    • What workstreams, focused groups, should be spun off?
    • Pal: things happening fast in different parts of the world
    • Tom: For 2025 workplan, CTAB should work with other groups, CACTI, TAC, InCommon operations, edugain
    • Working group / planning group does not need to have a single sponsor
    • Start with “what does implementation look like”, Understand the sticking points
    • Produce coordinated recommendations
    • Look at opportunities in OID Federation
    • Hope for concise distillation on what we care about in federation, how does OID Federation map to that set  of things we care about, how these map to SAML?
    • Important to look broadly and internationally
    • Kevin: there is much conversation on the future of research and education federation
    • Existential crisis potentially
    • Technology issue and more
    • SAML dead? Ethernet was supposed to be dead 25 years ago
    • Bilateral + Multilateral - “what does InCommon IAM include”?
    • Zero Trust (e.g. device level security / interaction between IAM and InfoSec)
    • Beyond 2025: CTAB’s mission and fit to InCommon Futures 2

Next CTAB Call: Tuesday, Oct. 1, 2024

  • No labels