CTAB Call Tuesday July 12, 2022
Attending
- David Bantz, University of Alaska (chair)
- Jon Miner, University of Wisc - Madison (co-chair)
- Sarah Borland, University of Nebraska
- Andy Morgan, Oregon State University
- Chris Whalen, Research Data and Communication Technologies
- Robert Zybeck, Portland Community College
- Tom Barton, Internet2, ex-officio
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2,
- Ann West, Internet2
- Albert Wu, Internet2
Regrets
• Pål Axelsson, SUNET
• Ercan Elibol, Florida Polytech Institute
• Richard Frovarp, North Dakota State
• Mike Grady, Liaison from CACTI to CTAB
• Eric Goodman, UCOP - InCommon TAC Representative to CTAB
• Meshna Koren, Elsevier
• Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
• Rick Wagner, UCSD
• Jule Ziegler, Leibniz Supercomputing Centre
• Emily Eisbruch, Internet2
Discussion
Working Group updates
- InCommon TAC (30 June): reports from TNC and other events
- Verifiable credentials moving into mainstream, with various wallet models (self control of your credentials) and OIDC intense interest.
- Ann West noted that the EU is looking at this, with the most recent instantiation being a wallet approach where the person can choose release and multiple authorities put claims in. GDPR is interpreted differently across the countries of EU, so self release makes it easier to cross borders.
- Erasmus as example, student mobility. GEANT is being funded by EU and piloting wallet technology, UX.
- InCommon Steering
- Seamless access has been adopted as the preferred discovery service
- Seamless access has been adopted as the preferred discovery service
- R&S 2.0/ Entity Categories Working Group (David B):
- REFEDS feedback on proposal:
- Entity categories must be self-contained when it comes to the guidance around attribute release;
- they must not have dependencies on each other.
- Rather than tie the entity categories together with the fallback mechanism we have been debating
- it would be better to create a fourth entity category with its own attribute bundle and associated guidance
- (in addition to Anonymous Authorization, Pseudonymous Authorization, and Personalized Access)
- REFEDS feedback on proposal:
- REFEDs MFA Working Subgroup
- REFEDS MFA Profile proposal
- Working on section 5.1, SAML binding
- Looking at how to describe how ForceAuthn works and relationship to Duo
- We need to provide helpful guidance, but how much should be in a specification
- European folks are on vacation, so this is on hold for a bit
- Hope to vote in next few months
- SIRTFI Exercise Working Group
- Getting ready to invite people to participate in the test
Mid-year check on CTAB work plan
Public CTAB Work Plan : https://spaces.at.internet2.edu/display/ctab/ctab-2022-work-plan
- Action: add status of Internet2 monitoring of Baseline Expectations compliance as default CTAB agenda item
- Kevin M noted that InCommon Steering will do a check-in on the status of the various committee and advisory group work plans in fall 2022
Baseline Expectations v2 Close Out - what’s next
Helpful to have CTAB recommendations for proposed actions to InCommon Steering by July 26 (to remove specific entities);
See the dispute resolution process
Next steps
- For those missing elements in BE2 + scoring C or F on SSL test, prepare removal unless remediated docket
- Notify affected orgs
- Focus on IDP first
- Alert InCommon Steering
- CTAB perform due diligence to determine final recommendation for each entity
- Current status for BEv2
- 23 outstanding IDPs
- 164 outstanding SPs
Baseline Expectations TLS/Endpoint Encryption Proposal
- Draft proposal has been updated
- Suggestions on mechanics:
- InCommon sends Site Admins an email when that there is action needed, InCommon tells the site Admin to sign into federation manager to see the details
- How does an entity inform InCommon that they are working on remediation?
- Albert: prefer that the site admin signs into Federation Manager to indicate the work they are doing to mitigate their TLS endpoint encryption security status. This will require a development effort as Federation Manager does not currently have that capability.
- A group from CTAB will need to stay on top of this docket.
- This group might want to meet on a regular basis, perhaps quarterly
- Some possibility for automated notification
- CTAB started to approve this BE TLS framework, but there were a few questions remaining and time ran out for this CTAB call
TechEx/CAMP Planning, Denver 5-9, 2022 in Denver Dec. 5-9, Denver, CO
- https://internet2.edu/2022-technology-exchange/
- There will be a hybrid CTAB meeting at Tech Ex
- ACAMP topics: open territory
Next CTAB Call: Tuesday, July 26, 2022