CACTI notes of Tuesday, August 31, 2021

Attending

Members

  • Rob Carter, Duke, (Chair)  
  • Les LaCroix, Carleton College (Vice-Chair) 
  • John Bradley, Independent 
  • Margaret Cullen, Painless Security 
  • Joshua Drake, Indiana University's Center for Applied Cybersecurity Research 
  • Matthew Economou, InCommon TAC Representative to CACTI 
  • Stoney Gan, University of South Florida 
  • Michael Grady, Unicon 
  • Kevin Hickey, Detroit Mercy  
  • Marina Krenz, REN-ISAC  
  • Chris Phillips, CANARIE  
  • Bill Thompson, Lafayette College 

Internet2 

  • Ann West  
  • Steve Zoppi   
  • Nicole Roy 
  • Emily Eisbruch  
  • David Walker 
  • Netta Caligari 

Regrets

  • Marina Adomeit, SUNET
  • Barry Johnson, Clemson 
  • Jeremy Perkins, Instructure
  •  Kevin Morooney, Internet2

Action item review

    • AI Rob - touch base with Marina A to schedule Discovery / Seamless Access  as a future topic for CACTI.  Action Item from Aug 17 , 2021
    • AI Rob - reach out to JohnB and Shilen about the U2F issue  Action Item from Aug 3 , 2021
    • AI  Rob,  Les and Nicole - work on putting structure around the discussion of CACTI Spheres of Influence. Action Item from July 20 , 2021
    • AI - Rob and Les - slot the user centric identity  topic into a future CACTI agenda. Action Item from March 30, 2021
    • AI - Rob - reach out to the CACTI email list to start to gather contacts and use cases for upcoming discussions around OIDC.  Action Item from March 16, 2021

 Discussion

 Administrivia


Change of CACTI scribing / new subject matter expert  

  • David Walker is taking over from Emily Eisbruch as CACTI scribe. David will also serve as subject matter expert.
  • Welcome David!

Nominations and elections (Netta/Nicole)

  • Marina A is the one CACTI member whose CACTI term ends in December 2021
  • CACTI has the option to expand the roster by 2 slots, CACTI can have 9 to 15 members per the charter
  • Potential issue of CACTI memberships not being staggered in an even way
    • 8 CACTI members come up for renomination in  2023 
  • CACTI could balance that through adding the additional seats
  •  Or by staggering future terms
  • Please inform Netta what items should be on the nomination form for new CACTI members
  • September 15 IAM online - WG updates (CACTI included)
    • You’re the Boss! Getting Involved with InCommon Community Groups
    • Sept. 15, 2021
    • 2 p.m. ET | 1 p.m. CT | Noon MT | 11 a.m. PT
    • Rob will be one of the speakers 

Community Update (Chris Phillips)

  • CANARIE and Canadian Access Federation (CAF) https://www.canarie.ca/identity/caf/
  • relatively small team 
  • Manages the Canadian Access Federation and eduroam
  • Today will focus on identity management/federated identity topics
  • NIH Readiness is an important topic
  • Securing Supply Chain, Docker, containers
  • IDP simplification is a big priority
  • Supported platforms:
    • Shib is gold standard
    • ADFS toolkit
    • SimpleSAML PHP
    • Satosa
    • Apereo CAS
  • Documentation is key
  • “What can I use and what can’t I use in the federation?”
  • Sites going from on-prem to hybrid to cloud-native
  • Verifying REFEDs MFA 
  • Platform Usage Comparison
    • Access Federation: Shib is most dominant, with ADFS growing
  • Trends:
    • SAML proxying to Azure AD for MFA
    • Shibboleth IdP deployments on Windows
  • DevSecOps aspirations:
    • Crawl—Cloud-agnostic; CI/CD including image scanning
    • Walk—software bill of materials; dependency tracking
    • Run—Kubernetes and Helm charts; improved config management and curated configurations; cost reduction
  • eduroam:
    • Strong outer anonymous ID
    • Open roaming
  • Security as a feature: e.g., pushing to private Harbor repo triggers automatic vulnerability scans
  • Thanks to Chris Phillips for this overview

Deployment Guide Development Process / Potential Working Group Design (Rob)

  • Grouper Deployment Guide provides a good model, focuses on theory of operation 
  • Narrow scope is needed for a potential Shib Deployment guide (installation and maintenance vs. theory of operations)
  • Nicole: should CACTI continue the focus on higher level discussion on security strategy, as started in the Secrets Management and Supply Chain webinar
  • Rob: Perhaps there is less motivation to work on the higher level topic 
  • Nicole: suggestion to use multi-phase process to approach the higher level topic  
  • Bill: chunking up the issues helps, start with organizing the short list of major concerns on deploying and operating
    • What are the gaps?
    • Where does the community need more guidance?
  • Suggestion to move this discussion to the CACTI Slack channel

Topics not discussed on this call

  1.  SeamlessAccess/Discovery Service/One Discovery Service to Rule Them All
  2. CACTI “Spheres of Influence” inventory and gap analysis (suggested by Kevin Morooney on June 21 call)
    1. To lump or to split?
    2. Crossover with 2022 nominations and voting


Next CACTI Meeting: Tuesday, September 14, 2021

 

  • No labels