CTAB Call Wed. July 18, 2018
Attending
- Brett Bieber, University of Nebraska (chair)
- Mary Catherine Martinez, InnoSoft (vice chair)
- David Bantz, University of Alaska
- Tom Barton, University Chicago and Internet2
- Chris Hable, University of Michigan
- Jon Miner, University of Wisc - Madison
- Ann West, Internet2
- Emily Eisbruch, Internet2
Regrets:
- Ted Hanss, University of Michigan
- Joanna Rojas, Duke
- Chris Whalen, National Institute of Health regrets
Action Item
- [A] Ann bring idea of stickers for BE improvement to TechEx planning committee Perhaps also R&S and SIRTFI
DISCUSSION
Baseline Expectations Tabletop Exercise
- Tuesday, July 10, 2018
- Baseline Expectations TableTop Exercise 1 on community consensus process
- Focused on a hypothetical question from a community member on “generally accepted security practices”
- Questions about SIRTFI were raised
- SIRTFI has low bar checklist of practices for IDP or SP
- Does CTAB think the SIRTFI checklist is sufficient?
- Should we require an entity to have the SIRTFI tag, (in a future version of BE)
- Good to have several members of InCommon staff present along with several CTAB members
- Engagement was successful
- Some discussion of CTAB’s approach to its own work
- Have an arc of consensus work for CTAB
- Who decides when there is the end of a certain stage of the consensus?
- Should the end of a stage go to CTAB?
- For decisions emerging from consensus, it was decided that there should likely be an Impact statement to InCommon operations and to the community
- If a change coming out of consensus will require substantial work from the community, there should be an expected cadence.
- For some issues that come up for consensus, should we schedule them for later?
- We could produce a series of events that could drive an arc of work to refine what baseline means
- Clarifications of v1 of baseline expectations, work towards v2 of baseline expectations
- There will be work by InCommon staff on the COmanage steps involved in the consensus process
- Monday July 23, 2018 at 10am ET
- Baseline Expectations TableTop Exercise 2 on dispute resolution
- Hope for additional feedback
Close of consultation for Community Consensus Process Doc was July 17, 2018
- [AI] Brett will update the Consensus Process Doc rules of the road for issue around discussion list being publicly archived (item 5) DONE https://docs.google.com/document/d/1Ao-ZO9hfWMuSh0KHMegZV3S8ETS1jM1hIk8hmy_UjFI/edit
- Next steps?
- When the doc is updated, and CTAB accepts this doc, it goes into the Doc Stewardship repository Emily and Brett will coordinate on this, including on an email from Brett to the community about the final version.
Progress from the field on meeting BE compliance
- CTAB will decide in coming weeks on timetable to tell InCommon Ops to require compliance in the federation manager
Progress is being made on IDP and SP compliance with BE, compliance percentages are climbing
- DavidW and ReneeS are making good progress in their outreach around BE. They are using the prioritized list, as suggested by CTAB. Low response rate to their emails. But some orgs may see the email outreach and work to comply without responding to the email. However they have learned things from those they’ve talked with. Seems policy issues (around logo for example) are not a huge impediment
- Next step may be a note to CIOs of organizations that are not meeting baseline expectations.
- Notes to management seem to have more impact than notes to site admins.
- Having a date helps… “can you meet baseline by end of July?” often gets action
- Low response from sponsored partners so far.
- Reaching out to the IDPs that have sponsored corporate partners may be a good approach
- Next steps: DavidW and ReneeS will make a few more calls. Then will create a written summary of their efforts.
- Oct. is cyber security month and also TechEx. Suggestion to give stickers for those who have improved.
- [A] (Ann) bring idea of stickers for BE improvement to TechEx planning committee
CTAB at TechEx 2018
Final report of the Attributes for Collaboration and Federation WG (Brett)
- Report is linked from box at top of this wiki page:
- There is a recommendation impacting Baseline Expectations, a requirement for attribute release , likely for BE version 2
Recommendations 4.1 Make R&S support a requirement in Baseline Expectations InCommon strongly recommends R&S attribute release by its IdP Participants (cf. https://www.incommon.org/federation/attributes.html ), although how broadly this is understood is not known. The WG recommends that a requirement to do so be added to a future version of the Baseline Expectations for Trust in Federation. Additionally, the TIER Shibboleth IdP distribution should have R&S |
Next CTAB call - Wed. Aug 1, 2018