CACTI Call Tuesday, March 2, 2021
Attending
Members
- Rob Carter, Duke, (Chair)
- Les LaCroix, Carleton College (Vice-Chair)
- John Bradley, Independent
- Matthew Economou, InCommon TAC Representative to CACTI
- Stoney Gan, University of South Florida
- Michael Grady, Unicon
- Kevin Hickey, Detroit Mercy
- Marina Krenz, REN-ISAC
- Jeremy Perkins, Instructure
- Chris Phillips, CANARIE
- Bill Thompson, Lafayette College
Internet2
- Kevin Morooney
- Ann West
- Nicole Roy
- Emily Eisbruch
- Bill Kaufman
Guest
- Slavek Licehammer, Evolveum
Regrets
- Marina Adomeit, SUNET
- Margaret Cullen, Painless Security REGRETS
- Joshua Drake, Indiana University's Center for Applied Cybersecurity Research
- Barry Johnson, Clemson
- Steve Zoppi, Internet2
New Action Items from this call
- AI - BillK, Ann and others review the reporting mechanisms for the midPoint WG and software integration working group
Discussion
Administrivia
- Internet2 Intellectual Property Agreement reminder
- CACTI Charter pointer
Agenda Bash Item: Open Roaming discussions in eduroam advisory committee (eAC)
- OpenRoaming was mentioned when eduroam Advisory Committee came to CACTI a few weeks ago.
- Should CACTI pursue/discuss OpenRoaming further?
- Best approach now is to give the eduroam Advisory committee time to discuss OpenRoaming
- Could have Jeremy, from eduroam Advisory committee, attend these CACTI meetings
- KevinM: At Trust and Identity PAG, the OpenRoaming topic is also being discussed
EDUCAUSE CyberSecurity and Privacy Professionals Conference, June 8–10, 2021
- Call for presentations closes today
https://events.educause.edu/cybersecurity-and-privacy-professionals-conference/2021
Final review of midPoint user group charter with Slavek Licehammer and Bill Kaufman, approval vote
- Slavek Licehammer supports MidPoint use cases in Academia, works on engagement
- Hopes to steer midPoint development based on use cases
- Question: How is this planned new midPoint user group different from work being done in the InCommon Software Integration working group ?
- Answer: This new group will more focused on midPoint, there will be some crossover
- It was suggested to add to the midPoint charter
- that the group is open to the community
- boiler plate info from other charters if appropriate, note: Eduroam advisory group has some different guidelines and the charter is more formal than what’s needed for a working group such as the midPoint user group
- Specify in charter about longevity of the midPoint user group? Plan is for long term
- Specify whether notes from midPoint WG calls will be publicly published
- Results from the proposed new midPoint user group will be shared on Internet2 wiki
- Reporting back to CACTI from midPoint user group (suggestion for email reports to CACTI)
- report-outs to CACTI on some periodic basis.
- Note that Slavek will be invited to the Component Architects group
- SteveZ represents Component Architects working group on CACTI to some extent
- Note that Software Integration working group reports to Component Architects working group
- AI - Bill, Ann and others will review the reporting mechanisms for the midPoint WG and software integration working group
- Reminder that Internet2 Intellectual Property Agreement rules apply to all working groups
- Bill Kaufman worked on Intellectual Property issues with Evolveum in relation to development work
- Decision: There is a green light from CACTI to move ahead with the midPoint user group
Next Steps:
- BillK chat with SteveZ on next steps for this
- Set up a wiki for the new midPoint user group
Banner Integration Working Group
- Where does the Banner Integration WG fit into the landscape?
- That’s an informal group that’s part of the Software Integration working group
- BillK: May need to publicize more resources from the Banner Integration WG
- Trust and Identity Working Groups List: https://spaces.at.internet2.edu/display/TI/Trust+and+Identity+Working+Groups+List
OIDC Working Group next steps
- OIDC Working Group was an InCommon TAC sponsored working group
- For background, See Feb 16, 2021 CACTI Call notes: https://spaces.at.internet2.edu/x/MojTCg
- OIDC Working Group did not publish final report
- Rob, Les, Ann, Nicole and KeithW (Chair of InCommon TAC) will discuss next steps at a call later today (March 2)
- MarinaA from GEANT identified a resource from within GEANT who may provide perspective at our next CACTI call
- Matthew: looking at applying signaling standards from SAML side to OIDC side
- OIDC is missing some things that would make it useful to a federation
- Before pushing for identity assurance levels, everything would have to be bilateral
- Bilateral is a lot of work to maintain
- Integration piece is not there yet on the federation side
- Would need to set up extra infrastructure
- Will likely go in that direction for SPs
- John B: on the healthcare side
- OpenID and Health working group (chaired previously by Debbie Bucci) is looking for new participants
- comment: there could be benefit from a meeting of the various groups working on OIDC
Next Steps: Rob and others will carry this conversation into this afternoon’s discussion with KeithW and others.
For next CACTI call
The “secrets management in the cloud” discussion - should this be with NET+ groups such as CSTAAC? BPLAAC?
- Some initial stuff that will need to be discussed at some point - use cases and problem statements
- Protecting and/or detecting exfiltration of key material - SAML signing/encryption keys, JWT signing/encryption keys, CA signing keys, etc.
- How on-premises and cloud key management interact
- Should CACTI create a short-term (few weeks) working group that would go off and come back with a proposed statement of dos-and-donts related to key management.
Next Meeting: Tuesday, March 16th, 2021