Date: Thu, 28 Mar 2024 13:32:16 +0000 (UTC)
Message-ID: <1063703856.6465.1711632736105@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_6464_2013063195.1711632736103"
------=_Part_6464_2013063195.1711632736103
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
&nbs=
p;
CTAB Call Tuesday, August 10, 2021
Attending
- David Bantz, University of Alaska (chair) &nb=
sp;
- Brett Bieber, University of Nebraska (vice chair)
- Rachana Ananthakrishnan, Globus, University of Chicago  =
;
- Ercan Elibol, Florida Polytechnic University =
- Richard Frovarp, North Dakota State
- Meshna Koren, Elsevier
- Jon Miner, University of Wisc - Madison  =
;
- Andy Morgan, Oregon State University
- Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, e=
x-officio
- Tom Barton, Internet2, ex-officio
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2
- Ann West, Internet2
- Albert Wu, Internet2
- Netta Caligari, Internet2
Regrets
- P=C3=A5l Axelsson, SUNET
- John Pfeifer, University of Maryland
- Chris Whalen, Research Data and Communication Technologies <=
/span>
- Jule Ziegler, Leibniz Supercomputing Centre
- Robert Zybeck, Portland Community College
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Emily Eisbruch, Internet2
Discussion
Recap of InCommon Steering update
- DavidB provided an update to InCommon Steering last week. =
span>
- Slides were emailed to CTAB.
- Highlights:
- We are ahead of where we were in the cycle with Baseline Expectat=
ions V1.
- We are approaching 80% compliance for BEv2
- On track to have almost complete compliance by the end of 2021.=
span>
- Will need to handle a small number of non complying entities at t=
he start of 2022.
- At some point in the future, probably in Baseline Expectations v3=
, CTAB will need to deal with entity categories and with Assurance=
li>
- KevinM: David B provided an excellent update to InCommon Steering=
, thanks.
BEv2 Office Hour August 3, 2021 - debrief
- BEV2 Office Hour went well
- Many questions about encouraging ADFS or Azure to join the =
InCommon federation
- ADFS:
- issue of policy issues&n=
bsp;of how organizations stand up IDPs
- Most using ADFS or Azure are running enterprise SSL solution
- ADFS working with Shibboleth
- Meshna: is the question around ADFS a technical question?<=
/li>
- Albert: there are several scenarios
- Issues w metadata because of how ADFS or Azure makes use of metad=
ata
- Compatibility with what federation requires
- Consumption of InCommon metadata becomes an issue
- How to =E2=80=9Cgrab=E2=80=9D the aggregates
- How entity ID is named
- Can=E2=80=99t choose entity ID in Azure
- Questions around MFA
- How to configure Azure to support REFEDS MFA profile
- Did not come up on this Office Hour call ..
- Question: should we talk with Microsoft about this?
- As InCommon Federation, could we be a good partner for a conversa=
tion w Microsoft
- TomB: many have tried over the years
- There have been some successes in the past
- The people at Microsoft who =E2=80=9Cgot it=E2=80=9D left M=
icrosoft
- Our Higher Ed community does not have enough influence currently<=
/span>
- It was noted that having common customers can sometimes help
- TomB: we would like to get Microsoft to enhance their products, b=
ut short of that, technology is available for bolting onto ADFS:
Summary
- There does not seem to be a lot of concern in the community=
around BEv2
- We expect that people will come to the final BEv2 Office hour, ju=
st before the deadline.
- Next BEv2 office hour is Tuesday, August 31, 2021
- We will have placeholder for office hour monthly, until end of De=
cember 2021
2021 NSF Cybersecurity Summit (Brett/Rachana)
- https://www.trusted=
ci.org/2021-cybersecurity-summit
- Rechana encouraged Brett to submit a proposal for 2021 NSF Cybers=
ecurity Summit
- The proposal has been accepted
- Closely related to Trusted CI https://www.trustedci.org/
- Proposal references our work with NIH
- This is an opportunity to expand the partnerships beyond the NIH,=
perhaps to organizations on NSF side
- Brett is interested in your ideas on what to include as part of a=
call to action
Walk through of =E2=80=9CI can=E2=80=99t meet SSLLab A requireme=
nt=E2=80=9D scenarios (Albert)
- Please chime in if you are aware of other scenarios or if you hav=
e other approaches to these scenarios
- There are various scenarios from organizations that can=E2=80=99t=
meet the grade of A at this time
- There are potential legitimate reasons for this situation<=
/li>
- How should we respond to these organizations?
- How do we manage exceptions?
- Scenarios:
- Scenario 1: Legacy Browser Support
- Scenario 2: Legacy Application/OS support (Backchannel)
- Scenario 3: External monitoring tool compatibility
- Scenario 4: Entity not testable
- Scenario 5: Load Balancer is handling SSL processing
For each scenario, what is the risk in granting a=
n exception?
- Comment: in each scenario, except Scenario 4, the organizat=
ion is increasing exposure to a range of risks because of one application. =
It makes sense to partition, to minimize=
the damage. We should likely ask for a plan around partitioning.
- Discussed scenario 1, Legacy Browser Support, on this call. Discu=
ss the other scenarios later.
- Ideally, we want an IDP to use BE requirements as an added incent=
ive to rally SP operator to update its application to support modern encryp=
tion.
- Further details are recorded in the Scenarios document
- All are encouraged to provide their ideas on the Scenarios docume=
nt
Resume BE2 Notifications (with minor wording updates)=
p>
- December 17 will be communicated as the deadline to meet Baseline=
Expectations v2.
- Schedule of additional BE2 Office Hours (Albert)
Not discussed on this call: Recruiting new members this Fall=
at CAMP
Next CTAB Call: Tuesday, Aug. 24, 2021
------=_Part_6464_2013063195.1711632736103--