CACTI notes of Tuesday, August 31, 2021
Attending
Members
- Rob Carter, Duke, (Chair)
- Les LaCroix, Carleton College (Vice-Chair)
- John Bradley, Independent
- Margaret Cullen, Painless Security
- Joshua Drake, Indiana University's Center for Applied Cybersecurity Research
- Matthew Economou, InCommon TAC Representative to CACTI
- Stoney Gan, University of South Florida
- Michael Grady, Unicon
- Kevin Hickey, Detroit Mercy
- Marina Krenz, REN-ISAC
- Chris Phillips, CANARIE
- Bill Thompson, Lafayette College
Internet2
- Ann West
- Steve Zoppi
- Nicole Roy
- Emily Eisbruch
- David Walker
- Netta Caligari
Regrets
- Marina Adomeit, SUNET
- Barry Johnson, Clemson
- Jeremy Perkins, Instructure
- Kevin Morooney, Internet2
Action item review
- AI Rob - touch base with Marina A to schedule Discovery / Seamless Access as a future topic for CACTI. Action Item from Aug 17 , 2021
- AI Rob - reach out to JohnB and Shilen about the U2F issue Action Item from Aug 3 , 2021
- AI Rob, Les and Nicole - work on putting structure around the discussion of CACTI Spheres of Influence. Action Item from July 20 , 2021
- AI - Rob and Les - slot the user centric identity topic into a future CACTI agenda. Action Item from March 30, 2021
- AI - Rob - reach out to the CACTI email list to start to gather contacts and use cases for upcoming discussions around OIDC. Action Item from March 16, 2021
Discussion
Administrivia
- Internet2 Intellectual Property Agreement reminder
- CACTI Charter pointer
Change of CACTI scribing / new subject matter expert
- David Walker is taking over from Emily Eisbruch as CACTI scribe. David will also serve as subject matter expert.
- Welcome David!
Nominations and elections (Netta/Nicole)
- Marina A is the one CACTI member whose CACTI term ends in December 2021
- CACTI has the option to expand the roster by 2 slots, CACTI can have 9 to 15 members per the charter
- Potential issue of CACTI memberships not being staggered in an even way
- 8 CACTI members come up for renomination in 2023
- CACTI could balance that through adding the additional seats
- Or by staggering future terms
- Please inform Netta what items should be on the nomination form for new CACTI members
- September 15 IAM online - WG updates (CACTI included)
- You’re the Boss! Getting Involved with InCommon Community Groups
- Sept. 15, 2021
- 2 p.m. ET | 1 p.m. CT | Noon MT | 11 a.m. PT
- Rob will be one of the speakers
Community Update (Chris Phillips)
- CANARIE and Canadian Access Federation (CAF) https://www.canarie.ca/identity/caf/
- relatively small team
- Manages the Canadian Access Federation and eduroam
- Today will focus on identity management/federated identity topics
- NIH Readiness is an important topic
- Securing Supply Chain, Docker, containers
- IDP simplification is a big priority
- Supported platforms:
- Shib is gold standard
- ADFS toolkit
- SimpleSAML PHP
- Satosa
- Apereo CAS
- Documentation is key
- “What can I use and what can’t I use in the federation?”
- Sites going from on-prem to hybrid to cloud-native
- Verifying REFEDs MFA
- Platform Usage Comparison
- Access Federation: Shib is most dominant, with ADFS growing
- Trends:
- SAML proxying to Azure AD for MFA
- Shibboleth IdP deployments on Windows
- DevSecOps aspirations:
- Crawl—Cloud-agnostic; CI/CD including image scanning
- Walk—software bill of materials; dependency tracking
- Run—Kubernetes and Helm charts; improved config management and curated configurations; cost reduction
- eduroam:
- Strong outer anonymous ID
- Open roaming
- Security as a feature: e.g., pushing to private Harbor repo triggers automatic vulnerability scans
- Thanks to Chris Phillips for this overview
Deployment Guide Development Process / Potential Working Group Design (Rob)
- Grouper Deployment Guide provides a good model, focuses on theory of operation
- Narrow scope is needed for a potential Shib Deployment guide (installation and maintenance vs. theory of operations)
- Nicole: should CACTI continue the focus on higher level discussion on security strategy, as started in the Secrets Management and Supply Chain webinar
- Rob: Perhaps there is less motivation to work on the higher level topic
- Nicole: suggestion to use multi-phase process to approach the higher level topic
- Bill: chunking up the issues helps, start with organizing the short list of major concerns on deploying and operating
- What are the gaps?
- Where does the community need more guidance?
- Suggestion to move this discussion to the CACTI Slack channel
Topics not discussed on this call
- SeamlessAccess/Discovery Service/One Discovery Service to Rule Them All
- CACTI “Spheres of Influence” inventory and gap analysis (suggested by Kevin Morooney on June 21 call)
- To lump or to split?
- Crossover with 2022 nominations and voting
Next CACTI Meeting: Tuesday, September 14, 2021