Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Need to share the arc of CTAB and community work with other bodies who have a stake in the work.
  • Comment: this attempt to establish a cadence for the work is very helpful
  • Shib v2 versus Shib v3 issues are of great interest to the community
  • We need to be clear on how the Shib issues will be enforced
  • CTAB can’t enforce all issues on software version issues
  • Shib may be a special case where we DO get involved
  • Question: Does InCommon CTAB effort include verification ?
  • Answer: there are many issues InCommon won’t be able to verify, for example a recommendation to run up to date software
  • CTAB should look for ways to make expectations demonstratabledemonstrate-able
  • The baseline expectation for “generally accepted security practices” is not concrete, but CTAB will make refinements around requiring SIRTFI and one more thing????, etc.
  • What are the positive feedback loops we can establish?
  • Should  we require participants to report back software version of federating software
  • Question of how proactive CTAB should get in discovering failures to meet BE…
  • It’s possible to guestimate what version of Shib is being used by an InCommon participant, but do we want to get into that?
  • That will be part of the consensus process
  • Q: is the proposed arc of work a good start and should we start to socialize it with CACTI and InCommon TAC?
  • CTAB will try to make sure the consensus process is extensive, but only a fraction of InCommon participants will likely participate.  But let’s say 10% participate in initial conversations. Then we need to educate the other 90% and engage them and respect their cycle times.
  • Suggestion to publish the proposed work package at earliest possible moment, even if it covers things 12-18 months down the road.  To help education and inform the community.
  • More frequent smaller steps will be helpful versus bigger steps
  • Could have a schedule laying out  the timeline for new requirements….
  • So organizations can potentially  get ahead and handle all of the expectations in advance
  • Will need to provide  guidance on issues like add Error URL to Baseline Expactations
  • Need to explain how Error URL will be used
  • Similarly Baseline Expectations for MFA and R&S will include work between  the consensus and the work package
  • Issues around validation and verification will need to be planned and handled and communicated
  • Collaboration ready is key,  InCommon will need cloud services in good shape
  • Revisit the planning on the next CTAB call.


  • Added lower priority orgs and updated to show RA activities

  • CTAB assignment…

  • Albert is  moving the data to the wiki

  • There is updated info as of this morning

  • Doing pretty well for priority 2-5

  • In most cases there is someone working to get contact info where it is missing

  • There are some gaps

  • [AI] Albert will randomly assign CTAB members to work on the gaps, orgs where we don’t have a contact

  • For  priorities 7-8  there are more gaps

  • Question of how long RA (John Krienke’s group) work on an org before we move it along?

  • Suggestion to turn on required validation of the fields

  • First priority is having the right contacts

  • Should work towards a date by which this work package is concluded

  • FROM JAN 23, 2019 CTAB call: Suggestion to cut off the outreach effort in mid March 2019 timeframe