CACTI notes of Tuesday, October 25, 2022
Attending
Members: Rob Carter, Erik Scott, Chris Phillips, Mike Grady, Marina Krenz, Richard Frovarp, Margaret Cullen, Kevin Hickey, John Bradley, Barry Johnson, Steven Premeau, Licia Florio
With: Nicole Roy, David Walker, Steve Zoppi
Regrets: Les Lacroix
Pre-Read Materials:
- 15 USC Title 16 I(C)314
- CACTI 2023 nominees
Action Item Review:
Agenda
- Administrivia
- Internet2 Intellectual Property Agreement reminder
- CACTI Charter pointer
- Agreements:
- Please say your name when you start to speak, until we learn each others' voices
- Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
- It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
- Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
- Volunteer(s) to scribe (new standing item)
- Please use the CACTI scribing doc
- Agenda bash
- Announcements
- Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
- W3C FedCM work is progressing - Heather Flanagan happy to provide an update for us
- Erik Scott - NSF Cyberinfrastructure Security Summit
- Sponsored by Jim Basney/TrustedCI at University of Indiana in Bloomington
- Mix of academic/staff from NSF major facilities/etc
- Identity and access management - Getting on CISO radar
- About one third of the content was I AM-focused
- If you have a med school, NIH money may dominate your sponsored funding
- SciTokens - looking pretty dominant in this space
- Federal users - government employees, need to use NSF major facilities - IceCube Neutrino Observatory, etc. Science people in the USGS need access- cleaner solution than the one-off provisioning they’ve been doing
- Two-factor authentication (phishing resistant) - FTC compliance as a side-effect of just needing to get MFA for NIH requirements.
- NIH requirements are viewed positively. Timing is a concern - REFEDS LOA.
- Main Business
- Update on wallet discussion in TAC (Nicole, Steven P)
- Microcredntialing - Digital Credentials Consortium
- Verifiable credentials
- Privacy protection - authorized release.
- Protocol proxying - Italian eGovernment OpenID Connect Federation possibly proxying into W3C Verifiable Credentials space for interop with an "EIDAS 2.0" or "ERASMUS Plus Plus" type of interoperability requirement
- SAML and OpenID interop and proxies and protocol translation
- Concern about identity/trust issues. May give the holder more control over how their information is shared. One good side is that if a company, say Google, were to move to using this, they wouldn’t know what you were doing (unless you used their browser).
- These are ‘verifiable credentials” which leaves a lot to define in order to get privacy guarantees, etc.
- Trust is the key. A conversation needs to be had. What is the trust framework?
- John Bradley- please add link to the new JOSE privacy WG
- FTC Title 16 requirement for educational institutions to implement MFA, encryption at rest and in transit I(C)314 (Margaret)
- Regulation requires designation of responsible individual, the scope of the requirement (MFA/Encryption) is vague but does expand the requirement to PII.
- Potential impact on eduroam and federation services. CTAB has existing focus on MFA
- Action item: CACTI should ask CTAB to assess the impact.
- REN-ISAC is home for the encryption discussion
- EDUCAUSE wrote a letter to the FTC about this in March: https://er.educause.edu/articles/2022/3/higher-ed-responds-to-proposed-safeguards-rule-reporting-requirement
- Update on 2023 CACTI nominees; voting planning (All)
- A great pool of 7 candidates.
- 3 slots open, charter allows 14, 12 existing so 2 seats open if we choose to fill the open seats
- Consideration of the individuals and perspectives they bring
- Action Item: Review candidates. Specifically those nominated for multiple committees. Continue conversation on Slack channel
- Continuation of architectural priorities discussion (All) Bump to next week
- The TAP Reference Architecture
- Chris' proposed template for gathering recommendations to Component Architecture - comments/modifications welcomed
- Windows 11 PrivacyGuard and eduroam
Next meeting: Tuesday, November 8, 2022