Date: Fri, 29 Mar 2024 02:10:33 +0000 (UTC)
Message-ID: <1942588160.7405.1711678233075@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7404_1247305029.1711678233072"
------=_Part_7404_1247305029.1711678233072
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
&nbs=
p;
CTAB Call Tuesday October 19, 2021=
span>
Attending
- David Bantz, University of Alaska (cha=
ir)
- Brett Bieber, University of Nebraska (=
vice chair)
- P=C3=A5l Axelsson, SUNET =
span>
- Rachana Ananthakrishnan, Globus, Unive=
rsity of Chicago
- Ercan Elibol, Florida Polytechnic Univ=
ersity <=
/span>
- Eric Goodman, UCOP - InCommon TAC Repr=
esentative to CTAB
- Meshna Koren, Elsevier
- Jon Miner, University of Wisc - Madiso=
n
- Andy Morgan, Oregon State University
- John Pfeifer, University of Maryland&n=
bsp;
- Chris Whalen, Research Data and Commun=
ication Technologies &n=
bsp;
- Kevin Morooney, Internet2
- Ann West, Internet2 <=
br>
- Albert Wu, Internet2
- Emily Eisbruch, Internet2 <=
/span>
Guest=
- Kyle Lewis,&=
nbsp;contractor working for NIAID (National Institute of Allergy and Infect=
ious Diseases)
<=
/span>
Regrets
- Richard Frovarp, North Dakota St=
ate
- Dave Robinson, Grinnell College in Iow=
a, InCommon Steering Rep, ex-officio
- Jule Ziegler, Leibniz Supercompu=
ting Centre
- Robert Zybeck, Portland Community Coll=
ege
- Tom Barton, Internet2, ex-officio
<=
/span>
- Johnny Lasker, Internet2
Discussion
Update on Baseline E=
xpectations V2 (BEv2):
- As of Friday, Oct 15, 2021, 77%=
of organizations are meeting BEv2 (this does not take SSL score into consi=
deration)
- Graph on wiki is updated every Monday=
using data from Friday
- http=
s://spaces.internet2.edu/display/be
- 170 orgs do not yet meet BEv2 (this d=
oes not take SSL score into consideration)
- There is now a link to a public wiki =
page showing each organization=E2=80=99s status
- http=
s://spaces.at.internet2.edu/display/BE/be2-adherence-by-org
- We will start to look at each of the =
170 orgs not meeting BEv2
- We may want to prioritize some of the=
170 orgs for outreach
- Can sort on Higher Ed orgs versus Com=
mercial orgs
Messaging and outreach
- In November 2021, plan to change tone=
of the messaging, to something like:
- By <date> if you don=E2=80=99t =
meet BEV2, it will be escalated to InCommon Steering, with potential conseq=
uences including eventual removal of entity from InCommon Federation=
- We will start tracking email bounces =
of the notification emails to InCommon orgs not meeting BEv2
- Site admin at U Nebraska had assumed =
the Service Providers were also getting contacted with emails about BEv2
- Also, we are not contacting the deleg=
ated admins
- Suggestion to modify the messag=
ing to explain who is getting the email notifications about BEV2
Extension Requests
- There will be a form to request an extension for meeting BE=
v2
- Hope to publish the request for exten=
sion form in early December
BEv2 dispute resolution docket
- Albert has begun the BEv2 dispute res=
olution docket spreadsheet
- List of all outstanding organizations=
, allowing us to do tracking
- Will update the docket every Monday w=
hen we update the graph on the wiki
- If you want access to the dispute res=
olution spreadsheet, inform Albert
=
Nominations for CTAB=
- The opportunity to serve on CTAB was publicized at CAMP<=
/li>
- See announcement and application form on InCommon websit=
e:
- So far, there is one nomination, an i=
ndividual Brett encouraged
- Albert knows of another person who pl=
ans to nominate themself
- CTAB charter allows up to 13 members<=
/span>
- We have 13 members currently
- 3 CTAB members terms are ending this =
year
- 1 will not be returning
- Another person intends to renominate =
themself
- At end of 2022, there will be more CT=
AB members with terms ending
Plan for Tabletop Exercise for SIR=
TFI, (Kyle Lewis)
-
- IBRSP (International Biomedical R=
esearch Support Program) is required to conduct an=
nual exercises training on the Security Incident Response Plan (FISMA requi=
rement) =E2=80=A8
- IBRSP is part of InCommon; InCommon Baseline requires Sirtfi compliance=
. =E2=80=A8
- Therefore, Sirtfi part of the =E2=80=9Ccyber security fabric=E2=80=9D. =
=E2=80=A8
- Kyle has spoken at various events rec=
ently including CAMP/ACAMP and has proposed to In=
Common to run SIRTFI exercises
- Requesting from CTAB to support/sanct=
ion the SIRTFI exercise effort and charter a working group
- Meshna supports this and comments tha=
t a standard recommendation on what to log for SIRTFI, =
span>and what info to exchange after an event,&nbs=
p;would be a welcome outcome of this exercise, It is not clear to an SP what data should be shared with an IdP (=
and vice versa) for the other party to be able to identify an individual cr=
edential or a specific session. If we had a standard piece (one or more) of=
data that is agreed upon to being logged for the purpose of SIRFTI then th=
e exchange would have been much simpler. &n=
bsp;
- Andy Morgan supports this
- Brett: supports this, practice will b=
e very helpful, higher visibility will be good
- AnnW: this SIRTFI exercise is a great=
idea, InCommon should support this
- Messaging will be important, to stres=
s that the exercise will help you, it=E2=80=99s not a test
- Not pass fail
- DECISION: CTAB supports this =
effort
- Should CTAB lead this and charter a w=
orking group? YES
- Other groups need to be involved,
- We should reach out to the other grou=
ps to have a call about the SIRTFI exercise effort
- This may be better as a broad collabo=
rative working group supported by multiple organizations.
- Charter could include membership from=
other organizations
- It will help to be explicit on the go=
als we want to achieve.
- Is one of the goals to inform t=
he SIRTFI working group on improvements to SIRTFI? This could help dr=
ive participation.
- Kevin: principle of keeping it action=
able is good
- Figure out who we need from the other=
organizations
- There have been some SIRTFI exercises=
in Europe
- https://aarc-community.org/wp-content/uploads/2019/03/AARC-I051-Guide-to-F=
ederated-Security-Incident-Response-for-Research-Collaboration.pdf
- Kyle has spoken with Hannah Short
- AI Albert and David B will organize a meeting to move this SIRTFI exerc=
ise effort forward
DID NOT COVER THESE TOPICS
- CAMP/ACAMP follow up / debrief: what we=
re your takeaways? What should/can CTAB do next?
- REFEDS MFA Subgroup update
- Federation Testing WG
Next CTAB call: Tuesday, =
Nov. 2, 2021
------=_Part_7404_1247305029.1711678233072--