CTAB Call Tuesday February 7, 2023

Attending

Jon Miner, University of Wisc - Madison (co-chair) (led this CTAB call)
Tom Barton, Internet2, ex-officio
Matt Eisenberg, NIAID
Ercan Elibol, Florida Polytechnic University
Richard Frovarp, North Dakota State
Eric Goodman, UCOP - InCommon TAC Representative to CTAB
Mike Grady, Unicon
Johnny Lasker, Internet2
Kyle Lewis, Research Data and Communication Technologies
Andy Morgan, Oregon State University
Kevin Morooney, Internet2
Andrew Scott, Internet2
Rick Wagner, UCSD
Ann West, Internet2
Albert Wu, Internet2
Emily Eisbruch, Independent, scribe

Regrets

Warren Anderson, LIGO
Pål Axelsson, SUNET
David Bantz, University of Alaska (chair)

Scott Green, Eastern Washington U
Meshna Koren, Elsevier

Pre-reads: draft 2023 CTAB Work Plan

Discussion

Internet2 Intellectual Property Reminder: https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
Disclaimer: The meeting proceedings (minutes) are published. If you wish to discuss items that you do not wish to be included in the published notes, please mention it so the scribe can note the exception.

Working Group Updates

- BE v2 (defer to work item 2 - operationalizing) (Albert)
  - Work on assessing when an entity is out of adherence with baseline expectations
- REFEDS Assurance (Kyle)
  - Going through comments to get ready for release
- REFEDS MFA (Albert)
  - Looking at consultation feedback
  - Significant feedback received
  - Thanks to everyone who participated in the consultation
- CACTI (Richard)
  - Password managers discussion
  - May move to a single CACTI meeting per month, twice as long
- InCommon TAC (Eric)
  - Looked at accomplishments from 2022 and TAC draft work plan for 2023
  - Looking at NIST review, pre outreach from Tom Barton
- SIRTFI exercise round 2 - Call for participation: https://spaces.at.internet2.edu/display/federation/call-for-participation-2023-sirtfi-exercise-wg
  - 8 people signed up!
  - Kyle looking for a new chair
  - Question: are there different levels of participation?
  - Answer : you don’t need to be part of the planning group to do the tabletop exercise
  - In 3-4 months there will be a call for participation in the exercise
- NIST 800-63-4 comments (co-work with TAC & CACTI)
  - Slack channel set up; 21 people in channel
  - 18 people with update access to the google shared drive
  - Editorial group identified and scheduled

Finalize 2023 CTAB Work Plan

- CTAB and InCommon Operations leadership looked at bandwidth (capacity)
  We will try to maintain two active items on the CTAB workplan
- currently working on
  1) SIRTFI exercise and
  2) NIST 800-63 Rev 4 consultation - review and feedback,
- SIRTFI is under control, so we can have one more active currently

Item 3 on CTAB workplan: Clarity on BE enforcements / operationalizing Baseline should be a priority this year

InCommon ops team is working on mechanism to detect anomalies

Metadata accuracy - key contacts, URL, etc
Contacts management / checking
Endpoint encryption technical process

CTAB needs to clarify what to do with info on out of compliance entities

Process/procedure for escalation and timeframes.

AI -Jon and Albert? reach out to Warren about getting work on moving this item along

Group discussed workplan item 5. Framing the next chapter of federation maturity

Need to review all the existing documents on best practices and make the wisdom more widely available
Potential dimensions important to trust in federation interoperation:

IAM practices - assurance, identity lifecycle management, account mgmt (linking, mapping, decorations)
data standards / use - schemas, entity categories, etc.
technical interoperability (SAML, SAML2Int, etc)
Security and operational practices
User experience / support
Others?

Next CTAB Call: Tuesday, Feb 21, 2023