CACTI Call Dec. 22, 2020
Attending
Members
- Tom Jordan, University of Wisc - Madison (chair)
- Jill Gemmill, Clemson (vice chair)
- John Bradley, independent
- Rob Carter, Duke
- Nathan Dors, U Washington
- Joshua Drake, Indiana University's Center for Applied Cybersecurity Research
- Matthew Economou, InCommon TAC Representative to CACTI
- Stoney Gan, University of South Florida
- Michael Grady, Unicon
- Kevin Hickey, Detroit Mercy
- Barry Johnson, Clemson
- Marina Krenz, REN-ISAC
- Les LaCroix, Carleton College
- Jeremy Perkins, Instructure
- Chris Phillips, CANARIE
- Bill Thompson, Lafayette College
Internet2
- Ann West
- Steve Zoppi
- Nic Roy
- Emily Eisbruch
Regrets
- Kevin Morooney, Internet2
- Karen Herrington, Virginia Tech
- Margaret Cullen, Painless Security
- Christos Kanellopoulos, GEANT
- Marina Adomeit, SUNET
DISCUSSION
Welcome to new CACTI members and thanks to outgoing CACTI members
New CACTI members:
- John Bradley, Independent
- Joshua Drake, Indiana University's Center for Applied Cybersecurity Research
- Stoney Gan, University of South Florida
- Kevin Hickey, Detroit Mercy
- Marina Krenz, REN-ISAC
- Barry Johnson, Clemson
- Jeremy Perkins, Instructure
Departing CACTI members:
- Tom Jordan, University of Wisc - Madison (chair 2020)
- Jill Gemmill, Clemson (vice chair 2020)
- Nathan Dors, U Washington
- Karen Herrington, Virginia Tech
- Christos Kanellopoulos, GEANT
- Many thanks to the departing CACTI members for their important contributions
More about CACTI
- Rob Carter will be 2021 CACTI chair, Les LeCroix will be 2021 CACTI vice chair
- Nic Roy is flywheel to CACTI
- Nic encourages those who have agenda items for any upcoming CACTI call to let him know via email or Slack
- Wed., Jan 27, 2021 at noon ET there will be an intro session for new trust and identity committee members.
- This session will cover governance structures and how CACTI fits in.
- CACTI is advisory to Kevin Morooney, VP of Trust and Identity.
- Both USA and International perspectives are essential to what we do.
- Approx. 150 community members participate in Internet2 Trust and Identity advisory, governance and working groups. You are the engine of what we do.
- Logistics around access to notes/minutes
- If you have not enrolled in the Internet2 IAM platform, please do so ASAP at:
- How To Self Enroll
- Please review the CACTI minutes and approve them with a comment on the wiki page
- Let us know if you have items that should not be in the public CACTI notes
- Approval by 4 CACTI members is required for the CACTI minutes to be moved to CACTI Public Minutes
Pre-Seeding CACTI Topics for 2021
See discussion from Dec 8, 2020 CACTI call
- MFA and assurance, both technical and business challenges
- Public cloud infrastructure and how it relates to identity
- Push to move services into the cloud
- Social and self-sovereign identity (SSI) and how that could be moved forward
- Where does a person’s identity reside long term?
- Verifiable credentials
- StoneyG:
- Example: military gives a token to an individual, then the individual uses that token to apply to a university.
- JohnB:
- working on verifiable credentials with Microsoft
- Older project was InfoCard
- Idea to break up credential issuance and verification to add a privacy layer
- Part of the original OPENID Connect spec
- Take OPENID Connect and break it into components
- To protect privacy, issuer does not know where you are presenting the credential.
- This approach is still in the future. Has been picked up by block chain efforts.
- NathanD:
- Using Pioneer, Settler, Town Planner mindset in relation to existing technologies
- (With Pioneer mindset, okay with uncertainty) U Washington is completing proof of concept (POC) on verifiable credentials.
- POC: a student is issued a verifiable credential that tells others they attended a training or event (also included eduPersonPrincipalName)
- Also having discussions with vendors (e.g. Microsoft, Workday) to understand where interoperability is needed
- StoneyG:
- There is some movement to Microsoft for MFA
- Several universities are having conversations on relationship between campus and teaching hospital and other arms of the University
- MFA signaling with Duo or office 365, how to indicate to an application that MFA has happened
- Failover, do we fail open or fail closed?
- Community standards are needed
- For MFA, the NIH use case is only 6 months away, need solutions
- REFEDs MFA profile, need to be able to handle Azure AD
- Azure AD proxy with Shib IDP is solved, contact ChrisP, CANARIE, if interested
- There are relevant conversations at Trust and Identity Integration working group on Wed and Fridays
- Eduroam and cloud story is important
- Ten year concern. IDPro overlap of privacy and security staff. When are we complicit in surveillance? When people must always be authenticated. Facial recognition issues.
- UW Madison is aligning identity with CRM practices. Progressive profiling. Tracking by browser cookies. Disclosure and Privacy statements are important
- CACTI may want to develop principles of identity around privacy or other issues.
- CACTI is becoming wider in our scope based on membership. Smaller organizations' voices are important. Security voices. Adoption of standard toolsets is a need for smaller orgs
- Documentation around ITAP has at times been challenging for small IT organizations.
- Small organizations benefit from a more simplified process to deploy infrastructure.
Next CACTI Meeting: Tuesday, January 5, 2021 at 11am ET