CTAB Call Tuesday March 8, 2022

Attending

• David Bantz, University of Alaska (chair)  
  
• Jon Miner, University of Wisc - Madison (co-chair)
  
• Ercan Elibol, Florida Polytechnic University  
  
• Richard Frovarp,  North Dakota State  
  
• Andy Morgan, Oregon State University  
  
• Rick Wagner, UCSD 
  
• Chris Whalen, Research Data and Communication Technologies   
  
• Jule Ziegler,  Leibniz Supercomputing Centre  
  
• Robert Zybeck, Portland Community College  
  
• Tom Barton, Internet2, ex-officio 
  
• Ann West, Internet2   
  
• Albert Wu, Internet2  
  
• Emily Eisbruch, Internet2   
  

Regrets

• Pål Axelsson, SUNET
  
• Sarah Borland, University of Nebraska 
  
• Eric Goodman, UCOP - InCommon TAC Representative to CTAB
  
• Meshna Koren, Elsevier
  
• Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
  
• Johnny Lasker, Internet2 
  
• Kevin Morooney, Internet2
  

Discussion

• Intellectual Property reminder
  

Working Group Updates

• • REFEDS Assurance Working Group  and
    
  • REFEDs MFA Sub Group
    
    • The  REFEDs assurance working group asked the REFEDS MFA subgroup  to develop proposed answers to the questions raised in the recommendations for updates to the next iterations of the MFA profile.  One of the goals is to make the statement of MFA more agnostic, beyond SAML.  
      
    • Subgroup is in process of figuring out how to approach those issues
      
    • One issue involves the profile naming convention:
      • Do we have alternative versions? MFA 2022, MFA 2023?
      • Or use more general naming ? 
        
    • Volunteers are needed for this group
      
      
      
  • SIRTFI Exercise Working Group
    
    • This group has been discussing the arc of work, the elements and timing
      
    • SIRTFI exercise working group will send out a message to  security  contacts of all InCommon entities to be sure the emails are valid  
      
    • Then we will need to process the results and follow up. SIRTFI exercise is a learning exercise
      

• InCommon TAC Updates
  
  • InCommon TAC is looking at:
    • rolling out subject identifier
      
    • SAML2int topic
      
    • Federation testing
      
    •     There is a need for more testing volunteers from the community
      
    •    There will be a subgroup to look at federation testing
      
      
• NIH 
  
  • No meetings or updates since last CTAB call
    
    
    

 Baseline Expectations v2 - Status of notification and next steps

• • InCommon sent out a round of notifications in the last 2 weeks, with individually crafted messages.  Now only 64 organizations are outstanding for BEv2 compliance.
    
  • 16 orgs are missing contacts
    
  • Albert will create next steps docket for organizations we have not heard from 
    

  2022 CTAB Work Plan

• •  There is concern that there are too many items on the CTAB work plan. How to best narrow down the work?
    
  • Could reach out to other groups, or InCommon staff for additional support in accomplishing the work items
    
    
  • One suggested work plan item is to nail down how to address how good the security is in Baseline Expectations.
    
  •    Albert: InCommon Operations is looking at how to test/track this
    
  •    There can be a difference between our testing and the SSL Lab result
    
  • CTAB needs to decide consequence of not having an A in the SSL Labs testing
    
    
  • Other suggested work plan items
    • Future and value of Federation discussion.  Integrated approach
      
      
    • Future of Baseline Expectations, what are we trying to accomplish and how much of a blocker are some of the mechanics we use today?
      
      
    • REFEDs entity categories, how do we craft the value statement and motivate people to want to to adopt the entity categories?
      
      
    • Proxies in the federation, technical and policy issues
      

Next CTAB Call:  Tuesday, March 22, 2022

Daylight savings time begins in the USA on March 12