Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


CTAB Call Tuesday March 21, 2023 


Warren Anderson, LIGO 
David Bantz, University of Alaska (chair) 
Ercan Elibol, Florida Polytechnic University 
Richard Frovarp,  North Dakota State 
Eric Goodman, UCOP - InCommon TAC Representative to CTAB

Mike Grady, Unicon  

Johnny Lasker, Internet2  

Kyle Lewis,  Research Data and Communication Technologies  

Jon Miner, University of Wisc - Madison (co-chair) 
Andy Morgan, Oregon State University  

Rick Wagner, UCSD  
Albert Wu, Internet2  


Pål Axelsson, SUNET 
Tom Barton, Internet2, ex-officio regrets
Matt Eisenberg, NIAID 
Scott Green, Eastern Washington U 
Meshna Koren, Elsevier 
Kevin Morooney, Internet2
Andrew Scott, Internet2
Ann West, Internet2 
Emily Eisbruch, Independent, scribe


Working Group updates

  • NIST 800-63-4 review
    • InCommon NIST 800-63-4 Review - Google Drive 
    • Deadline for submitting comments was extended to April 14, 2023
    • Anyone reflect on NIST webinars re 800-63-4?
      • The last one was the most useful. :)
        • This is from the standpoint of the webinar providing context for the specific written expectations in the draft documents. 
        • The first two talked more broadly about the DEI goals of the standard and why DEI is important (e.g., to ensure we don’t exclude populations that might not have identity documents, or might be disadvantaged wrt/technology). Those are important goals, but they were a little less directly focused on requirements as written in the draft standard. 
      • Watch this web page: recordings are posted typically 2 weeks after the event under each session’s intro: 
      • There have been conversations around
        • lack of distinction between IAL levels
        • trusted referees
        • several issues around federation 
        • issue around what is PII in the docs
    • Additional Comments
      • There will be a requirement for stronger proofing for the population that can access certain resources.
      • There may be some pushback for campuses where IAL2 is not possible so MFA is required.
      • Resource providers are getting serious about requirements.  
        • We want to work towards resource providers having a consistent ask and towards limiting requirement sprawl. 
      • Tom Barton is taking the lead on filling out the comment matrix
      • Eric Goodman is participating on the editorial board

  • SIRTFI Exercise Working Group
    • Meeting every two weeks at this time
    •  Kyle was  appointed the chair
    • Planning a workshop alternative to online week-long exercise
    • Charted out engagement opportunities at various conferences
    • TechEx in Sept. will be before the tabletop exercise this year,
      • so at TechEx we will preview the exercise (exercise likely will be scheduled for Oct. but TBD)
    • Meeting once a month, no meeting since last CTAB meeting

  • RAF
    • No significant update…progress on RAF 2.0 continues towards public consultation

    • Mostly focused on session length and need/expectation for ForceAuthn.
    • Leaning towards proposing a third identifier “MFA Now” requiring all factors be authenticated for immediately (what many people think of as “ForceAuthn”, but it is more specific about how/when factors should be challenged)
    • There was discussion of proving your compliance to federation, not self asserted, getting federation stamp of approval, value federation could bring, beyond baseline expectations
    • Are we delivering trust? 
    • Does REFEDs MFA serve its purpose for our community?
    • CTAB concerns: how do we encourage REFEDs MFA use so we can deliver trust in federation? How do we help participants understand how to use REFEDs MFA?
    • This group is open, please join if you can help

  • InCommon TAC
    • No meeting (directed people to NIST webinar instead)

  • Operationalizing Baseline Expectations Group - progress / review (next time)

FedCM hackathon updates (Nicole Roy)  <---- postponed till future call

  • REFEDS Community Chat on Federated identity and Browsers and Hackathon - update
    Thursday, 23 March @ 08:00 PT / 16:00 CET -> 

TechEx 2023 Session Proposal 

  • Info on TechEx 2023 in Minneapolis, Sept 18-22
  • Proposals are due April 7
  • Agreed that CTAB should present an update at TechEx 2023, to include:
    • discussion on operationalizing Baseline Expectations
    • start conversation on next chapter of Baseline or after Baseline Expectations
    • Encourage conversation for ACAMP, intro to key topics
    • NIST assurance levels
    • REFEDs MFA
    • Albert, David and Jon will prepare a placeholder proposal for TechEx

  • Reminder: In 2019 at New Orleans TechEx, CTAB and TAC did a joint update

Next CTAB Call: Tuesday, April 4, 2023