CTAB Call Tuesday February 7, 2023
Attending
Jon Miner, University of Wisc - Madison (co-chair) (led this CTAB call)
Tom Barton, Internet2, ex-officio
Matt Eisenberg, NIAID
Ercan Elibol, Florida Polytechnic University
Richard Frovarp, North Dakota State
Eric Goodman, UCOP - InCommon TAC Representative to CTAB
Mike Grady, Unicon
Johnny Lasker, Internet2
Kyle Lewis, Research Data and Communication Technologies
Andy Morgan, Oregon State University
Kevin Morooney, Internet2
Andrew Scott, Internet2
Rick Wagner, UCSD
Ann West, Internet2
Albert Wu, Internet2
Emily Eisbruch, Independent, scribe
Regrets
Warren Anderson, LIGO
Pål Axelsson, SUNET
David Bantz, University of Alaska (chair)
Scott Green, Eastern Washington U
Meshna Koren, Elsevier
Pre-reads: draft 2023 CTAB Work Plan
Discussion
- Internet2 Intellectual Property Reminder: https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
- Disclaimer: The meeting proceedings (minutes) are published. If you wish to discuss items that you do not wish to be included in the published notes, please mention it so the scribe can note the exception.
Working Group Updates
- BE v2 (defer to work item 2 - operationalizing) (Albert)
- Work on assessing when an entity is out of adherence with baseline expectations
- Work on assessing when an entity is out of adherence with baseline expectations
- REFEDS Assurance (Kyle)
- Going through comments to get ready for release
- Going through comments to get ready for release
- REFEDS MFA (Albert)
- Looking at consultation feedback
- Significant feedback received
- Thanks to everyone who participated in the consultation
- Looking at consultation feedback
- CACTI (Richard)
- Password managers discussion
- May move to a single CACTI meeting per month, twice as long
- Password managers discussion
- InCommon TAC (Eric)
- Looked at accomplishments from 2022 and TAC draft work plan for 2023
- Looking at NIST review, pre outreach from Tom Barton
- Looked at accomplishments from 2022 and TAC draft work plan for 2023
- SIRTFI exercise round 2 - Call for participation: https://spaces.at.internet2.edu/display/federation/call-for-participation-2023-sirtfi-exercise-wg
- 8 people signed up!
- Kyle looking for a new chair
- Question: are there different levels of participation?
- Answer : you don’t need to be part of the planning group to do the tabletop exercise
- In 3-4 months there will be a call for participation in the exercise
- 8 people signed up!
- NIST 800-63-4 comments (co-work with TAC & CACTI)
- Slack channel set up; 21 people in channel
- 18 people with update access to the google shared drive
- Editorial group identified and scheduled
- Slack channel set up; 21 people in channel
- BE v2 (defer to work item 2 - operationalizing) (Albert)
Finalize 2023 CTAB Work Plan
- CTAB and InCommon Operations leadership looked at bandwidth (capacity)
We will try to maintain two active items on the CTAB workplan - currently working on
1) SIRTFI exercise and
2) NIST 800-63 Rev 4 consultation - review and feedback, - SIRTFI is under control, so we can have one more active currently
- CTAB and InCommon Operations leadership looked at bandwidth (capacity)
- Item 3 on CTAB workplan: Clarity on BE enforcements / operationalizing Baseline should be a priority this year
- InCommon ops team is working on mechanism to detect anomalies
- Metadata accuracy - key contacts, URL, etc
- Contacts management / checking
- Endpoint encryption technical process
- CTAB needs to clarify what to do with info on out of compliance entities
- Process/procedure for escalation and timeframes.
- AI -Jon and Albert? reach out to Warren about getting work on moving this item along
- Group discussed workplan item 5. Framing the next chapter of federation maturity
- Need to review all the existing documents on best practices and make the wisdom more widely available
- Potential dimensions important to trust in federation interoperation:
- IAM practices - assurance, identity lifecycle management, account mgmt (linking, mapping, decorations)
- data standards / use - schemas, entity categories, etc.
- technical interoperability (SAML, SAML2Int, etc)
- Security and operational practices
- User experience / support
- Others?
Next CTAB Call: Tuesday, Feb 21, 2023