2018-April-25

Notes  of CTAB Call of 25-April-2018

Attending

• Brett Bieber, University of Nebraska (chair) 

• Mary Catherine Martinez, InnoSoft (vice chair) 

• David Bantz, University of Alaska 

• Tom Barton, University Chicago and Internet2 

• Chris Hable, University of Michigan 

• Ted Hanss, University of Michigan 

• Jon Miner, University of Wisc - Madison 

• Ann West, Internet2  

• Emily Eisbruch, Internet2    

• Nick Lewis, Internet2  

• Kevin Morooney, Internet2,  

Regrets

• Joanna Rojas, Duke regrets

• Chris Whalen, National Institute of Health  

Action Items from April 25 call:

• AI Brett will resolve remaining comments in the Community Consensus Process Doc

• AI Brett author blog for privacy policy guidance  

• AI Brett author blog for logo guidance  

• AI David Walker update the Federation wiki re privacy policy and logo info (once the guidance is final). These will be linked from the BE FAQ

Updates on older action items: 

• AI Tom, Mary Catherine and ChrisH will participate in conversation with InCommon Ops on cycle times for escalating health check failures 

  • Update: call scheduled for April 26

• AI Brett, David, and Ann will work on scoping the privacy policy guidance effort. ChrisW will help moving forward  

  • Update: there is a Google doc with FAQ questions about privacy policy guidance   

  
  

DISCUSSION 

 Baseline Expectations

• Community Consensus Process Doc 

•  Community Consensus Process Doc should go into Trust and ID doc repository, once approved. Emily has assigned a doc repository ID : TI.107.1

• AI Brett will resolve remaining comments in the Community Consensus Process Doc
  

• Process to maintain Baseline Expectations is already in doc repository:  http://doi.org/10.26869/TI.105.1

• Includes dispute resolution process 

Logo Guidelines: 

• Thanks to ChrisH and Brett for their work on this

• Looked at SAML2int guidelines around logos

• Nothing in the logo guidelines is in conflict with what’s advised in SAML2int

• MC: it was not hard to obtain logos for the most part in her work as an InCommon service provider

• The logo guidelines should go on the wiki.  No need for a Doc Repository ID

• Include popup info on the federation manager about the logo field.

• Perhaps update the health check email? Or if it already links to the FAQ  and the FAQ includes the logo guidance, that is fine

• Socialize using  a blog post,

• Include in  the health check email a statement that we update the FAQ often.

• Suggestion to add links to the Federation Manager and baseline emails

Privacy Policy Guidance

• David Bantz suggests we address the question on “why are we requiring a privacy policy” .  Indicate this is a first step. We will probably need a future step of making privacy policies more  available / useful to end users

• Where will this be published? Add it to the baseline expectations FAQ page….   Link to it from Federation Definition page perhaps

• Privacy Policy Guidance will not need a doc repository ID

• Should be socialized using a blog post  

• AI Brett author blog for privacy policy guidance  
• AI Brett author blog for logo guidance  
• AI David Walker update the Federation wiki re privacy policy and logo info (once the guidance is final). These will be linked from the BE FAQ
• AI Check w InCommon Ops on incorporating the info appropriately into the health check emails.

COmanage

• Ann noted that the processes around community consensus/dispute resolution will benefit from the COmanage process which is being implemented within Internet2 to help facilitate collaborations
• Ann has asked Chris Hubing and Paul Caskey to look at the community consensus work and the process. 
• We should talk thru this on a future CTAB call.
• Bill Kaufman may do a COmanage demo for this group in the near future

Staffing

• Internet2 has posted  a Federation Service Manager job. This new hire should start this summer if possible. Could potentially help with community dispute resolution process.
• Internet2 is also hiring a support engineer for trust and identity. Both new hires are due to the InCommon Fee Increase that was approved starting in 2017.
• https://workforcenow.adp.com/mdf/recruitment/recruitment.html?cid=86f9419e-52c4-4ffd-80f8-cfbda5ad990e&ccId=19000101_000001&type=JS&lang=en_US

FICAM / OMB

• TomB: We transitioned from AAC to CTAB with intention to spend more time on baseline expectations and less time  on the FICAM certifications (bronze and silver profiles). 
• History is that bronze and silver certifications were never required by the federal agencies. 
• NIST recently revised the FICAM standard to produce version 3.   
• There are requirements around procurements in version 3. 
• Less value to Research and education in version 3.
• TomB has discussed paths forward in his role as a member of the Kantara board. https://kantarainitiative.org/trustoperations/arb/
•   recent developments likely do NOT threaten the use of InCommon credentials to access federal agencies without using bronze and silver

• FICAM program now focuses on commercial users of a federal agency.  
• But higher ed users of federal agency services don’t need a heavyweight compliance  framework.
• Should CTAB provide feedback to OMB? Or join with Kantara’s response?
• TomB: We have overlap with Kantara, but also some separate, distinct interests. 
• Suggestion that we wait to see what Kantara develops and then decide how to proceed.

Monthly Assurance calls (to be discussed at future call)

• Should we try to continue monthly assurance calls?
• These monthly calls are mentioned in the “Stay Informed’ Box on the right on the Assurance wiki:
• https://spaces.at.internet2.edu/x/4SM

CTAB Meeting at 2018 Global Summit, Wednesday, May 9, noon-1:00PM

• This will be a closed meeting for CTAB members