CTAB Call Tuesday January 10, 2023
Attending
David Bantz, University of Alaska (chair)
Warren Anderson, LIGO
Pål Axelsson, SUNET
Tom Barton, Internet2, ex-officio
Matt Eisenberg, NIAID
Richard Frovarp, North Dakota State
Mike Grady, Unicon
Scott Green, Eastern Washington U
Johnny Lasker, Internet2
Kyle Lewis, Research Data and Communications Technologies (RDCT)
Jon Miner, University of Wisc - Madison (co-chair)
Andy Morgan, Oregon State University Kevin Morooney, Internet2
Andrew Scott, Internet2
Rick Wagner, UCSD
Albert Wu, Internet2
Emily Eisbruch, Independent, scribe
Regrets
Ercan Elibol, Florida Polytechnic University
Eric Goodman, UCOP - InCommon TAC Representative to CTAB
Meshna Koren, Elsevier
Ann West, Internet2
Discussion
- Internet2 Intellectual Property Reminder
- Notes from these calls are public
Working Group Updates
- REFEDS - Assurance. RAF v2 has reached “feature completeness”, leaving only editorial work, and perhaps some supporting informative material, to be done
- Reminder of consultation on REFEDS MFA profile https://wiki.refeds.org/display/CON/Consultation%3A+MFA+Profile+v1.1
Introductions (and name one goal / wish for CTAB and InCommon in 2023)
- David Bantz, CTAB chair, University of Alaska,
- It will be helpful to detail how IDPs can adapt recipes that vendors provide, especially for integrating with commercial SAML IdPs to integrate with Shibboleth IdP; possible first step: work with Net+ vendors to include Shibboleth IdP as supported SAML IdP integration (many do not include; some currently explicitly discourage Shibboleth)
- It will be helpful to detail how IDPs can adapt recipes that vendors provide, especially for integrating with commercial SAML IdPs to integrate with Shibboleth IdP; possible first step: work with Net+ vendors to include Shibboleth IdP as supported SAML IdP integration (many do not include; some currently explicitly discourage Shibboleth)
- Kyle Lewis , RDCT
- wish to recharter and ask for new volunteers for SIRTFI Exercise Planning Working Group
- wish to recharter and ask for new volunteers for SIRTFI Exercise Planning Working Group
- Johnny Lasker, Internet2,
- wish to increase Baseline Expectations functionality in InCommon operations
- wish to increase Baseline Expectations functionality in InCommon operations
- Rick Wagner, UCSD,
- wish for organizations within campus at UCSD to think about external identity reuse and its benefits, to take advantage of what's built by InCommon
- wish for organizations within campus at UCSD to think about external identity reuse and its benefits, to take advantage of what's built by InCommon
- Scott Green, Eastern Washington U
- goal: better vender integration, with larger vendors that seem to fight federation
- goal: better vender integration, with larger vendors that seem to fight federation
- Richard Frovarp, NDSU
- wish for better use cases for smaller schools across federation
- wish for better use cases for smaller schools across federation
- Andy Morgan, Oregon State,
- hope to move forward on TLS work from 2022
- hope to move forward on TLS work from 2022
- Albert Wu, InCommon, Flywheel
- Wish for identity management to be more fun.
- Let Albert know if you have any issues with the resources for CTAB
- Pal Axelsson, SUNET, Swedish Identity Federation
- hopes to make things work all over the world, hopes to learn something at every meeting
- hopes to make things work all over the world, hopes to learn something at every meeting
- Jon Miner, College of Engineering U Wisc Madison,
- goal to get past the SSL stuff, figure out how to track that; improve usefulness of federation and reliability
- goal to get past the SSL stuff, figure out how to track that; improve usefulness of federation and reliability
- Mike Grady, Unicon,
- hope to see what and how we need to act around assurance levels ,will we see movements on self sovereign identity
- hope to see what and how we need to act around assurance levels ,will we see movements on self sovereign identity
- Andrew Scott, Internet2 , security lead for InCommon,
- be more involved in the work happening
- be more involved in the work happening
- Tom Barton, Internet2
- hopes the international community can adapt to survive the browser transitions
- hopes the international community can adapt to survive the browser transitions
- Matt Eisbenberg, NIH, Allergy and Infectious Diseases,
- hope to learn and contribute
- hope to learn and contribute
- Warren Anderson, IDM lead for LIGO
- goal is to understand how the work we are doing on baseline expectations and other InCommon trust and identity efforts relate to other federations, for a common understanding globally
- goal is to understand how the work we are doing on baseline expectations and other InCommon trust and identity efforts relate to other federations, for a common understanding globally
- Kevin Morooney, Internet2,
- goal is to help CTAB succeed
- goal is to help CTAB succeed
CTAB Past and Present
- CTAB Charter: https://spaces.at.internet2.edu/display/TI/TI.94.1
- Predecessor to CTAB was InCommon Assurance Advisory Council (ca 2012)
- 2017 CTAB started informally
- 2018 first official CTAB call (notes: 31-Jan-2018)
- 2017 CTAB started informally
- Much of CTABs work has been around baseline expectations, to increase trust and interoperability among participants in the federation
- There is a formal dispute resolution process to address concerns / conflicts among InCommon federation participants
More about CTAB
- CTAB tries to make decisions by consensus rather than votes
- We need to define deliverables, and prioritize the work in the work plan
2023 CTAB Work Planning
- The 2023 CTAB workplan is a template, need to brainstorm and add ideas
- One topic is creating ramps to readiness and interoperability (federation ready, making it easier to add new services and make them available without a lot of custom work). Split into at least 2 work items / chunks
- There has been work in recent years on making SP requirements clearer, documentation and outreach
- There is an idea of applying “badges” for being XXX Ready beyond InCommon
- Increase transparency
- An important issue is around measurements
- If we want everyone to adhere, that becomes baseline eventually
- Maturity model versus compliance model
- There was a tool used in the TIER project
- Good first step: inventory what is already out there,
- Discovery exercise
- Suggestion to review what IDPro is developing
- Focus on federated trust
- There has been work in recent years on making SP requirements clearer, documentation and outreach
- Another topic is increasing clarity on Baseline Expectation enforcements / operationalizing Baseline
How do we measure ongoing adherence?
- Metadata accuracy - key contacts, URL, etc
- Contacts management
- Endpoint encryption requirement adherence and dispute resolution (what triggers dispute) - BE TLS Proposal
- How to handle those who do not check the SIRTFI flag?
- InCommon Operations will be implementing checks, such as of required URLs, will need a more structured and operational way to deal with disputes/ non adherence
- Metadata accuracy - key contacts, URL, etc
- SIRTFI exercise - The Great SIRTFI shakeout [see separate workplan item]
- SEPWG, group of volunteers eager to participate in an exercise
- Next SEPWG (Sirtfi exercise)... call for WG volunteers?
- Issue of InCommon not following its own policies regarding SIRTFI, based on InCommon Steering decision not to enforce part of Baseline Expectations
- AI - put that on next CTAB meeting agenda
- SEPWG, group of volunteers eager to participate in an exercise
- NIST work
- For Reference: NIST 800-63 version 4 -https://csrc.nist.gov/publications/detail/sp/800-63/4/draft
- Suggestion for a reading group activity
- Discussion and comments
- Then select a subset of comments to send back to NIST
Next CTAB Call: Tuesday, January 24, 2023