CTAB Tuesday, January 28, 2020
New Meeting Date/Time Tue 1PM ET / 10 AM PT
Attending
Regrets
Jule Ziegler, Leibniz Supercomputing Centre
- Chris Hable, University of Michigan
- Rachana Ananthakrishnan, Globus, University of Chicago
Ercan Elibol, Florida Polytech Institute
New Action Items from this call
- AI ChrisW conduct a doodle poll or other survey to find out what will work best for a 2020 CTAB F2F
- AI Albert work with a CTAB volunteers (Pal, perhaps DavidB and Brett and Jon) to create and present a Global Summit lightning talk
Discussion
Face to Face CTAB meeting in 2020
- Potential locations:
- Internet2 Global Summit - March 29 to April 1, 2020 in Indianapolis
- BaseCAMP in Milwaukee, June 24-26, 2020
- GÉANT -Stockholm in March 24-25, 2020 https://eventr.geant.org/events/3250
- TechEx 2020 -: 2020 TechEx is Oct 05–08, 2020 Location TBA
- Eric C, John P: likely to attend TechEx
- AI ChrisW will conduct a doodle poll or other survey to find out what will work best for a 2020 CTAB F2F
2020 Global Summit Lightning Talk
- Target audience at Global Summit may have shifted over the years to more CIO and fewer technical attendees
- AI Albert work with a CTAB volunteers (Pal, perhaps DavidB and Brett and Jon) to create and present Global Summit lightning talk
Community consensus and specific steps needed for Baseline Expectations V2 (Tom)
- https://www.incommon.org/federation/community-consensus/
- Graphic in Appendix A is helpful in understanding the community consensus process
- CTAB needs
- CTAB moderator/convener identified (this will be important role)
- wiki page established with info as described in the doc
- email list for this instance of the community consensus process (consensus-TOPIC-discuss list)
- An initial BE v2 proposal from CTAB (Publish a position, problem statement, or proposal that will serve to focus this discussion.)
- The process includes outreach to the community (InCommon participants list) to kick off the process
- Inviting community members to sign up for the consensus-TOPIC-discuss email discussion email list
- CTAB members may need to reach out to get people to sign up for the consensus-TOPIC-discuss email list so all stakeholders are represented
- There will be Initial Q&A
- Will try to achieve an Initial consensus
- Moderator will announce what the rough consensus seems to be
- There will be a revision of the initial proposal
- Moderator will report to the InCommon participants list
- CTAB will have netted out consensus position
- Another Q&A period (last chance)
- Updates will be made on the wiki page, a record of how it went
- Revision to baseline expectations https://www.incommon.org/federation/baseline-expectations-for-trust-in-federation/
- Do implementation planning
- Go thru Internet2 community consultation process (4-6 weeks)
- Question: what is the relationship between the proposal doc and the BE Draft v2 doc and the clarification doc (linked below)?
- Answer: The initial proposal doc for the consensus process is neither the BE Draft v2 doc nor the clarification doc. To kick off community consensus, we need a more explanatory community consensus proposal doc.
- The Community Consensus proposal doc may reference BE v2 Draft doc and the clarification doc
- Question: should we include in the community consensus proposal doc these longer-term goal items that are not in immediate scope for 2020?
- Support for REFEDs MFA profiles (for future)
- Support for Attribute bundles such as R&S Bundle (for future)
- Thoughts: could have a backlog section in the community consensus proposal doc.
- TomB: suggestion that we cover a more limited list in the community consensus proposal communications
Who will be the moderator for this consensus process?
- DavidB is interested, but should the moderator be someone besides the CTAB chair?
- Jon Miner is interested in serving as moderator but is busy for next few weeks and does not have time to draft the consensus proposal doc
- Albert can help draft the consensus proposal doc
- DECISION: David Bantz will be moderator of this initial community consensus process
Operational/technical constraints on measuring/enforcing BE (Nick)
- This is a discussion to provide background on other activities on in Trust and Identity operations that may impact baseline expectations work
- Nick likes the priorities for this proposed version of Baseline Expectations
- There is a current focus within Trust and Identity on updating the internal Identity Management infrastructure
- Internet2 is deploying Trusted Access Platform (COmanage and Grouper and SATOSA proxy) to manage working groups and more.
- This work can help with InCommon contact management
- InCommon Federation Contact Information
- For contact information, the InCommon’s data was not in good shape previously, but BE V1 helped get it much improved
- There is much business process wrapped around changes to InCommon contacts
- Workload for the InCommon registration authority staff
- Have wanted to automate
- The plan is to integrate Federation manager with the IdM platform
- Allowing InCommon execs or their delegates to manage the InCommon roles
- Will help maintain the contact data
- Must get IDM work done for the integration into Federation Manager
- A consultant is working on this
- It feeds into the work being done for Baseline Expectations
- Likely timeframe: End of 2020 before InCommon contact checking will be ready
- Security operations and measurement and enforcement of SIRTFI
- Shannon Reddy of InCommon is working on endpoint analysis
- Some backend work is needed to support this
- Likely: End of 2020 before this work is done
- Concern: Could be a disservice to SIRTFI to have organizations say they are capable of doing SIRTFI if they are not actually willing to commit to do the things needed
- May want to find a way to encourage community support for SIRTFI without requiring it as a checkbox for BE v2
- It was noted that what we’re asking around SIRTFI in the current draft is pretty modest
- We talked about making SIRTFI V1 adherence a BE element
- There are a few operational requirements for this
- Some organizations may need operational work to handle SIRTFI
- Could be intimidating to some organizations
- TomB: Baseline Expectations must go some places that are challenging for organizations
Proposed (New in DRAFT BE 2.0) The IdP complies with the requirements of the REFEDS Security Incident Response Trust Framework v1.0 for Federated Identity and attests compliances in the Federation Manager [Sirtfi]. (New in DRAFT BE 2.0) The SP complies with the requirements of the Security Incident Response Trust Framework v1.0 for Federated Identity. [Sirtfi] |
- Thanks to Nick for joining this CTAB call, providing helpful input on practical aspects of proposed BE v2 items
Not discussed on this call
- (10 min) Rough timeline (all) [postponed]
- (10 min) Review unresolved questions in statements on BE v2 (all) [postponed]
Next CTAB Call: Tuesday, Feb 11, 2020