CTAB Call Tuesday, August 24, 2021

Attending

• David Bantz, University of Alaska (chair) 
  
• Brett Bieber, University of Nebraska (vice chair) 
  
• Pål Axelsson, SUNET  
  
• Rachana Ananthakrishnan, Globus, University of Chicago 
  
• Ercan Elibol, Florida Polytechnic University  
  
• Richard Frovarp,  North Dakota State  
  
• Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
  
• Andy Morgan, Oregon State University  
  
• John Pfeifer, University of Maryland   
  
• Dave Robinson, Grinnell College, InCommon Steering Rep, ex-officio  
  
• Chris Whalen, Research Data and Communication Technologies   
  
• Jule Ziegler,  Leibniz Supercomputing Centre  
  
• Robert Zybeck, Portland Community College   
  
• Johnny Lasker, Internet2  
  
• Kevin Morooney, Internet2  
  
• Ann West, Internet2 
  
• Netta Caligari, Internet2  
  

Regrets

• Tom Barton, Internet2, ex-officio
  
• Meshna Koren, Elsevier
  
• Jon Miner, University of Wisc - Madison
  
• Albert Wu, Internet2 regrets
  
• Emily Eisbruch, Internet2, regrets
  

 Discussion

 Intellectual Property reminder

Reminder: register for CAMP / ACAMP if you have not done so https://incommon.org/academy/camp-meetings/2021-camp-week/

Blog on Baseline Expectations 

• Thanks to David Bantz for authoring this blog on Baseline Expectations, dated Aug. 26, 2021, “Good News and More News Regarding InCommon Baseline Expectations”
  
• https://incommon.org/news/good-news-and-more-news-regarding-incommon-baseline-expectations/
  

Working Group / Related Committee updates

• InCommon TAC  
  
  • EricG was not able to attend the last InCommon TAC meeting
    
  • InCommon TAC has been  working on Deployment Profile
    
  • David Walker has been active in that effort
    
    
• REFEDS Assurance WG 
  
  • https://wiki.refeds.org/display/GROUPS/Assurance+Working+Group
    
  • Jule -  last week’s meeting discussed section 3.1 about identifier uniqueness. The goal is to present it in a more understandable way.
    
  • Facilitating transition of EduPersonPrincipalName to identifiers that are really unique and persistent.  
    

• REFEDS MFA Sub Group
  
• https://wiki.refeds.org/display/GROUPS/MFA+Subgroup
  
• Hope to present a 3-hour workshop around MFA
  
• Workshop was suggested by Albert 
  
• AnnW noted that NIH is interested in attending this workshop
  

• Assured Access Working Group
  
• Final Report is now in the document Repository
  
• https://spaces.at.internet2.edu/display/TI/TI.157.1
  
• Assured Access working group work is complete
  
• There will be a combined CAMP session Monday Oct 4th on the work of the Assured Access Working Group and the REFEDS assurance working group
  
• Discussing guidance document for Version 1 of REFEDs assurance framework
  
• Planned changes for next iteration of REFEDs assurance framework
  
• AnnW noted there are several NIH related sessions at CAMP, including 
  
• a BOF on MFA, 
  
•  NIH session that will focus on the Sept 15 deadline and what upcoming assurance requirements deadlines are, 
  
• session looking at proxies in the federation
  
  
  

Upcoming CTAB election: member rotation / recruiting / etc. 

• Netta reported on advisory committee rollover process
  
• August and Sept: Netta will connect with flywheel (Albert)
  
• Three people are scheduled to roll off CTAB; however there are no term limits, so current members scheduled to roll of can be renominated
  
• October at CAMP and ACAMP: good chance to do recruitment
  
• November: new roster will be chosen
  
• Jan / Feb 2022 : new year and onboarding of new members
  
• Priorities for outreach to potential new CTAB members:
  
• There is always  a need for more voices from the Service Provider community
  
• One CTAB member suggests encouraging an individual from the Library community on his camp
  
• Proxies and science gateways
  
• Individuals involved with NSF
  
• As part of recruitment, CTAB should look at what’s on the CTAB roadmap, including MFA issue
  
• It will be helpful to include info on community involvement in our CAMP / ACAMP presentations, including how to express interest
  
• IAM Online for September 15 will focus on recruitment for community/advisory groups
  
• You’re the Boss! Getting Involved with InCommon Community Groups
  
• Sept. 15, 2021
  
• 2 p.m. ET | 1 p.m. CT | Noon MT | 11 a.m. PT
  

BEv2 Progress - Dashboard

• Restarting the bi-weekly targeted emails around BEv2 this week.
  
• Some “flat lining” of organizations making progress on meeting BEv2
  
• Campuses may be occupied with back to school tasks
  
• The timeline shows that in mid-December CTAB may need to start doing outreach to non complying entities
  
  
  

Endpoint Encryption Scenarios review 

• Discussed Scenario 1: Legacy Browser Support
  
• What are possible legal ramifications if CTAB is lenient around the need to continue with legacy browsers that don’t support TLS 1.2+ and/or newer ciphers?
  
• Organizations will need to  have a plan to address this situation.
  
• It was noted that organizations will not want to be publicly identified as having substandard security. 
  
  • Use a “naughty list” ?
    
• Will the info be available for other organizations to access and make decisions based on? (a non compliance entity category)
  
• We don’t want to have a two tier federation
  
• We don’t have  waivers for other aspects of Baseline Expectations
  
• It will be challenging to scale the process if we provide waivers 
  
• Noted it would be helpful to get a new Qualys SSL scan with endpoint encryption results
  • there was a  scan on Aug. 12, 2021 for entities not previously getting a grade of A  
    
• Suggestion to gather community input on mitigation approaches to supporting legacy browsers
  
• This is the kind of issue a security architect would look at your network configuration to address.  There is  only so much detail we're going to be able to  provide here.
  
• Summary: we want the entire federation to adopt  the same set of practices, the same baseline expectations.
  This implies each federation participant must adhere now or have a plan for mitigation and then a process for checking up on that plan
  
  

Not discussed on this call

• Happenings in entity categories - primer and next steps
  
• SA Entity Categories (anonymous and pseudonymous) 
  
• R&S 2.0
  
• CTAB at CAMP - what would CTAB like to talk about? 
  
• How would CTAB like to leverage ACAMP?
  
• https://www.incommon.org/academy/camp-meetings/2021-camp-week/
  
  

Next CTAB Call: Tuesday, Sept. 7, 2021