November 3, 2020

 Attending

  • David Bantz, University of Alaska (chair)  
  • Pål Axelsson, SUNET  
  • Brett Bieber, University of Nebraska  
  • Rachana Ananthakrishnan, Globus, University of Chicago   
  • Tom Barton, University Chicago and Internet2, ex-officio  
  • Ercan Elibol, Florida Polytechnic University 
  • Richard Frovarp,  North Dakota State 
  • Jon Miner, University of Wisc - Madison  
  • John Pfeifer, University of Maryland  
  • Marc Wallman, North Dakota State University, InCommon Steering Rep, ex-officio  
  • Chris Whalen, Research Data and Communication Technologies  
  • Jule Ziegler,  Leibniz Supercomputing Centre 
  • Johnny Lasker, Internet2  
  • Ann West, Internet2
  • Jessica Fink, Internet2  
  • Albert Wu, Internet2  
  • Emily Eisbruch, Internet2 

 Regrets 

  • Mary Catherine Martinez, InnoSoft (vice chair)
  • Robert Zybeck, Portland Community College
  • Chris Hable, University of Michigan
  • Eric Goodman, UCOP - TAC Representative to CTAB  
  • Kevin Morooney, Internet2

Discussion

CTAB membership recruitment

    • Annual Member Cycle for Committees
    • CTAB has four open slots, there are nine nominations for those slots
    • Two current CTAB members have renominated
    • Maximum CTAB can accept is four to stay within limit of 13 CTAB members
    • Next step will be a ballot for CTAB to vote
    • AI Jessica will prepare CTAB ballot


    • Results can be finalized via email
    • Voting for CTAB chair will happen in December
    • CTAB calls in December are December 1  and December 15 
    • CTAB is advisory to InCommon Steering and the proposed new CTAB members must be approved by Steering.
    • InCommon Steering meets on Dec 7, 2020 and could validate the new CTAB membership then 


Baseline Expectations Version 2

    • InCommon Steering officially approved BEV2
    • Albert will take necessary steps for these two BEv2 documents to be added to the Trust and Identity Document Repository:
    • Albert will update BEV2 wiki in the coming week to emphasize implementation and timeline
    • There will be targeted communications to organizations not in compliance with BEv2.  
    • The plan is to send out these targeted communications starting in January 2021
      • May find some contact information that is out of date and will need to  address that

  • Endpoints Security Testing
    • There are two primary buckets for entities not meeting endpoint security
      •  1. Entity is not encrypting endpoints at all (small number) 
      • 2. Entity is not scoring “A” in recent endpoint testing (larger group) 
    • Question: will we use SSL labs data to determine which organizations are not in compliance with endpoints requirements?
    • Albert:  Shannon Roddy is evaluating an open source testing approach, possibly instead of SSL labs testing

  • Error URL Requirement in BEV2
    • We may want to help IDP operators understand how to meet the BEv2 Error URL requirement.
      • Provide guidance beyond what is in the current implementation  guide
      • Should we push to get organizations to adopt the REFEDs errorURL handling spec. ?
        •  Requirements in REFEDs errorURL handling spec are on the IDP side
        • REFEDs errorURL handling spec requires a dynamic ERROR URL page
        • BEV2 only requires a static page
        • Decision:  we should say something lightweight about the REFEDs ERROR URL spec, but not push it too hard, since it’s in early stages as far as adoption and testing. 

Implementation Planning for BEv2

    • There is an implementation plan for BEv2 , including using regular bimonthly Trust and Identity newsletters. 
    •   Suggestion to create an FAQ for each of the new BE requirements
    • No date set yet for BEv2 office hours and webinars, thinking was that we will wait to see the level of demand. 
    • Suggestion for a series of blog posts and webinars, as we did for BEv1.  
    • For 2020, a blog post announcing that InCommon Steering has approved BEv2 makes sense. 
    • For 2021, a webinar where an organization that has come into compliance with BE explains their process in achieving that compliance could be very helpful to the community.
    • For new entities joining InCommon, InCommon should tell them what is coming in BEv2, so expectations are clear

Preparation for CAMP/ACAMP - BEv2 launch

    •  CAMP program  
      • Baseline Expectations 2021: increased assurance and interoperability
      • Tuesday, Nov. 17, 2020, 10:45 am - 11:35 am
      • Speaker:  David Bantz (Univ. of Alaska and chair, InCommon Community Trust and Assurance Board)
      • Abstract: Baseline Expectations for InCommon participants are being enhanced to require TLS for all URLs, SIRFI security incident framework, and IdP error URL. Bring your questions or concerns about implementing the new expectations, or for possible future requirements (perhaps MFA or entity categories such as R&S).
    • Hoping other CTAB members will join this CAMP program and the planning
    • There will be a planning session for the Nov. 17 CAMP presentation  
      • Monday, Nov. 9, 5pm ET 
      • ChrisW and JonM expressed interest in joining
      • Albert or David will send a reminder at end of this week

    • Anticipate ACAMP discussion? (Did not discuss on this call)

 Next CTAB call: Tuesday December 1, 2020

  • Note: Tuesday, Nov. 17 CTAB call - cancelled due to CAMP 
  • No labels