CTAB Call Tuesday February 22, 2022
- David Bantz, University of Alaska (chair)
- Jon Miner, University of Wisc - Madison (co-chair)
- Sarah Borland, University of Nebraska
- Ercan Elibol, Florida Polytechnic University
- Richard Frovarp, North Dakota State
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Andy Morgan, Oregon State University
- Rick Wagner, UCSD
- Chris Whalen, Research Data and Communication Technologies
- Robert Zybeck, Portland Community College
- Tom Barton, Internet2, ex-officio
- Johnny Lasker, Internet2
- Ann West, Internet2
- Albert Wu, Internet2
- Pål Axelsson, SUNET
- Meshna Koren, Elsevier
- Jule Ziegler, Leibniz Supercomputing Centre
- Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio\
- Kevin Morooney, Internet2
- Emily Eisbruch, Internet2
Working Group Updates
- REFEDS Assurance Working Group and REFEDs MFA Sub Group
- Recommendations from the MFA subgroup were recently delivered to the REFEDs Assurance Working Group
- MFA group recommended a number of updates to the REFEDs MFA Profile, mostly based on the NIH experience.
- Recommended adding more context and details to the profile to help with implementation.
- If you inject too many details it becomes too rigid. But too little, it’s confusing.
- Likely a group will spin up to work on the suggested updates.
- There may be town hall format, to have the community work through the more complex issues
- Meta concern on what is good/sufficient MFA.
- What was good 10 years ago may not be sufficient today.
- Need to look at this internationally.
- Capability varies by area.
- R&S WG (Entity Categories Group)
- Proposing 3 access profiles
- There is work to do before reporting back to REFEDs
- Still harmonizing with the spec docs
- Could address in CTAB, about supporting entity categories
- NIH activities
- Ann has had recent conversations with Jeff Erickson, our main contact at NIH.
- NIH must revisit the NIH login proxy so it can present different entity IDs based on attribute release category of the backend resource
- There has been discussion on what will drive InCommon participants' adoption of assurance.
- MFA is more important than assurance right now; Approach is to push for MFA and keep assurance at a reasonable level
- If we can get promote use of MFA with local enterprise, and get NIH presence in federation for SP operators, it would be helpful to have NIH work with other federal agencies, such as NSF and NASA, to show here is what we did
- Would be helpful to have a federal agency exchange of information
- Having weekly meetings; looking at other examples of table top exercise
- InCommon TAC
- discussing work planning, including
- digital wallet charter,
- subject identifier adoption and
- discovery futures recommendation, for new discovery service based on Seamless Access
- discussing work planning, including
- InCommon TAC
2022 CTAB Work Plan
- For the CTAB 2022 workplan we have agreed on general theme of scaling interoperability
- MFA signaling and entity category have been discussed for several years as potentially becoming part of Baseline Expectations in the future
- We may want to have a consultation on next phase of baseline expectations
- Comments:
- The items in Baseline Expectations V1 and V2, (contact info, security measures) fall into different category than potential future items like subject ID , entity categories. The proposed items may require new capabilities to be deployed and could be a bigger burden than we have asked in the past.
- Part of the work is to provide capabilities/resources that will simplify integration for federation participants
- There is a connection to IDP as a service
- Ann: CTAB has addressed the low hanging fruit with BE v1 and v2
- Need a directionally correct set of requirements for the next phase.
- Will help drive adoption and corporate offering
- Baseline Expectations V3 could be making clear how we communication with one and other
- We may want to point to using REFEDs MFA, for setting directions and expectations for those using MFA
- Three new entity categories coming out of the REFEDS Assurance WG use the approach of REFEDS MFA
- Use of Trustmarks may be part of the future landscape
- https://wiki.refeds.org/display/GROUPS/SIRTFI
- Tom reported that the SIRTFI Working Group is close to wrapping up work on SIRTFI v2.
- Intent is to add clarity
- One new substantive requirement: if you have a compromised account and it has been used to access a federated entity, you must notify.
Docket for BEv2
- Albert and Ann began sending out the official notice to outstanding entities, that will be going to community dispute resolution.
- Emails are taking time to generate, Albert is cross referencing previous correspondence
Next CTAB Call: Tuesday March 8, 2022