Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


CTAB Call Tuesday August 23, 2022


  • David Bantz, University of Alaska (chair) 
  • Jon Miner, University of Wisc - Madison (co-chair)  
  • Pål Axelsson, SUNET 
  • Sarah Borland, University of Nebraska
  • Ercan Elibol, Florida Polytechnic University
  • Richard Frovarp,  North Dakota State 
  • Mike Grady, Liaison from CACTI to CTAB  
  • Eric Goodman, UCOP - InCommon TAC Representative to CTAB 
  • Meshna Koren, Elsevier 
  • Andy Morgan, Oregon State University 
  • Jule Ziegler,  Leibniz Supercomputing Centre 
  • Tom Barton, Internet2, ex-officio 
  • Kevin Morooney, Internet2 
  • Ann West, Internet2 
  • Albert Wu, Internet2 


  • Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
  • Rick Wagner, UCSD,  
  • Chris Whalen, Research Data and Communication Technologies 
  • Robert Zybeck, Portland Community College
  • Johnny Lasker, Internet2 
  • Emily Eisbruch, Internet2


Theme: Thinking about what’s next for “federation”...

Working Group Updates

    • CACTI
      • Discussion about potential implications of post quantum crypto.
      • Questions about how baseline expectations could be used to push community forward quickly if existing crypto is broken.

    • InCommon TAC
      • Discussion of IAM pain points at campuses. 
        • Intent was to drive/uncover/highlight items where InCommon TAC (or maybe other InCommon groups) should focus effort
    • REFEDs MFA Working Subgroup 
      • Finalizing draft REFEDS MFA Profile proposal
      • Proposal for profile will go to consultation in a few weeks. 
      • David: CTAB may have a role in seeing that the spec , once adopted, gets deployed within InCommon
      • Looking ahead in the agenda, discussion of whether “passkeys” count as MFA was an element of the discussion.

Baseline Expectations 2 Update

  • Baseline Expectations for Trust in Federation wiki shows status
  • InCommon Operations recently received updated scores from scanning, which was helpful
  • CTAB members should reach out to orgs that they know on the list on non compliant orgs   
  • Put your name in the spreadsheet to indicate that you will be reaching out
  • Personal contact is often effective
  • Feel free to contact Albert to get more context on any org

Scaling Federation 

  • What comes next for mutual trust and assurance, after BEv2?
  • Probably not BEv3
  • We want to move away from the model of requirements every entity MUST meet to be in federation
  • We need to make it easy enough for institutions with modest staff and resources to participate
  • Federation versus multilateral federation is a valuable question
  • how do we deal with services that campuses need to integrate with,  but are not deployed for widespread federation use (eg campus-specific SP, etc) 
    • multilateral federation may not be the answer in all cases
    • one-off integrations between an IDP and an SP have been set up in many cases
    • services like Box, Zoom, and others require proxy authentication
    • enterprise apps often use bilateral approach
    • It's technically simple to do a bilateral exchange, but it's a short term solution, not as scalable
    •      in the end, bilateral setup requires a lot of human support
    •     strength of the federationL:  don't need to manage certificates  
  • Bilateral integration within the federation is not so bad, it can be a strength
  • Should we make it easier to do bilateral setup within the federation?
  • Pai noted that with SUNET, there is much bilateral activity and it works well
  • Should we have different expectations for different types of federation participants (as we do for SPs and IdPs)?
  • Things were more homogenous when we designed InCommon federation, now there are some complex proxying situations 
  • Could use entity categories  
  • use subsets of requirements to provide value
  • Start thinking differently about service providers
  • SIRTFI potentially  goes too far for some categories of SPs
  • SPs may have different needs, configurations, architecture: a tool SP (e.g. Zoom or Box) versus content producer SP (e.g. Elsevier) 
  •  different business perspective
  • collaboration with software vendors can be helpful
  • This discussion can be a gateway to talking about authorization and  attribute bundles

Future Items

  • Do we want a presentation to CTAB on PassKeys?
  • Might be helpful if one of the CTAB members gave an overview
  • Will be on a future CTAB agenda
  • Passkeys - how does this affect us?
    • Us = federation
    • Us = campus IAM operation
    • What is passkey? 

Next CTAB Call
: Tuesday, Sept 6, 2022