CTAB Call Tuesday February 7, 2023
Attending
Jon Miner, University of Wisc - Madison (co-chair) (led this CTAB call)
Tom Barton, Internet2, ex-officio
Matt Eisenberg, NIAID
Ercan Elibol, Florida Polytechnic University
Richard Frovarp, North Dakota State
Eric Goodman, UCOP - InCommon TAC Representative to CTAB
Mike Grady, Unicon
Johnny Lasker, Internet2
Kyle Lewis, Research Data and Communication Technologies
Andy Morgan, Oregon State University
Kevin Morooney, Internet2
Andrew Scott, Internet2
Rick Wagner, UCSD
Ann West, Internet2
Albert Wu, Internet2
Emily Eisbruch, Independent, scribe
Regrets
Warren Anderson, LIGO
Pål Axelsson, SUNET
David Bantz, University of Alaska (chair)
Scott Green, Eastern Washington U
Meshna Koren, Elsevier
Pre-reads: draft 2023 CTAB Work Plan
Discussion
Working Group Updates
- BE v2 (defer to work item 2 - operationalizing) (Albert)
- Work on assessing when an entity is out of adherence with baseline expectations
- REFEDS Assurance (Kyle)
- Going through comments to get ready for release
- REFEDS MFA (Albert)
- Looking at consultation feedback
- Significant feedback received
- Thanks to everyone who participated in the consultation
- CACTI (Richard)
- Password managers discussion
- May move to a single CACTI meeting per month, twice as long
- InCommon TAC (Eric)
- Looked at accomplishments from 2022 and TAC draft work plan for 2023
- Looking at NIST review, pre outreach from Tom Barton
- SIRTFI exercise round 2 - Call for participation: https://spaces.at.internet2.edu/display/federation/call-for-participation-2023-sirtfi-exercise-wg
- 8 people signed up!
- Kyle looking for a new chair
- Question: are there different levels of participation?
- Answer : you don’t need to be part of the planning group to do the tabletop exercise
- In 3-4 months there will be a call for participation in the exercise
- NIST 800-63-4 comments (co-work with TAC & CACTI)
- Slack channel set up; 21 people in channel
- 18 people with update access to the google shared drive
- Editorial group identified and scheduled
Finalize 2023 CTAB Work Plan
- CTAB and InCommon Operations leadership looked at bandwidth (capacity)
We will try to maintain two active items on the CTAB workplan
- currently working on
1) SIRTFI exercise and
2) NIST 800-63 Rev 4 consultation - review and feedback,
- SIRTFI is under control, so we can have one more active currently
- Item 3 on CTAB workplan: Clarity on BE enforcements / operationalizing Baseline should be a priority this year
- InCommon ops team is working on mechanism to detect anomalies
- Metadata accuracy - key contacts, URL, etc
- Contacts management / checking
- Endpoint encryption technical process
- CTAB needs to clarify what to do with info on out of compliance entities
- Process/procedure for escalation and timeframes.
- AI -Jon and Albert? reach out to Warren about getting work on moving this item along
- Group discussed workplan item 5. Framing the next chapter of federation maturity
- Need to review all the existing documents on best practices and make the wisdom more widely available
- Potential dimensions important to trust in federation interoperation:
- IAM practices - assurance, identity lifecycle management, account mgmt (linking, mapping, decorations)
- data standards / use - schemas, entity categories, etc.
- technical interoperability (SAML, SAML2Int, etc)
- Security and operational practices
- User experience / support
- Others?
Next CTAB Call: Tuesday, Feb 21, 2023