Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

CTAB call Tuesday, February 23, 2021

 Attending

  • David Bantz, University of Alaska (chair)   
  • Brett Bieber, University of Nebraska (vice chair)  
  • Pål Axelsson, SUNET  
  • Rachana Ananthakrishnan, Globus, University of Chicago  
  • Tom Barton, University Chicago and Internet2, ex-officio  
  • Ercan Elibol, Florida Polytechnic University  
  • Richard Frovarp,  North Dakota State  
  • Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
  • Meshna Koren, Elsevier  
  • Jon Miner, University of Wisc - Madison  
  • Andy Morgan, Oregon State University   
  • John Pfeifer, University of Maryland   
  • Chris Whalen, Research Data and Communication Technologies  
  • Robert Zybeck, Portland Community College  
  • Johnny Lasker, Internet2  
  • Kevin Morooney, Internet2   
  • Ann West, Internet2  
  • Albert Wu, Internet2  
  • Emily Eisbruch, Internet2  

Regrets

  • Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
  • Jule Ziegler,  Leibniz Supercomputing Centre


Discussion

Around the Community

Baseline Expectations V2 updates 

  • InCommon Federation manager has been updated to alert Site Administers of BEv2 requirements during data entry.
  • API allows tracking of compliance data
  • Johnny is pulling data daily
  • Dashboard is available - with four days of data
  • Albert sent  a snapshot of the current statistics to CTAB list
  • Don't yet have all the TLS scoring in place
    • Reporting if an org has HTTPS endpoints or not
  • Most of the issues in non-compliance are around SIRTFI 
    • Some organizations are unaware of SIRTFI
    • Communications will help
  • Albert will give all CTAB members access to the google shared drive with the data
  • Spreadsheet will evolve into a trend graph
  • Currently shows percentage of orgs meeting the BEv2 requirements

  • At signing into the Federation Manager, there will be a notice/warning of BEv2 compliance status
  • It will still be possible to publish data in Federation Manager
  • Agreed it makes sense to start with  a directed email to the Execs, letting them know we are starting with BEv2 and explaining what to expect

  • When it's time to start sending info on non-compliance, first step should be  to send notice Site Admins
    • Agreed it makes sense to send notice first to Site Admins, before sending to InCommon Execs
  • It was agreed it does not make sense to  send a congratulations email to those who are compliant  
    • Reason: compliance will change as TLS score changes
    • and TLS score “slides” at any point, an organization can become non compliant
    • Risk in declaring victory prematurely
    • We plan long-term, sustainable notifications process
    • See BEv2 implementation plan: Default plan is we aim to scan an entity whenever it changes or is added or it reaches one year since last scan


  • Suggestion to specify in outreach which entities are compliant or non compliant 
  • That was helpful in BEv1
  • There is an issue with mail merge capability
  • Will look into in longer term solution
  • At this point, would need to do a lot of copy and paste to accomplish emails specifying entities
  • The info showing which entities are compliant or non compliant is in the InCommon Federation Manager
    • Need to go into each entity in Federation Manager at this point
    • The info exists on the backend
    • May improve that in the future
  •  Emails will say out of <this number of> entities, <this number> are out of compliance
      • there is a draft notice to non-compliant orgs  
      • Hope to send out 1st announcement towards end of this week or Monday
      • To let InCommon participants know if they have missing elements in SIRTFI or error URL
      • We are not ready to report on endpoints, but will mention endpoints as part of BEv2

CTAB/NIH Assured Access Working Group Status Update

    • The new Assured Access working group has met 3 times
    • Last week’s discussion included assessment of IAL-2 and  I9 and eSurvey and mapping to various assurance levels, 
    • appreciated Kyle Lewis's work on this
    • https://drive.google.com/file/d/1yp5BGVVL7IkEOi_bU1IlL84CcGl29_Qt/view?usp=sharing
    • Mapping of identity assurance levels
    • Next steps: continue discussion, produce recommendations
    • suggestion to repeat Kyle’s analysis with Kantara IAP
    • There are strengths to having Drivers License  that is a Real ID
    • Institutions have employees that pre-date the Real ID, and pre date eVerify
    • We should think and perhaps provide guidance about duration
    • There’s building pressure from the community to receive some guidance
    • Folks reaching out on email lists
    • It came up on Big Ten Identity Management call
    • With E-Verify and I9 together, we are close to what is needed
    • We can show examples, how you compose a policy for individuals to meet the needed level
    • Aiming for end of March to produce community guidance
    • This guidance is scheduled for an April IAM Online webinar, could move up to a March IAM Online
      •  Brett: stick with April for this IAM Online
    • PubMed is moving to federated identity 
    •  Assured Access Working Group meets  again on Thursday. It’s open to all.


  • Beyond NIH - how do we build on this and expand adoption of standard “research interop profile”?
    • What would a standard research interop profile include? Who do we write this for? 
    • Volunteers to write/review content
    • When do we involve additional research communities?
    • Hoping if NSF has a similar requirement to NIH, then we can leverage the work being done now.  CC Star in NSF does require federated identity? Dept of Energy, NASA, 
    • Federated Credentials can be used for research.gov


Reading/Reference Material


Next CTAB Call: Tuesday March 9, 2021