CTAB  Call Wed. Aug 15, 2018

Attending 

• Brett Bieber, University of Nebraska (chair) 

• Mary Catherine Martinez, InnoSoft (vice chair) 

• David Bantz, University of Alaska 

• Chris Hable, University of Michigan 

• Ted Hanss, Yale 

• Jon Miner, University of Wisc - Madison 

• Chris Whalen, National Institute of Health NIAID 
  

Regrets

• Tom Barton, University Chicago and Internet2  

• Joanna Rojas, Duke  

• Ann West, Internet2  

• Emily Eisbruch, Internet2  

NEW ACTION ITEMS

  [AI] Brett will reach out to EricG about 1) sharing the UCOP privacy policy info as a recommendation and 2) if EricG would be willing to draft a blog about how they are   tackling the Baseline Expectations privacy policy issue at UCOP. 

[AI] TomB update the BE Maintenance doc with decisions made during tabletop exercises

• http://doi.org/10.26869/TI.105.1

For FIM4R response,   https://docs.google.com/spreadsheets/d/19HfXGTthGDlQZU3KBn68dBXZFNXG9F0r5xhU1rl58hw/edit?usp=sharing

• [AI] JonM will fix headers (done)
• [AI] ChrisW and Brett will review and respond to which issues "belong" to which InCommon committees 

Agenda

Privacy Policy progress  

Eric G from UCOP shared information with Brett on their approach to privacy policy.

• A varying amount of verbiage will go into privacy policy based on audience of the service
  
• For internal-only applications, the privacy policy is more simple
  
• For an external partner, the privacy policy has more information
  
• For a fully federated application, a full GDPR-privacy policy is used
  
  
• Interesting approach and could be helpful to the community
• Current guidance on privacy policy is here in the Baseline Expectations FAQ
  
  
• ChrisW: Possible issue of need to create permanent audit trails for clinical trials, so if a system supports a clinical study there is no “right to be forgotten” due to regulatory framework, 
  
• Likely such information regarding how data will be handled in a clinical trial needs to be revealed at the application authentication level  
• 
  
•  [AI] Brett will reach out to EricG about 1) sharing the UCOP privacy policy info as a recommendation and 2) if EricG would be willing to draft a blog about how they are   tackling the Baseline Expectations privacy policy issue at UCOP. 

FIM4R recommendations and gap analysis for InCommon & CTAB’s responsibility

CACTI is preparing a response to the FIM4R report.. Chris Phillips, chair of CACTI, reached out to CTAB for input on how to fill gaps between what InCommon offers now and where the research community would like to see us. 

• Chris Phillips asked CTAB to look at areas where (and report back in Sept)   
  
• We have met the gaps
  
• We can meet the gaps in a period of time
  
• Additional work is needed

ChrisW is one of the FIM4R authors.

• https://zenodo.org/record/1307551  
  
• PDF: https://zenodo.org/record/1307551/files/fim4rv2.pdf?download=1 
  
• Original Google Doc need to move sections 4.1.2 and 4.2 into a google doc for editing by CTAB and assigning responsibilities between InCommon groups
  
• https://docs.google.com/document/d/1aTPJRjXES9sKVn5tp6O_fBN295o7oBET2tXrV1FzsJQ/edit# 
  
• Working copy of requirements matrix: https://docs.google.com/spreadsheets/d/19HfXGTthGDlQZU3KBn68dBXZFNXG9F0r5xhU1rl58hw/edit?usp=sharing
  
• First pass may be to identify which of the InCommon sponsored groups would be tasked with handling a particular category 
• [AI] JonM will fix headers
  
• AI ChrisW and Brett will review and respond to which issues "belong" to which InCommon committees 
• There are categories and issues in the  Requirements Matrix that connect to Baseline Expectations and CTAB's work. For example:
  
• Discover and usability category:  “Logo in metadata at an agreed standard size”
  
• Attribute Release category: “Attribute release across borders “
  
• Security Incident Response category: “SIRTFI”

•  MFA
• Should CTAB explore making MFA  part of baseline expectations?
  
• It was noted that MFA adoption will increase when SPs or federations start asking for it.
  
• possibility to recommend to modify SIRTFI or R&S to require MFA

BE Tabletop Exercise #3 - Monday Aug. 20 at 10am ET -

• focus on good ending scenarios and bad ending scenarios 
  

Baseline Expectations Docs

Community Consensus doc

• now in T&I Document Repository
  
• DOI is live at  http://doi.org/10.26869/TI.107.1
  
• https://spaces.at.internet2.edu/display/TI/TI.107.1
  
• Brett will give the heads up to the community and to Sean Reynolds, Chair of Steering
  

[AI] TomB will update the BE Maintenance doc with decisions made during tabletop exercises

• http://doi.org/10.26869/TI.105.1

Baseline Expectations Implementation Progress

•  Over 50% overall meeting Baseline Expectations

• IDPs are above 60%
• SPs somewhat lower

Hard versus soft validation of metadata

Brett move on this Action item from CTAB call of Aug. 1,  2018:

• [AI] (Brett) create draft of the options for implementing a “hard metadata validation”  as part of taking BE Implementation to the next level. 

Brett followed up with InCommon Ops about  hard versus soft validation of metadata. There was the suggestion to  allow a comment about why an org is not meeting Baseline Expectations.  InCommon Ops was concered about the amount of work potentially involved. Brett will do more followup

Tech Ex 2018

• CTAB meeting Wed. morning Oct. 17, 2018, 7:30am - 8:30am
  
• https://meetings.internet2.edu/2018-technology-exchange/detail/10005252/
  

Next CTAB call: Wed. Aug. 29, 2018