CTAB Call Tuesday November 15, 2022
Attending
- David Bantz, University of Alaska (chair)
- Jon Miner, University of Wisc - Madison (co-chair)
- Pål Axelsson, SUNET
- Ercan Elibol, Florida Polytechnic University
- Richard Frovarp, North Dakota State
- Eric Goodman, UCOP - InCommon TAC Representative to CTAB
- Rick Wagner, UCSD
- Chris Whalen, Research Data and Communication Technologies
- Jule Ziegler, Leibniz Supercomputing Centre
- Tom Barton, Internet2, ex-officio
- Johnny Lasker, Internet2
- Kevin Morooney, Internet2
- Ann West, Internet2
- Albert Wu, Internet2
- Emily Eisbruch, Internet2
Regrets
- Mike Grady, Liaison from CACTI to CTAB
- Meshna Koren, Elsevier
- Andy Morgan, Oregon State University
- Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
- Robert Zybeck, Portland Community College
Discussion
- Intellectual Property reminder
- Agenda Bash
Working group / Committee liaison reports
- InCommon TAC discussed nominees and ongoing election of 2023 Committee
- SEPWG SIRTFI Tabletop Exercise is now in progress
- InCommon Steering Committee discussed nominees and 2023 slate of nominees submitted to InCommon.
InCommon Steering Committee review of CTAB recommended actions re Baseline Expectations v2:
- At their Nov. 7, 2022 meeting, Steering expressed concern over some of CTAB’s recommendations around Baseline Expectations v2.
- The concern centered on the proposed removal of metadata for entities lacking only the explicit affirmation of compliance with SIRTFI
- Steering noted entities are bound by terms of service and doubted a mandated affirmation would materially affect behavior in case of a security incident.
- Steering expressed concern over potentially strong negative perception of removing entities (particularly IdPs) that could cause disruption and damage InCommon’s reputation as a reliable partner. They requested intensified/renewed efforts to work with organizations, especially the Identity Providers.
- Revised recommendations have been formulated in response and provided to Steering;
- Steering is currently voting (by email) on the revised recommendations.
- Current status is that if an entity does not as meet Baseline Expectations due to not asserting SIRTFI, the entity won’t be removed
CTAB Election - ballot
- Thanks to CTAB members who voted.
- David will coordinate with chairs of InCommon TAC and CACTI, since some individuals are considered for more than one advisory group. Then the top vote getters will be notified.
- Albert will be coordinating the ballot for CTAB chair and vice chair
CTAB themes at 2022 TechEx in Denver
- Session Title: Increasing Trust and Assurance in InCommon Wednesday Dec. 7 at 8AM)
- https://internet2.edu/2022-technology-exchange/2022-program/abstracts/#increasingtrust
- Baseline Expectations next steps - how do we further value of Federation? What practices or conventions would increase trust & assurance?
- What IAM practices are needed as foundation of federated trust?
- Expectations on Federation Operator(s) - i.e., I2?
- Accommodating / facilitating IdPs designed without InC in mind
(Azure, Okta, Duo,...) - What is it from external (various stakeholder) perspectives that creates trustworthiness?
- Federation 2.0 worked looked across international federation, at governance
- Baseline Expectations next steps - how do we further value of Federation? What practices or conventions would increase trust & assurance?
- CTAB Working meeting (Tuesday Dec. 6 at 12:10)
- CTAB Work plan recap https://spaces.at.internet2.edu/display/ctab/ctab-2022-work-plan
- Open discussion - next needs, potential topics:
- How to make the InCommon Federation the go to solution
- Supporting assurance levels and enhanced communication
- National Landscape, NIH, NSF engagement
- Researcher Auth Service (RAS) is Identity provider https://datascience.nih.gov/researcher-auth-service-initiative
- Calling RAS an identity provider is an issue; it is an authorization system
- RAS expects one authentication that goes through RAS
- RAS embeds a signed token, there is a trust relationship for data access
- Muddies water between identity and authorization
- Calling RAS an identity provider is an issue; it is an authorization system
- NIH as key important player
- GA4GH https://www.ga4gh.org/ (tightly bound to OIDC)
- Overloading of OIDC
- Proxy for authentication
- How to make the InCommon Federation the go to solution
- CTAB Work plan recap https://spaces.at.internet2.edu/display/ctab/ctab-2022-work-plan
- REFEDs meeting on Sunday Dec. 5, 2022 will also cover Assurance https://refeds.org/45th-meeting-december-2022
Next CTAB Call: Tuesday, Nov. 29, 2022