CACTI Call Sept. 15, 2020 

Attending

 Members

  • Tom Jordan, University of Wisc - Madison (chair)  
  • Jill Gemmill, Clemson  (vice chair)  
  • Rob Carter, Duke    
  • Matthew Economou, InCommon TAC Representative to CACTI  
  • Michael Grady, Unicon  
  • Karen Herrington, Virginia Tech     
  • Christos Kanellopoulos, GEANT   
  • Les LaCroix, Carleton College  
  • Chris Phillips, CANARIE   

 Internet2 

  • Kevin Morooney    
  • Ann West    
  • Steve Zoppi    
  • Nic Roy  
  • Jessica Fink   
  • Emily Eisbruch  
  • Mike Zawacki    

 Regrets

  • Marina Adomeit, SUNET
  • Margaret Cullen, Painless Security
  • Nathan Dors, U Washington  
  • Bill Thompson, Lafayette College


New Action Items 

  • AI TomJ - draft a blog update on topics of interest being discussed by CACTI and the community
  • AI TomJ - add a few more questions to the proposed packaging/container survey around logs, and Tom will keep CACTI informed
  • AI, TomJ - Follow up with community member at SUNET on suggestions for CACTI members  
  • AI TomJ  - summarize the Sept 15 CACTI call discussion around the BEv2 consultation and bring this back to CACTI. If  approved, CACTI can provide feedback to the BEv2 consultation 
  • AI TomJ and Matthew will reach out to Research Collaboration individuals around serving on CACTI

Older Action Item 

  • AI TomJ - ask Ken for more clarity around the goal of the proposed consent survey

DISCUSSION

Announcements

  • Consensus on "higher ed registry" - TomJ sent email summary to Kevin on Sept. 8

  • EDUCAUSE security professional conference for 2021, will be online (Jill)
    There will be an Identity and Access Management Track


Status on CACTI/Component Architects/Trusted Access Platform Software Integration container / packaging survey (Tom)

    • Based on previous CACTI call discussion, Tom added additional questions to the proposed container/packaging survey around experience with DevOps
    • Comment: good additions 
    • Suggestion to add a question about logging
    • What is a good measure of maturity regarding logging?
    • Do logs go to centralized server?
    • Do they go to a “stack” , don’t want to be too jargony
    • Do you do alerting and signaling from your logs?
    • Logs only? Or do they trigger alters and response from your team?
    • There is  a connection w container orchestration and load balancing
    • Health checking versus operations check 
    • Logs can help IT    know of an issue before receiving the call saying, “I can’t sign into a needed app”
    • Question: how often is logging used to alert IT of apps not available?
    • Answer: Some orgs try “all of the above”  as methods to receive alerts
    • Combination of monitoring approaches, including looking in the logs
    • AI Tom will add a few more questions to the proposed packaging/container survey around logs, and Tom will keep CACTI informed

Baseline Expectations V2  Consultation open (until October 19) 

    • Baseline Expectations V2 community presentation and discussion is scheduled for Wednesday, September 23 at 2pm ET
    • See Blog Here https://incommon.org/news/feedback-sought-on-baseline-expectations-v2/
    • Question: What are  implications if SIRTFI is part of baseline and there is a need to upgrade to Shib v4?  Some IDPs may not be ready
    • Nic: could be an issue, needs to be resolved by IDP and SP operators
    • It will be a self assertion, need to follow best security practices
    • There will be guidance provided as part of the outreach and education around BEv2
    • CILOGON assumes everyone is at SIRTFI  (?)
    • Everyone wants to measure up, and software versions are different between institutions
    • Containers are key
    • Should we measure cycle time as part of the container/packaging survey?
    • Some administrators are reluctant to assert SIRTFI, from a legal perspective. In some cases the IT group may need to just assert it for BEv2
    • Should CACTI respond to the BEv2 consultation as a group, or as individuals?
    • Suggestion to do both
      AI TomJ will summarize the Sept 15 CACTI call discussion around the BEv2 consultation and bring this back to CACTI. If  approved, CACTI can provide feedback to the BEv2 consultation 

