- Need to share the arc of CTAB and community work with other bodies who have a stake in the work.
- Comment: this attempt to establish a cadence for the work is very helpful
- Shib v2 versus Shib v3 issues are of great interest to the community
- We need to be clear on how the Shib issues will be enforced
- CTAB can’t enforce all issues on software version issues
- Shib may be a special case where we DO get involved
- Question: Does InCommon CTAB effort include verification ?
- Answer: there are many issues InCommon won’t be able to verify, for example a recommendation to run up to date software
- CTAB should look for ways to make expectations demonstratabledemonstrate-able
- The baseline expectation for “generally accepted security practices” is not concrete, but CTAB will make refinements around requiring SIRTFI and one more thing????, etc.
- What are the positive feedback loops we can establish?
- Should we require participants to report back software version of federating software
- Question of how proactive CTAB should get in discovering failures to meet BE…
- It’s possible to guestimate what version of Shib is being used by an InCommon participant, but do we want to get into that?
- That will be part of the consensus process
- Q: is the proposed arc of work a good start and should we start to socialize it with CACTI and InCommon TAC?
- CTAB will try to make sure the consensus process is extensive, but only a fraction of InCommon participants will likely participate. But let’s say 10% participate in initial conversations. Then we need to educate the other 90% and engage them and respect their cycle times.
- Suggestion to publish the proposed work package at earliest possible moment, even if it covers things 12-18 months down the road. To help education and inform the community.
- More frequent smaller steps will be helpful versus bigger steps
- Could have a schedule laying out the timeline for new requirements….
- So organizations can potentially get ahead and handle all of the expectations in advance
- Will need to provide guidance on issues like add Error URL to Baseline Expactations
- Need to explain how Error URL will be used
- Similarly Baseline Expectations for MFA and R&S will include work between the consensus and the work package
- Issues around validation and verification will need to be planned and handled and communicated
- Collaboration ready is key, InCommon will need cloud services in good shape
- Revisit the planning on the next CTAB call.
Added lower priority orgs and updated to show RA activities
Albert is moving the data to the wiki
There is updated info as of this morning
Doing pretty well for priority 2-5
In most cases there is someone working to get contact info where it is missing
There are some gaps
[AI] Albert will randomly assign CTAB members to work on the gaps, orgs where we don’t have a contact
For priorities 7-8 there are more gaps
Question of how long RA (John Krienke’s group) work on an org before we move it along?
Suggestion to turn on required validation of the fields
First priority is having the right contacts
Should work towards a date by which this work package is concluded
FROM JAN 23, 2019 CTAB call: Suggestion to cut off the outreach effort in mid March 2019 timeframe