CTAB Call Tuesday November 15, 2022

 Attending

• David Bantz, University of Alaska (chair)  
  
• Jon Miner, University of Wisc - Madison (co-chair) 
  
• Pål Axelsson, SUNET  
  
• Ercan Elibol, Florida Polytechnic University  
  
• Richard Frovarp,  North Dakota State  
  
• Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
  
• Rick Wagner, UCSD  
  
• Chris Whalen, Research Data and Communication Technologies  
  
• Jule Ziegler,  Leibniz Supercomputing Centre  
  
• Tom Barton, Internet2, ex-officio  
  
• Johnny Lasker, Internet2 
  
• Kevin Morooney, Internet2   
  
• Ann West, Internet2
  
• Albert Wu, Internet2
  
• Emily Eisbruch, Internet2   
  

 Regrets 

• Mike Grady, Liaison from CACTI to CTAB 
  
• Meshna Koren, Elsevier
  
• Andy Morgan, Oregon State University
  
• Dave Robinson, Grinnell College in Iowa, InCommon Steering Rep, ex-officio
  
• Robert Zybeck, Portland Community College
  

Discussion

• Intellectual Property reminder
  
• Agenda Bash
  

Working group / Committee liaison reports

• InCommon TAC discussed nominees and ongoing election of 2023 Committee 
  

• SEPWG SIRTFI Tabletop Exercise  is now in progress
  
  
• InCommon Steering Committee discussed nominees and 2023 slate of nominees submitted to InCommon.
  
  
  

InCommon Steering Committee review of CTAB recommended actions re Baseline Expectations v2: 

• At their Nov. 7, 2022 meeting, Steering expressed concern over some of CTAB’s recommendations around Baseline Expectations v2. 
  
• The concern centered on the proposed removal of metadata for entities lacking only the explicit affirmation of compliance with SIRTFI
  
• Steering noted entities are bound by terms of service and doubted a mandated affirmation would materially affect behavior in case of a security incident. 
  
• Steering expressed concern  over potentially strong negative perception of removing entities (particularly IdPs) that could cause disruption and damage InCommon’s reputation as a reliable partner. They requested intensified/renewed efforts to work with organizations, especially the Identity Providers.
  
• Revised recommendations have been formulated in response and provided to Steering; 
  
• Steering is currently voting (by email) on the revised recommendations.
  
• Current status is that if an entity does not as meet Baseline Expectations due to not asserting SIRTFI, the entity won’t be removed
  

CTAB Election - ballot

• Thanks to CTAB members who voted.
  
• David will coordinate with chairs of InCommon TAC and CACTI, since some individuals are considered for more than one advisory group.  Then the top vote getters will be notified.
• Albert will be coordinating the ballot for CTAB chair and vice chair
  
  

CTAB themes at 2022 TechEx in Denver

• Session Title: Increasing Trust and Assurance in InCommon Wednesday Dec. 7 at  8AM)  
  
• https://internet2.edu/2022-technology-exchange/2022-program/abstracts/#increasingtrust
  
  • Baseline Expectations next steps - how do we further value of Federation?  What practices or conventions would increase trust & assurance?
    
  • What IAM practices are needed as foundation of federated trust?
    
  • Expectations on Federation Operator(s) - i.e., I2?
    
  • Accommodating / facilitating IdPs designed without InC in mind
    (Azure, Okta, Duo,...)
    
  • What is it from external (various stakeholder) perspectives that creates trustworthiness?
    
  • Federation 2.0 worked looked across international federation, at governance 
    
    
• CTAB Working meeting (Tuesday Dec. 6 at 12:10)
  
  • CTAB Work plan recap    https://spaces.at.internet2.edu/display/ctab/ctab-2022-work-plan
    
  • Open discussion - next needs, potential topics:
    
    •  How to make the InCommon Federation the go to solution
      
    • Supporting assurance levels and enhanced communication
    •  National  Landscape, NIH, NSF engagement
      
    •  Researcher Auth Service (RAS) is  Identity provider https://datascience.nih.gov/researcher-auth-service-initiative
      
      • Calling RAS an identity provider is an issue; it is an authorization system
        
      • RAS expects one authentication that goes through RAS
      • RAS embeds a signed token, there is a trust relationship for data access
      •  Muddies water between identity and authorization
        
    • NIH as key important player
      
    • GA4GH  https://www.ga4gh.org/  (tightly bound to OIDC)
    • Overloading of OIDC
      
    • Proxy for authentication
      
      
• REFEDs meeting on Sunday Dec. 5, 2022 will also cover Assurance  https://refeds.org/45th-meeting-december-2022
  

Next CTAB Call: Tuesday, Nov. 29, 2022