CTAB Call Tuesday February 8, 2022
Attending
- David Bantz, University of Alaska (chair)
- Jon Miner, University of Wisc - Madison (co-chair)
- Pål Axelsson, SUNET
- Sarah Borland, University of Nebraska
- Ercan Elibol, Florida Polytechnic University
- Richard Frovarp, North Dakota State
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Andy Morgan, Oregon State University
- Rick Wagner, UCSD
- Chris Whalen, Research Data and Communication Technologies
- Jule Ziegler, Leibniz Supercomputing Centre
- Robert Zybeck, Portland Community College
- Tom Barton, Internet2, ex-officio
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2
- Ann West, Internet2
- Albert Wu, Internet2
- Netta Caligari, Internet2
Guest: Mary McKee, Duke University
Regrets
- Meshna Koren, Elsevier
- Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
- Emily Eisbruch, Internet2 (scribe)
DISCUSSION
Intellectual Property reminder
Working Group Updates
- REFEDS Assurance Working Group
- https://wiki.refeds.org/display/GROUPS/Assurance+Working+Group
- Working to understand existing identity standards and deciding what the group needs to write to modernize the specifications
- https://wiki.refeds.org/display/GROUPS/Assurance+Working+Group
- MFA Sub Group
- https://wiki.refeds.org/display/GROUPS/MFA+Subgroup
- Drafted a set of recommendations for updates to the next iterations of the MFA profile based on what was learned during the NIH rollout of new identity requirements
- Will present the recommendations to the Assurance Working Group later in the week
- https://wiki.refeds.org/display/GROUPS/MFA+Subgroup
- REFEDS Assurance Working Group
- R&S WG (Access Entity Group}
- Instead of R&S category, plan 3 categories
- Anonymous Authorization
- Pseudonymous Authorization
- Personalized Access
- These three categories have been presented to REFEDs
- NIH Activities
- Tom Barton reported there was discussion about the IRS plan to use facial recognition as a means of establishing identity, using ID.me.
- IRS has now canceled these plans.
- Login.gov is used by researchers to authenticate to NIH if campus credentials can’t meet the NIH identity requirements. Login.gov notified NIH they need clear rules about how to handle photos they receive.
- This points to potentially increased the value of REFEDs assurance framework and especially the proposed local enterprise, as a reasonable proxy for a higher assurance standard
- SIRTFI Exercise Working Group
- https://spaces.at.internet2.edu/display/sepwg
- Framing and scoping the exercise plan
- Examined some of Kyle Lewis’s work and what was done in the military, did some compare and contrast
- Talked about what we might face in the federated version.
- InCommon TAC
- Work plan review, hope to finalize work plan this week, including adopting subject identifiers. Subject identifiers work and how to roll it out may have crossover with CTAB’s efforts
- Looking at wallet federation work
- Working on recommendations on discovery, moving forward. Will be based on Seamless Access. https://seamlessaccess.org/
- REFEDs Schema Editorial Board
- https://wiki.refeds.org/display/STAN/Schema+Editorial+Board
- REFEDS Schema Editorial Board (SEB)
- Long term: Looking at getting away from protocol specific descriptions of schema.
- Shorter term: Spun up a subgroup on use of personal pronouns and a potential eduperson displayname attribute (this came out of an Advance CAMP session)
Identity Provider as a Service (Mary McKee)
- Mary co-chaired IDP as a Service Working Group
- IDP as a Service Report
- Goal was to make federation more accessible
- The working group Identified use cases, such as
- “we have an IDP but it does not support federation”
- “we are looking for a full SAML SSO solution”
- “we need a credential store”
- IAM as a service was out of scope for the IDPaaS working group
- Big factor that leads to organizations not prioritizing federation is intimidation
- There is an opportunity for InCommon to help those without the in house expertise
- Help create an easily parsable process for each primary use case
- Concept of “Federation Ready”
- There are federation connector products (shim solutions) on the market
- InCommon could to provide the needed information/materials
- InCommon can vet/validate solutions and state that they are “Federation Ready”
- Comment: It can be challenging to determine what bar to use for “Federation Ready.”
- Need a framework for evolution of this.
- It makes sense for InCommon to decide the minimum requirements needed for trust in the federation.
- Community members participate in the process to advocate for the needs of their institution
- Ann reported that there has been turnover in IT and in some cases, people are losing understanding of the value of federation.
- InCommon staff recognize the need to support organizational readiness for federation.
- There will be courses on InCommon Federation Training and on the basics of IAM.
- Another focus will be getting CIOs to talk about identity again. Digital campus versus physical campus.
- There are National Science Foundation CC* grants to bring more Higher Ed institutions into cyberinfrastructure.
- InCommon will work with Catalysts, and having trusted 3rd parties.
- David: This is excellent context for CTAB’s work, thanks to Mary for joining CTAB today
- Mary co-chaired IDP as a Service Working Group
Baseline Expectations v2 updates (Albert)
- Working on the long tail Baseline Expectations for Trust in Federation
- Next major deadline is Feb 17.
- There are about 30 organizations that requested an extension but have not yet met baseline expectations. We will be reaching out to them.
- CTAB members, please reach out the orgs you were assigned to who have not yet met baseline expectations
- Working on the long tail Baseline Expectations for Trust in Federation
- Did not discuss at this meeting:
- (10 min) 2022 CTAB Work Plan - will discuss next meeting
- Sirtfi v2 spec (Tom Barton)
- (10 min) 2022 CTAB Work Plan - will discuss next meeting
Next CTAB Call: Feb. 22, 2022