CACTI notes of Tuesday, January 17, 2023
Reminders
- Transparency is a critical part of CACTI's duty to the community. Please promptly approve, edit (or indicate reason for disapproval) of minutes after they are posted.
- We now have the required four approvals for the notes of the 2022-October-25 CACTI call – thanks to all who reviewed them for keeping us up to date!
Pre-Read Materials:
- Notes of December 8, 2022 CACTI public working meeting at TechEx - We need four approvals, please!
- Slide deck for today's call
- LastPass Breach announcement: https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
Action Item Review:
Agenda
Attending: Les LaCroix, Rob Carter, Kevin Mackie, Derek Owens, John Bradley, Margaret Cullen, Marina Krenz, Stoney Gan, Kevin Hickey, Gareth Wood
With: David Walker, Kevin Morooney, Nicole Roy, Steven Premeau (TAC representative), Richard Frovarp (CTAB representative), Ann West, Mike Grady, Steve Zoppi
Regrets: Barry Johnson, Erik Scott
- Administrivia
- Please say your name when you start to speak, until we learn each others' voices
- Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
- It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
- Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
- Please use the CACTI scribing doc
- Internet2 Intellectual Property Agreement reminder
- CACTI Charter pointer
- Agreements:
- Volunteer(s) to scribe (new standing item)
- Agenda bash
- Announcements
- Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
- Main Business
- Introductions, welcome to CACTI, framing CACTI's work (Margaret, All)
- Time zones
- US Pacific, one fan of early morning meetings (Kevin Mackie / David Walker / Steve Zoppi)
- New Zealand (meeting time is 5 a.m., maybe we could move later in the day to accommodate Gareth?)
- Mountain TZ (Nicole Roy, CACTI flywheel / Ann West)
- Eastern TZ (Margaret / Rob / Derek (ND-Indiana) / Stoney / Kevin H / Steven P / Kevin Morooney / Marina Krenz (IU-Indiana))
- Central TZ (Les / Richard / Mike Grady)
- Chilean mainland time (John) (E. Greenland/US Eastern at various times of year)
- How we want CACTI to work going forward (logistics, etc.)
- Slide deck
- CACTI is a standing committee to provide long-term (measured in years) strategic input
- Proposal. Current meetings are bi-weekly for 1 hour. Can CACTI be more effective by moving meetings to every 4 weeks for 2 hours? The change would allow for better preparation (pre-reads) and greater depth of discussion during the meetings
- The Slack channels and mailing list will be important communication channels if the meeting is moved to every 4 weeks for 2 hours.
- Strategic response to LastPass Breach?
- The impact of the initial August breach has continued to increase. Credential stores stolen
- Is there a strategic vision CACTI can present? Passwordless? Is passwordless too far for most organizations? Is MFA the better short-term step forward?
- LastPass is an example of the more generic issue of a large quantity of secrets stored in a central repository
- Sub-group - throw up a google doc, do some async work, maybe one meeting, try to get an article together before the next CACTI call
- Kevin Hickey
- John Bradley (limited by summer vacation coming up)
- David Walker
- Steven Premeau
- Gareth Wood
Next Meeting: Tuesday, January 31, 2023