Page History

CACTI call of Tuesday, Feb. 18, 2020

Attending

Members

• Tom Jordan, University of Wisc - Madison (chair) 
• Jill Gemmill, Clemson  (vice chair) 
• Marina Adomeit, SUNET
• Rob Carter, Duke 
• Matthew Economou, InCommon TAC Representative to CACTI 
• Michael Grady, Unicon 
• Karen Herrington, Virginia Tech   
• Christos Kanellopoulos, GEANT  
• Les LaCroix, Carleton College
• Chris Phillips, CANARIE 
• Bill Thompson, Lafayette College

Internet2 

• Kevin Morooney  
• Ann West  
• Steve Zoppi   
• Jessica Coltrin 
• Emily Eisbruch  
• Mike Zawacki

Regrets

• Margaret Cullen, Painless Security 
• Nathan Dors, U Washington  
• Nick Roy , Internet2

Discussion

Potential Collaboration with NET+ CSTAAC around cloud issues

• Goal is to advance the cause of multilateral HE federations with cloud providers
• Suggestion for CACTI to collaborate on this  with NET+  CSTAAC
  
  • NET+  CSTAAC is a sibling group to CACTI within NET+ Services. See info:  NET+ CSTAAC Working Group
  • Also NET+ BPLAC is another group of interest https://spaces.at.internet2.edu/pages/viewpage.action?pageId=154765376
•  A use case is observatory in Puerto Rico, published data in Azure; how to make the data available for access?
• Other groups of interest to potentially collaborate with on cloud issues in addition to NET+ CSTAAC
  • EDUCAUSE CCCG https://www.educause.edu/community/cloud-computing-community-group
  • Cornell Cloud Forum,  https://blogs.cornell.edu/cloudforum/ (Sarah Christen is on NET+ CSTAAC)
• ChrisP is interested in the cloud story both in Azure and AWS and is on the Azure Advisors group already.
• Next Steps : Other CACTI members interested in working on this issue, please let Tom Jordan know.

SameSite

• Thank you to those who participated in the timely work on the SameSite message.
• https://docs.google.com/document/d/1XtxhosyrcbZa-zyJEfLhnoCyU8k2kMIu-4HgrDKWRR8/edit
• InCommon TAC and CTAB reps, please relay our thanks to those members who participated, as well.
• (Note: Patrick Radtke from Cirrus Identity is not on a governance group but also participated).

EDUCAUSE Security Professionals

• Jill is on the planning committee for EDUCAUSE Security Professionals conference
• Planning for 2021 Conference of  EDUCAUSE Security Professionals,
• 2020 conference is already set https://events.educause.edu/security-professionals-conference/2020
• Trying to get IAM and Security communities to work a bit more closely. Please share ideas with Jill.
• Aligns with CACTI workplan goals on CISO engagement and training curriculum / onboarding new community members

IAM Online on Community Plans and Priorities for 2020.  Feb 12, 2020 -

• Tom Jordan presented on behalf of CACTI, along with chairs of InCommon TAC and CTAB. Slides and recording are available    

• Slides: https://incommon.org/wp-content/uploads/2020/02/IAMOnline-2020-02.pdf
  • See Slide #23 showing CACTI focused on outreach as priority for CACTI
• Recording https://www.youtube.com/watch?v=R4XjpaA_nzY&feature=youtu.be
  
  

2020 Workplan Continued

• Top-ranked items from the planning sheet:
  1. Value proposition to the CIO / IT / Research communities
  2. CISO engagement
  3. Training curriculum / recruiting + onboarding new community members
  4. Quickstarts / playbooks for Trusted Access Platform components
     
     

   Discussion on Workplan items

• Value Proposition
  
  
  • How to mold the message
  • Need to come up with message and figure out how to articulate it for various communities
  • If you had 15 minutes with your CIO… what are the big themes and do we have the supporting material?
  •   7 things the CIO and CISO need  to know about identity AI TomJ will start CACTI in doing some brainstorming on email.   (DONE)
  • REFEDS has done some related work  https://wiki.refeds.org/display/OUT/The+Value+Proposition+for+Identity+Federations

  • 
https://wiki.refeds.org/display/OUT/Promoting+Federations

    
• CACTI as an IAM evangelist discussion, continued
  
  
• CISO engagement

• Jill working with EDUCAUSE Security Professionals group
• REN-ISAC  https://www.ren-isac.net/ is another group to get involved with, they provide webinars 
• What should be the relationship between IAM and Security ?
• At Duke, the top 2 layers of management are now the same for IAM and Security.
  • If IAM is done right, this helps prevent security incursions.  
• More and more, IAM is coming under the CISO portfolio. 
• Could be helpful to evaluate the various models.
• Is there any risk to the collaboration or research priorities when IAM is under the CISO?
• Virginia Tech started  with IAM under Security office.
  • Then IAM was split out.
  • A reason to be separate  is to emphasize that IAM can enable the business and customers rather than be protective.
• Could develop 7 things the CISO should know.  TomJ will include that in his discussion started on the email list.

• Training curriculum / recruiting + onboarding new community members

• Quickstarts / playbooks for Trusted Access Platform components
• See slide 23 from Feb 12, 2020 IAM Online  https://incommon.org/wp-content/uploads/2020/02/IAMOnline-2020-02.pdf
• Suggestion to first identify the models of how IAM is handled (deployment patterns) .
• The stellar employee and best curriculum varies depending on the deployment pattern.  
• Best strategy and practices depends on models that an institution has for IAM on campus
  • buy versus build, cloud strategy, is IAM on the CISO portfolio or in enterprise application portfolio or standalone team, etc.
• Focus on 
• helping a hiring manager understand what skills to recruit for,
• where are the pools to recruit for
• how to bring new hires up to speed on how HE does IAM IT
• What does a stellar IT hire looks like?
• What does IAM curriculum look like?
• suggestion for 3-5 blog posts on themes of best practices to serve early participants looking for content
  • A report to CACTI might miss the mark, need to do community outreach
•  Conduct a survey ?
• What role could this Working Group play in helping to guide IdM as a core capability and discipline?
• Start with basic IAM questions and IAM best practices
• Parallel with ACI-REF  facilitating community where some resources were developed with NSF funding,
  • Jill will share some resources from that work.
  • https://ui.adsabs.harvard.edu/abs/2014AGUFMIN43A3677C/abstract
• Collaboration Success Program (CSP) touched on some of the same issues
  •  Would be good to harvest from CSP 
•  2019 ACAMP session around hiring challenges https://docs.google.com/document/d/1GtHjo00WdWAhNh6vz7nwxgDREIPtJ5J2VTOJWLmoXrE/edit
  
  
• Accreditation and badging could be part of the space
  • Story of an organization developing accreditation for Sysadmins. It did not go terribly well 
  • Encouraging the community to attend BaseCAMP will be helpful
  • InCommon is thinking of a certification for knowing how to install the InCommon Trusted Access software. Highly scoped curriculum.
  • For badges learn from GEANT.  Complement existing activities
  • Use the learning management system GEANT is developing? 
    
    
• AI Jessica will help a subset of CACTI to draft a Community working group on IAM recruiting and hiring
  
  • Possible temporary working group name:
    • Hiring For IAM working group or
    • IAM Journey working group
  • Suggestion to open membership to this new working group to the  community at large
  • would be helpful to have a rep from the GEANTT project.
  • charter should include timeframe and milestones
  • Chris P is interested in helping with this proposed working group

Next Meeting: Tuesday, March 3rd, 2020