CACTI call of Tuesday, Feb. 18, 2020
Attending
Members
- Tom Jordan, University of Wisc - Madison (chair)
- Jill Gemmill, Clemson (vice chair)
- Marina Adomeit, SUNET
- Rob Carter, Duke
- Matthew Economou, InCommon TAC Representative to CACTI
- Michael Grady, Unicon
- Karen Herrington, Virginia Tech
- Christos Kanellopoulos, GEANT
- Les LaCroix, Carleton College
- Chris Phillips, CANARIE
- Bill Thompson, Lafayette College
Internet2
- Kevin Morooney
- Ann West
- Steve Zoppi
- Jessica Coltrin
- Emily Eisbruch
- Mike Zawacki
Regrets
- Margaret Cullen, Painless Security
- Nathan Dors, U Washington
- Nick Roy , Internet2
Discussion
Potential Collaboration with NET+ CSTAAC around cloud issues
- Goal is to advance the cause of multilateral HE federations with cloud providers
- Suggestion for CACTI to collaborate on this with NET+ CSTAAC
- NET+ CSTAAC is a sibling group to CACTI within NET+ Services. See info: NET+ CSTAAC Working Group
- Also NET+ BPLAC is another group of interest https://spaces.at.internet2.edu/pages/viewpage.action?pageId=154765376
- A use case is observatory in Puerto Rico, published data in Azure; how to make the data available for access?
- Other groups of interest to potentially collaborate with on cloud issues in addition to NET+ CSTAAC
- EDUCAUSE CCCG https://www.educause.edu/community/cloud-computing-community-group
- Cornell Cloud Forum, https://blogs.cornell.edu/cloudforum/ (Sarah Christen is on NET+ CSTAAC)
- ChrisP is interested in the cloud story both in Azure and AWS and is on the Azure Advisors group already.
- Next Steps : Other CACTI members interested in working on this issue, please let Tom Jordan know.
SameSite
- Thank you to those who participated in the timely work on the SameSite message.
- https://docs.google.com/document/d/1XtxhosyrcbZa-zyJEfLhnoCyU8k2kMIu-4HgrDKWRR8/edit
- InCommon TAC and CTAB reps, please relay our thanks to those members who participated, as well.
- (Note: Patrick Radtke from Cirrus Identity is not on a governance group but also participated).
EDUCAUSE Security Professionals
- Jill is on the planning committee for EDUCAUSE Security Professionals conference
- Planning for 2021 Conference of EDUCAUSE Security Professionals,
- 2020 conference is already set https://events.educause.edu/security-professionals-conference/2020
- Trying to get IAM and Security communities to work a bit more closely. Please share ideas with Jill.
- Aligns with CACTI workplan goals on CISO engagement and training curriculum / onboarding new community members
IAM Online on Community Plans and Priorities for 2020. Feb 12, 2020 -
- Tom Jordan presented on behalf of CACTI, along with chairs of InCommon TAC and CTAB. Slides and recording are available
- Slides: https://incommon.org/wp-content/uploads/2020/02/IAMOnline-2020-02.pdf
- See Slide #23 showing CACTI focused on outreach as priority for CACTI
- Recording https://www.youtube.com/watch?v=R4XjpaA_nzY&feature=youtu.be
2020 Workplan Continued
- Top-ranked items from the planning sheet:
- Value proposition to the CIO / IT / Research communities
- CISO engagement
- Training curriculum / recruiting + onboarding new community members
- Quickstarts / playbooks for Trusted Access Platform components
Discussion on Workplan items
- Value Proposition
- How to mold the message
- Need to come up with message and figure out how to articulate it for various communities
- If you had 15 minutes with your CIO… what are the big themes and do we have the supporting material?
- 7 things the CIO and CISO need to know about identity AI TomJ will start CACTI in doing some brainstorming on email. (DONE)
- REFEDS has done some related work https://wiki.refeds.org/display/OUT/The+Value+Proposition+for+Identity+Federations
-
https://wiki.refeds.org/display/OUT/Promoting+Federations
- CACTI as an IAM evangelist discussion, continued
- CISO engagement
- Jill working with EDUCAUSE Security Professionals group
- REN-ISAC https://www.ren-isac.net/ is another group to get involved with, they provide webinars
- What should be the relationship between IAM and Security ?
- At Duke, the top 2 layers of management are now the same for IAM and Security.
- If IAM is done right, this helps prevent security incursions.
- More and more, IAM is coming under the CISO portfolio.
- Could be helpful to evaluate the various models.
- Is there any risk to the collaboration or research priorities when IAM is under the CISO?
- Virginia Tech started with IAM under Security office.
- Then IAM was split out.
- A reason to be separate is to emphasize that IAM can enable the business and customers rather than be protective.
- Could develop 7 things the CISO should know. TomJ will include that in his discussion started on the email list.
- Training curriculum / recruiting + onboarding new community members
- Quickstarts / playbooks for Trusted Access Platform components
- See slide 23 from Feb 12, 2020 IAM Online https://incommon.org/wp-content/uploads/2020/02/IAMOnline-2020-02.pdf
- Suggestion to first identify the models of how IAM is handled (deployment patterns) .
- The stellar employee and best curriculum varies depending on the deployment pattern.
- Best strategy and practices depends on models that an institution has for IAM on campus
- buy versus build, cloud strategy, is IAM on the CISO portfolio or in enterprise application portfolio or standalone team, etc.
- Focus on
- helping a hiring manager understand what skills to recruit for,
- where are the pools to recruit for
- how to bring new hires up to speed on how HE does IAM IT
- What does a stellar IT hire looks like?
- What does IAM curriculum look like?
- suggestion for 3-5 blog posts on themes of best practices to serve early participants looking for content
- A report to CACTI might miss the mark, need to do community outreach
- Conduct a survey ?
- What role could this Working Group play in helping to guide IdM as a core capability and discipline?
- Start with basic IAM questions and IAM best practices
- Parallel with ACI-REF facilitating community where some resources were developed with NSF funding,
- Jill will share some resources from that work.
- https://ui.adsabs.harvard.edu/abs/2014AGUFMIN43A3677C/abstract
- Collaboration Success Program (CSP) touched on some of the same issues
- Would be good to harvest from CSP
- 2019 ACAMP session around hiring challenges https://docs.google.com/document/d/1GtHjo00WdWAhNh6vz7nwxgDREIPtJ5J2VTOJWLmoXrE/edit
- Accreditation and badging could be part of the space
- Story of an organization developing accreditation for Sysadmins. It did not go terribly well
- Encouraging the community to attend BaseCAMP will be helpful
- InCommon is thinking of a certification for knowing how to install the InCommon Trusted Access software. Highly scoped curriculum.
- For badges learn from GEANT. Complement existing activities
- Use the learning management system GEANT is developing?
- AI Jessica will help a subset of CACTI to draft a Community working group on IAM recruiting and hiring
- Possible temporary working group name:
- Hiring For IAM working group or
- IAM Journey working group
- Suggestion to open membership to this new working group to the community at large
- would be helpful to have a rep from the GEANTT project.
- charter should include timeframe and milestones
- Chris P is interested in helping with this proposed working group
- Possible temporary working group name:
Next Meeting: Tuesday, March 3rd, 2020