CTAB Call Tuesday July 26, 2022
Attending
- David Bantz, University of Alaska (chair)
- Jon Miner, University of Wisc - Madison (co-chair)
- Sarah Borland, University of Nebraska
- Richard Frovarp, North Dakota State
- Mike Grady, Liaison from CACTI to CTAB
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Andy Morgan, Oregon State University
- Rick Wagner, UCSD
- Jule Ziegler, Leibniz Supercomputing Centre
- Tom Barton, Internet2, ex-officio
- Ann West, Internet2
- Albert Wu, Internet2
- Emily Eisbruch, Internet2
Regrets
- Pål Axelsson, SUNET
- Ercan Elibol, Florida Polytech Institute
- Meshna Koren, Elsevier
- Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
- Chris Whalen, Research Data and Communication Technologies
- Robert Zybeck, Portland Community College
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2
Discussion
Working Group updates
- InCommon TAC
- Update on Deployment Profile value proposition (Mark R) Draft ready, tries to capture high-level the comments that have authored so far.
- Request from Duke to review its plan to assert subject-id (Mark R)
Duke has a proxy fronting several SP and using the proxy to federate those SP. - Important technology to watch: Wallets and Self Sovereign Identities (DIDs or decentralized identifiers)
- Planning to kick off SP “proxying” workgroup.
- Any additional issues with running proxies that should be addressed in participation agreements?
- Technical/security/scoping concerns when IdP proxies talk to SP proxies…
- REFEDs MFA Working Subgroup
- Finalizing draft REFEDS MFA Profile proposal
- Most recent conversations around SAML ForceAuthn support and meaning (possibly an edge case, but lots of discussion nonetheless) → we have a resolution there, at least regarding what to say in the Profile.
- Noted that it does not define appropriate solutions (e.g., “is a passkey multifactor or just one factor? If just one, is it a “something you have” factor?)
- Includes an OIDC section, but the workgroup recognizes that we don’t have deep knowledge of OIDC usage and common practices. E.g., is OIDC “max_age” analogous to SAML “ForceAuthn”, or is it different enough to require different rules or guidance?
- Next steps: read through to ensure overall document consistency; open up for wider review
- REFEDS Assurance Framework (RAF) Working Group
- Internet2 TechEx submission on RAF updates accepted (but will be merged with another session)
- Working Group is wrapping up ‘AB’ (Authenticator Binding) criteria. The remaining one in the table is about Unsupervised Remote Processes. Link to the current working draft: https://docs.google.com/document/d/13tfexdOafnSEXidJ6fbcT0a5qo0wrsu_fqLk856AaTA/
- Entity Categories Working Group (R&S 2.0)
- Based on feedback from REFEDS meeting, looking into a 4th entity category that merges pseudonymous and personalized attributes with fallback
- Removing draft fallback language from pseudonymous and personalized categories
- SIRTFI Exercise Working Group
- Next step: Call for Participants (will cap at 20 participating orgs)
blog was published: https://incommon.org/news/practice-makes-perfect-come-exercise-with-us/ - Newsletter goes out this Thursday
- Email goes out to participants list with link to blog --Action: Kyle prepared to send announcement email referring to blog and link to form;
Review Baseline Expectations v2 Steering Request for Action
- https://spaces.at.internet2.edu/display/BE
- Approx 5% of entities are not in compliance with Baseline Expectations v2
- Presentation to InCommon Steering on Aug 1, on how we will wrap up Baseline Expectations v2.
- A few documents have been prepared for InCommon Steering
- Does InCommon Steering need to vote to approve the action plan?
- Ann: Steering must approve the final docket of entities that must be removed.
- In the past round of Baseline Expectations, Steering members reached out to some organizations and helped resolve issues so there was no need to remove certain entities.
- Perhaps develop a spreadsheet or other mechanism for Steering to get involved in doing outreach
- Ann suggests providing more info to Steering on the communication cycle with the community around Baseline Expectations V2
- David and Albert will add more background and communications process info to the slide deck for Steering
- CTAB members approved the info for Steering
Next CTAB call: Tuesday, August 9, 2022