CTAB Call Tuesday January 25, 2022
Attending
- David Bantz, University of Alaska (chair)
- Sarah Borland, University of Nebraska
- Ercan Elibol, Florida Polytechnic University
- Richard Frovarp, North Dakota State
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Andy Morgan, Oregon State University
- Rick Wagner, UCSD
- Chris Whalen, Research Data and Communication Technologies
- Jule Ziegler, Leibniz Supercomputing Centre
- Robert Zybeck, Portland Community College
- Tom Barton, Internet2, ex-officio
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2
- Ann West, Internet2
- Netta Caligari , Internet2
- Emily Eisbruch, Internet2 (scribe)
Regrets
- Jon Miner, University of Wisc - Madison (co-chair)
- Pål Axelsson, SUNET
- Meshna Koren, Elsevier
- Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
- Albert Wu, Internet2
Discussion
Working Group updates
- SIRTFI Exercise WG
- https://spaces.at.internet2.edu/display/sepwg
- Group met earlier today, close to having a schedule and series of exercises to take place in 2022.
- Will recruit more participants for the exercises
- InCommon TAC Updates
- Eric Goodman will continue as InCommon TAC Liaison to CTAB
- Going over the work plan for the year.
- Two biggest items:
- 1. Working group on EU work related to digital wallets
- Carry around credentials in an “identity wallet”
- Might become/overlap with a CTAB work item
- 2. Finalize the discovery future document
- Many are of the opinion that discovery WAYF should be replaced/updated probably with Seamless access approach
- REFEDS Assurance WG
- https://wiki.refeds.org/display/GROUPS/Assurance+Working+Group
- Jule: working on REFEDS 2.0 draft
- Looking at risk based perspective
- Albert is looking at identity assurance perspective
- REFEDS MFA Sub Group
- https://wiki.refeds.org/display/GROUPS/MFA+Subgroup
- Reminder: REFEDS MFA subgroup charter is to clarify the questions around the use of REFEDS MFA profile and what would make it easier to use. NOT to answer those questions.
- R&S 2.0 (entity categories) Updates
- https://wiki.refeds.org/display/GROUPS/Entity+Categories+Development+Working+Group
- Plan 3 categories:
- Anonymous Authorization
- Pseudonymous Authorization
- Personalized Access
- Working to harmonize those 3
- Although eduPersonAssurance as specified by the REFEDS Assurance Framework is recommended to be supported in the Personalized Access entity category, it was decided not to require any specific identity assurance claims as part of these entity categories
- Nothing in draft R&S/access entities specifying AAL or MFA requirements
- SIRTFI Exercise WG
NIH activities / Assured Access Working Group
- Tom Barton reported that biweekly meetings with the NIH Central IT team continue
- There was Sept 2021 deadline for accessing ERA https://era.nih.gov/ resources at NIH
- What about other resources?
- Trying to coordinate around future deadlines
- Looking at step-up identity assurance approach
- For high identity assurance, NIH is the first use case
- Not sure how heavily NIH will invest in supporting a single use case
- We are managing the drivers from NIH point of view
- Hope for specific dates/ deadlines that align with NIH capabilities
- Three other SPs in Europe are watching closely what’s happening with NIH
- NIAID and National Heart Lung and Blood Institute (NHLBI) CIOs are both proponents of using the REFEDS Assurance Framework for identity proofing.
- Need to bring NIH and NSF together to talk through what NIH is doing. Both have the same requirements
- AI Tom will set up doodle poll for Tom, Ann, Sarah, Rick, Chris and other CTAB members to chat on identity assurance
BEv2 Docket - reminder to get out there; contact and update status (Quick Links: Dockets, Exception Requests, Outreach Signups, Missing Elements)
- CTAB members have been working on their outreach responsibilities/assignments
- CTAB members please keep doing the assigned outreach
- Extensions have been granted until Feb. 17, 2022 in many cases
- After Feb. 17, dispute resolution process will move forward (and potentially removal from InCommon Federation will be considered in some cases)
- CTAB meets Feb 8 and Feb 22, 2022
2022 CTAB Work Plan - Planning
- Proposed Theme: scaling interoperability
- Encourage heightened trust and assurance to promote interoperability
- Discourage one to one linking, promote federation
- Potentail Work Plan Items
- SIRTFI Exercise WG
- Meta discussion of “what should CTAB do to continue to increase trust and interoperability in federation, given the changing IT landscape?
- Continued work on identity assurance
- MFA - what’s next?
- Additional Discussion Topics:
- Should we have a hierarchy of expectations within the Federation?
- Trust mark, seal of approval for those that use a higher level of assurance
- Should CTAB engage with large commercial SPs?
- Actively maintain info on how to interface with large SPs
- Looking at this was part of the mission statement of the IDP as a Service (IDPAAS) Working Group https://spaces.at.internet2.edu/display/IDPAAS/IdPaaS+Home
- Shims
- Find vendors to provide shims or have InCommon sponsor the shims
- Put shim in front of Azure, for example
- Smart approach is for CTAB to support use of shims for interfacing with big commercial products
- The IDPAAS report was accepted by InCommon Steering.
- It’s currently up to InCommon staff to respond to and act on the recommendations of the IDP as a service WG. Could result in trust marks.
- To be built on top of the catalyst program. https://internet2.edu/catalyst-program-brings-identity-and-access-management-expertise-support-to-incommon-community/
- Hope for a pilot in 2022
- Scaling community requirements for organizations that are not ready to do so. Outsourcing is a good approach
- Proposed Theme: scaling interoperability
Next CTAB Call: Tuesday, Feb. 8, 2022