CACTI Membership for 2021

    • What  stakeholder groups should CACTI  solicit in the nomination process?
    • Community colleges
      • Community colleges often used Shib , but hard to find people willing to serve on InCommon advisory committees, has been tried to find people from community colleges for TAC
      • Jessica has a community college contact in Oregon who is interested in serving on InCommon advisory committees
    • Research    
      • Representative from big science organization, such as LIGO, NSF, Trusted CI, or  other big science organization
      • AI TomJ and Matthew will reach out to VonW around serving on CACTI (DO NOT INCLUDE IN PUBLIC NOTES)
    • Service Provider representation
    • More software developers


    •  Discussion on CACTI membership/nominations:
      • Christos: it is important to consider issues CACTI is discussing and what the value is to potential  CACTI members. 
      • In the past there was CACTI discussion on FIM4R , but perhaps the focus has shifted   away from research during 2020 ? 
      • Comment: CACTI focus is on trust and identity, and the more people at the table allows people to advocate for the direction of the discussions
      • There has indeed been some shift in CACTI focus in 2020, primarily as a result of the new challenges with pandemic
      • What do we think will be most important for CACTI in 2021?
      • Last CACTI call’s discussion focused on some specifics
      • Need for greater connection with standards work, IETF , W3C
      • Leif (SUNET) and others are very close to these collaborations
      • ChrisP:  Cloud will be a big focus. Apple will be an  important player
      • OpenID Connect topic, W3C , focus on IsLoggedIn 
    • AI, TomJ  Follow up with Leif, SUNET on suggestions for CACTI members
    • Next steps, finalize nomination by Sept 28
    • Oct 1 call for nominations
    • Review the Annual Member Cycle for Committees

    • Edits to this year’s Announcement for InCommon Advisory Committee Nominations. Due by September 28
    • Review the Annual Member Cycle for Committees 
    • The following people are scheduled to rotate off CACTI this year, please let Jessica (jfink@internet2.edu) know if you intend to self-re-nominate:
      1. Nathan Dors
      2. Jill Gemmill, Vice Chair
      3. Karen Herrington
      4. Tom Jordan, Chair
      5. Christos Kanellopoulos
      6. Les LaCroix
      7. Chris Phillips

Follow up on NET+ Service Providers and Identity Discussion from the Sept 1, 2020 CACTI call

  • Jill is a member of CSTAAC    https://spaces.at.internet2.edu/x/CY05CQ
  • Chris Phillips  attended the CSTAAC call on Thursday, Sept 10, 2020 and talked about Cloud experiences
  • A CSTAAC member commented that this is stuff we should be thinking more about
  • Focus on how federation will get to the cloud, need for Shib 4 and / or other tools
  • There is great opportunity for federation in a move to cloud.  
  • Smaller federations are already feeling the pinch of organizations saying things like  “I just want to use AZURE AD”
  • Risk that organizations may walk away from federation and adopt commercial solutions
  • InCommon TAC IDP as a Service report is relevant. See IdPaaS Home
  • Shib IDP SAML proxying is working, being validated, will this be the recommendation? 
  • Focus on how to configure
  • Takes technical acumen to “just put a proxy in front”
  • How to deal with commercial clouds and federations is key for CACTI in 2021

October committee-community webinar,  Wednesday 10/14 @2-3pm ET, (Tom, Jessica) 

  • This webinar will be the October  IAM Online, to share what advisory groups are doing
  • Sharing member experiences serving on advisory groups should help drive nominations
  • Hope to have a representative from CACTI on this webinar
  • Reach out to Jessica if you are interested

 Update to Community, a blog for Dean’s monthly Trust and Identity Newsletter

    •  Blog will focus on new technologies / issues to which we may want to call the community's interest  
    • Volunteers to draft a blog on one or more  of these issues for a quarterly update?  A paragraph each on these topics: 
    • AI TomJ will start a draft  of a blog update to the community on topics of interest being discussed by CACTI and the community
      Topics :
      • Federation-cloud bridge, possible collaboration with CSTAAC
      • OpenRoaming and eduroam
      • passwordless authn and you
      • FastFed


Parking Lot

  1. (From June 9, 2020 call) TomJ  - Add as an agenda item for a future CACTI call: Operationalizing containers

Next CACTI Meeting: Tuesday, September 29, 2020

 

 

  • No labels