Date: Fri, 29 Mar 2024 01:44:20 +0000 (UTC)
Message-ID: <719914775.7375.1711676660068@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7374_313041983.1711676660065"
------=_Part_7374_313041983.1711676660065
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
2022-April-19 CTAB Public Minutes
2022-April-19 CTAB Public Minutes
CTAB Call Tuesday April 19, 202=
2
Attending
- David Bantz, University of Alaska (cha=
ir)
- Jon Miner, University of Wisc - Madiso=
n (co-chair)
- P=C3=A5l Axelsson, SUNET
- Sarah Borland, University of Nebraska<=
/span>
- Richard Frovarp, North Dakota St=
ate
- Eric Goodman, UCOP - InCommon TAC Repr=
esentative to CTAB
- Andy Morgan, Oregon State University
=
li>
- Rick Wagner, UCSD
- Jule Ziegler, Leibniz Supercompu=
ting Centre
- Robert Zybeck, Portland Community Coll=
ege
- Tom Barton, Internet2, ex-officio here=
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2 <=
br>
- Ann West, Internet2
- Albert Wu, Internet2
<=
/li>
- Emily Eisbruch, Internet2 <=
/span>
Regrets
- Ercan Elibol, Florida Polytech Institu=
te
- Meshna Koren, Elsevier
- Dave Robinson, Grinnell College in Iow=
a, InCommon Steering Rep, ex-officio
- Chris Whalen, Research Data and Commun=
ication Technologies
Discussion
Working Group Updates=
p>
-
- REFEDS Assurance - no updates=
span>
- REF=
EDs MFA Sub Group
- Editing the proposed draft/ revision =
to the REFEDs MFA profile
- Hope to have draft for wider group to=
discuss in next weeks
- Discussion on balance between keeping=
the profile flexible and usable
=
- Want to be clear enough so implemente=
rs can make decisions that lead to basis for comparison
- Given strong authentication needs evo=
lving, how to prepare
- Is certificate authentication strong =
enough?
- What about MFA and Web Authn?<=
span class=3D"s7">
- Single or multi factor for authentica=
tion for Web Authn?
- What will be curation evolution proce=
ss
- MFA profile is de facto a proxy for q=
uality/strength of authentication
- What about, perhaps, an approach that=
is =E2=80=9Cstrong=E2=80=9D but not literally Multi-factor ?
- InCommon TAC Updates
- Focus on work plan items
- One topic is 3rd party certifiers
- What kind of mechanisms should be in =
place?
- Related to Trustma=
rks and tags
- Concept of how federation model works=
- Term: pixie dusting
- 3rd party interacts and can assert cl=
aim for an entity, instead of federation operator=
- Example is R&S
- Federation operator is not as deeply =
engaged in the research community
- So another authority might be able to=
vouch for a particular Service Provider
- Comes up in regional networking or sy=
stem wide scenarios; also comes up in seamless access community, for discovery lis=
ting
- NIH
- There will be a leadership exchange i=
n May 2022, Mike Tartakovsky and Chris Whalen will be speaking, will summar=
ize for the CIOs where we stand, and reinforce the ask
CTAB Work Plan
-
- Five items are now on the CTAB work p=
lan, other items have been moved to another document
- CTAB members, please to sign up for w=
ork plan items that interest you
C=
TAB TLS / Endpoint Encryption P=
roposal
- Several steps are outlined in the dra=
ft proposal, including outreach and eventually moving to dispute process
- Suggestion for eventually having a pu=
blic record if an entity is not meeting the encryption standard
- We would prefer listing entities with current action items pending and do =
not want to post a list of entities with any security vulnerabilities
- There is a recommendation for InCommo=
n operations to check as many elements are possible.
- Albert notes that this is in the work=
s.
- InCommon Operations hopes to periodic=
ally check all the elements that baseline expectations requires.  =
;
- Scaling and Workload concerns
- Currently over 1000 entities are not =
scoring A in SSL Labs scan
- This is not a one time issue, scores =
can shift, so think of this as an operational item
- Are we willing to remove from the InC=
ommon Federation an entity that does not get an A score?
- If we create exceptions / loopholes, =
it gets complex
- Dispute items would come to CTAB
- Eventually some will escalate to InCo=
mmon Steering
- See the community dispute reso=
lution process https://www.incommon.or=
g/federation/dispute-resolution/
=
span>
- Concerned about the consequence of&nb=
sp; triggering community dispute resolution
=
span>
- Question of scale, if there are more =
than a handful each month, will require much effort and time. Load/strain o=
n CTAB resources is a concern
- Suggestion that we consider this an a=
wareness raising campaign
- Education and advocacy are important<=
/span>
- CTAB may want to engage the community=
on this at some point.
Next CTAB call: T=
uesday, May 2, 2022
------=_Part_7374_313041983.1711676660065--