CACTI Call Dec. 22, 2020 

Attending

Members

• Tom Jordan, University of Wisc - Madison (chair) 
• Jill Gemmill, Clemson  (vice chair)  
• John Bradley, independent
• Rob Carter, Duke  
• Nathan Dors, U Washington  
• Joshua Drake, Indiana University's Center for Applied Cybersecurity Research 
• Matthew Economou, InCommon TAC Representative to CACTI  
• Stoney Gan, University of South Florida  
• Michael Grady, Unicon
• Kevin Hickey, Detroit Mercy  
• Barry Johnson, Clemson   
• Marina Krenz, REN-ISAC  
• Les LaCroix, Carleton College  
• Jeremy Perkins, Instructure  
• Chris Phillips, CANARIE  
• Bill Thompson, Lafayette College  

Internet2 

• Ann West   
• Steve Zoppi    
• Nic Roy  
• Emily Eisbruch   

Regrets

• Kevin Morooney, Internet2
• Karen Herrington, Virginia Tech  
• Margaret Cullen, Painless Security
• Christos Kanellopoulos, GEANT  
• Marina Adomeit, SUNET

  DISCUSSION

• Intellectual Property reminder
  
  

Welcome to new CACTI members and thanks to outgoing CACTI members  

 New CACTI members:

• John Bradley, Independent
• Joshua Drake, Indiana University's Center for Applied Cybersecurity Research
• Stoney Gan, University of South Florida
• Kevin Hickey, Detroit Mercy
• Marina Krenz, REN-ISAC
• Barry Johnson, Clemson 
• Jeremy Perkins, Instructure

Departing CACTI members:

• Tom Jordan, University of Wisc - Madison (chair 2020)
• Jill Gemmill, Clemson  (vice chair 2020)
• Nathan Dors, U Washington  
• Karen Herrington, Virginia Tech  
• Christos Kanellopoulos, GEANT
  
  
• Many thanks to the departing CACTI members for their important contributions 
  
  

More about CACTI

• Rob Carter will be 2021 CACTI chair, Les LeCroix will be 2021 CACTI vice chair
• Nic Roy is flywheel to CACTI
• Nic encourages those  who have agenda items for any upcoming CACTI call to let him know via email or Slack  
• Wed., Jan 27, 2021 at noon ET there will be an intro session for new trust and identity committee members.
• This session will cover governance structures and how CACTI fits in.
•  CACTI is advisory to Kevin Morooney, VP of Trust and Identity.
• Both USA and International perspectives are essential to what we do.
• Approx. 150 community members participate in Internet2 Trust and Identity advisory, governance and working groups. You are the engine of what we do.
  
  
• Logistics around access to notes/minutes 
  • If you have not enrolled in the Internet2 IAM platform, please do so ASAP at: 
  • How To Self Enroll
  • Please review the CACTI minutes and approve them with a comment on the wiki page
  • Let us know if you have items that should not be in the public CACTI notes
  • Approval by 4 CACTI members is required for the CACTI minutes to be moved to  CACTI Public Minutes

Pre-Seeding CACTI Topics for 2021  

See discussion from Dec 8, 2020 CACTI call

• MFA and assurance, both technical and business challenges
• Public cloud infrastructure and how it relates to identity
• Push to move services into the cloud
• Social and self-sovereign identity (SSI) and how that could be moved forward
• Where does a person’s identity reside long term?
• Verifiable credentials
  • StoneyG:
    • Example: military gives a token to an individual, then the individual uses that token to apply to a university.  
  • JohnB: 
    • working on verifiable credentials with Microsoft
    • Older project was InfoCard
    • Idea to break up credential issuance and verification to add a privacy layer
    • Part of the original OPENID Connect spec
    • Take OPENID Connect and break it into components
    • To protect privacy, issuer does not know where you are presenting the credential.
    • This approach is still in the future.  Has been picked up by block chain efforts.
  • NathanD:
    
    • Using Pioneer, Settler, Town Planner mindset in relation to existing technologies
    • (With Pioneer mindset, okay with uncertainty) U Washington is completing proof of concept (POC) on verifiable credentials.
    • POC: a student is issued a verifiable credential that tells others they attended a training or event (also included eduPersonPrincipalName)
    • Also having discussions with vendors (e.g. Microsoft, Workday) to understand where interoperability is needed
• There is some movement to Microsoft for MFA
• Several universities are having conversations on relationship between campus and teaching hospital and other arms of the University 
• MFA signaling with Duo or office 365, how to indicate to an application that MFA has happened
  • Failover, do we fail open or fail closed?
  • Community standards are needed
•  For MFA, the NIH use case is only 6 months away, need solutions
• REFEDs MFA profile, need to be able to handle Azure AD
  • Azure AD proxy with Shib IDP is solved, contact ChrisP, CANARIE, if interested
• There are relevant conversations at Trust and Identity Integration working group on Wed and Fridays
• Eduroam and cloud story is important
• Ten year concern. IDPro overlap of privacy and security staff. When are we complicit in surveillance? When people must always be authenticated. Facial recognition issues.  
• UW Madison is aligning identity with CRM practices. Progressive profiling. Tracking by browser cookies.  Disclosure and  Privacy statements are important
• CACTI may want to develop principles of identity around privacy or other issues.
• CACTI is becoming wider in our scope based on membership. Smaller organizations' voices are important. Security voices. Adoption of standard toolsets is a need for smaller orgs
• Documentation around ITAP has at times been challenging for small IT organizations. 
• Small organizations benefit from a more simplified process to deploy infrastructure.  

Next CACTI Meeting: Tuesday, January 5, 2021 at 11am ET