Child pages
  • 2021-July-13 CTAB Public Minutes

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CTAB Call Tuesday July 13, 2021


Attending

  • David Bantz, University of Alaska (chair)  
  • Richard Frovarp,  North Dakota State  
  • Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
  • Andy Morgan, Oregon State University  
  • Chris Whalen, Research Data and Communication Technologies  
  • Jule Ziegler,  Leibniz Supercomputing Centre  
  • Tom Barton, Internet2, ex-officio 
  • Johnny Lasker, Internet2  
  • Albert Wu, Internet2  
  • Emily Eisbruch, Internet2  

 Regrets: 

  • Meshna Koren, Elsevier
  • Jon Miner, University of Wisc - Madison
  • Brett Bieber, University of Nebraska (vice chair)
  • Pål Axelsson, SUNET
  • Rachana Ananthakrishnan, Globus, University of Chicago  
  • Ercan Elibol, Florida Polytech Institute
  • John Pfeifer, University of Maryland  
  • Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
  • Robert Zybeck, Portland Community College
  • Kevin Morooney, Internet2
  • Ann West, Internet2

 

Discussion

 Intellectual Property reminder

Baseline Expectations version 2 (BEV2) Closing Activities and Timing

  • Agreed to  move forward  with Monday July 19 for adoption of Baseline Expectation V2
    • InCommon staff will Update the InCommon Website
    • Replace with new Baseline Expectations text
    • InCommon Federation will switch to enforcement mode
    • Entities will need to meet BEv2 to be submitted
      • Does not impact existing entities that are not “touched”
    •  InCommon Federation Manager will get updated with greater clarity around encryption
  • NIH Requirements 
  • Next Phase for BEv2
    • After July 16 we begin next phase  
    • Assemble list of non adhering entities (list already exists)
    • Need to schedule and conduct office hours, this will help organizations not in compliance
    • Office hours suggested for August, September, October  and November
    • Suggestion to hold office hours on the alternate weeks from CTAB meetings (Tuesdays at 1pm ET)
    • Albert: Internet2 Marcomm group is ready to help CTAB publicize BEv2 and funnel those with issues to office hours 
    • August 2021 - begin publishing list of non adhering entities
      •  may want to revisit this if list continues to be very large
    • Perhaps publish list of organization that are adhering, at least to Site Admins and Execs
    • August 2021 - resume bi weekly notifications with a new message, more targeted
    • September 2021 - start tracking using ? pages, once the list is down to 100 or fewer
    • Last time, for BEV1, we created wiki pages and assigned them to CTAB members to contact non adhering organizations
    • Do not want to begin that with a list over 100
    • October 2021 - engagement begins

  •  Extensions for BEv2
    • For BEv1, we posted a web form where orgs could request an extension, for after Dec 2021 
    • Albert has received emails stating that organizations can’t adhere to BEv2 by July 19 but do plan to adhere to BEv2 by end of summer 2021
      • Extension Request Form will be available when CTAB starts nudging outreach
    • Concern about hard deadline right before the winter break
    • For BEv1, there was a December 2018 deadline, but  CTAB did not suggest to InCommon Steering to remove any entities until February 2019

  • SIRTFI and BEv2
    • It was noted that SIRTFI is fuzzier than the other new BEv2 requirements
    • TomB: From the point of view of the SIRTFI working group, the degree to which SIRTFI requirements are met is a business decision.  It is rare for everything to be perfectly implemented at all times.  It’s about due diligence

  • Wiki Updates and other communication
    • Albert : we will continue to refine the wiki
    • Albert will publish the next steps on a wiki page for the community
    • Albert is working with Internet2 Marcomm on case studies, showing solutions to issues in fulfilling BEv2
    • There will be a communication on July 17, stating we have transitioned to BEv2

  • More on Next Steps for BEv2 
    • Generally follow processes/flow from BEv1 closing
    • Revive community dispute docket described here: https://www.incommon.org/federation/dispute-resolution/
    • Develop next round of notification email templates
    • Get ready to publish non-adhering entities/orgs
    • Ready extension request submission/tracking
    • Schedule office hours (for Fall and Winter, monthly?)
    • On July 19 - officially publish BE2 text on web site
    • TBD: how will we actually measure “Encryption” when it comes to entity removal time, what are the operational implications of each option?


Assured Access Working Group

Note from Brett B - I’ve tried to incorporate the feedback from the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation consultation. If others could review the document’s recent changes and let me know if there’s anything else yet to incorporate, that would be great. Next steps would be to finalize the document and announce the final version. I can work on that next week if there’s no additional changes.

  • Assured Access Working Group Wiki 
  •  Consultation on REFEDS Assurance Framework Implementation Guidance for the InCommon Federation closed June 25, 2021
  • Logistics on CTAB approval for report after the consultation has been completed. InCommon TAC uses this procedure:
    • when there’s a community consultation, and the consultation ends,  InCommon TAC just accepts or rejects.  
    • best process: don’t make new changes after consultation, just make changes suggested during the consultation.  
    • Brett has made the suggested changes from the consultation already.
    • This document is critical for the NIH requirements.
    • If this document is good enough, sufficient, the CTAB should likely move it along.

  • Importance of LOCAL-ENTERPRISE
    • Note: It is still being decided which NIH services will be part of the new NIH requirements framework  
    • Part of the challenge is to present something that the majority  of federation participants can assert.
    • Some chicken and egg.
    • Value of interest is LOCAL-ENTERPRISE  
      • There is a big gap between level 1 and level 2. Most services are somewhere in between.
      • LOCAL-ENTERPRISE is to fill the gap
      • LOCAL-ENTERPRISE is runtime measurable
    • Today, no organizations assert  LOCAL-ENTERPRISE. 
    • We want to get InCommon participants to start asserting LOCAL-ENTERPRISE. Should be straightforward.
    • We may want to add assertion of  LOCAL-ENTERPRISE into Baseline Expectations as implementation guidance

  • It is important to finalize/publicize the “REFEDS Assurance Framework Implementation Guidance for the InCommon Federation” report in advance of the September 15 NIH deadline.
  • Next Steps for REFEDS Assurance Framework Implementation Guidance for the InCommon Federation 
    • CTAB hopes to vote to accept the REFEDS Assurance Framework Implementation Guidance for the InCommon Federation at next CTAB meeting, July 27, 2021
    • ChrisW will not be present at the CTAB meeting on July 27. ChrisW votes now to approve the report, since Kyle has been heavily involved


2021 NSF Cybersecurity Summit FYI

Next CTAB call: Tuesday, July 27, 2021