CACTI notes of Wednesday, March 1, 2023
Attending: Kevin Hickey, Chris Phillips, Margaret Cullen, Richard Frovarp, Derek Owens, Kevin Mackie, Gareth Wood, Stoney Gan, Rob Carter, Marina Krenz,
With: Steve Zoppi, David Walker
Reminders
Transparency is a critical part of CACTI's duty to the community. Please promptly approve, edit (or indicate reason for disapproval) of minutes after they are posted.
Pre-Read Materials:
See working doc on verifiable credentials and wallets for pre-reads and initial asynchronous discussion and fact-finding ahead of the call
Action Item Review:
Agenda
Administrivia
Please say your name when you start to speak, until we learn each others' voices
Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon
It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way
Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations
Please use the CACTI scribing doc
CACTI Charter pointer
Agreements:
Volunteer(s) to scribe (new standing item)
Agenda bash
Announcements
Working Group Updates (email only) - Please share via email on the CACTI list ahead of time
Main Business
Parallel CACTI workstreams and how to handle them asynchronously
(doc link)
Topics on the workstreams can have an expiration date. If we do not act on them we may miss the opportunity.
Committee members should review the workstreams and if you have an interest in one or more of them, please reach out via the mailing list or Slack to lead the topic for the year. Action Item Remind group before the next meeting.
Covert workstreams / raw spreadsheet (doc link) into a document that can be used to track progress on topics.
Verifiable credentials and digital wallets
Is there value we can bring to the table? What are institutions currently doing?
Is a working group the proper place? Workshop?
Should the community be brought into the conversation?
Suggestion: connect with the other WG to see where it’s on the roadmap → so far, not seen.
Keith Wessel says TAC is ready and willing to work with CACTI on digital wallets in R&E [from previous notes]
Wallets and credentials are different.
Suggested outputs/work items
The last charter appeared to be too big/not the right thing
Suggested items
A comparison of R&E trust to wallet features, verifiable credentials (blog post? Cross-walk table? Techniques on how to use the credentials
Action Item : Work: coming up with more tangible user stories/ use cases
Kevin Mackie interested in participating in collecting/sharing some of the use-cases.
Helpful for some prescribed times, a google doc, an i2 slack channel that can be participated in for real time messaging.
Is this a task for CACTI or is CACTI asking for contributions in this area
How can CACTI assist harmonizing the understanding of technologies?
Trusted Relationships for Access Management: The InCommon Model - http://doi.org/10.26869/TI.3.2
Stoney Gan (uSouthFlorida): some comments about the MSFT story on Decentralized ID
At proposal writing stage that may use MSFT platform to handle the
Student IDs
Student IDs
Discussion on the qualities of an item/way to bootstrap a wallet ‘element’/credential.
Complications on bootstrapping from one area to another
The use of one trust model or another is not exclusive.. It is likely ‘all of them’ and then how to navigate between them (go from one ‘system’ to another in various ways)
Discussion topic on the wallet:
Unclear if it makes sense
Transcripts
Schema / Standard attributes - consider linking/connecting to CAUDIT Data Reference Model - https://caudit.edu.au/resources/caudit-ucisa-joint-statement-reference-models/
Institutions have sole ownership of roles (faculty, staff, student, etc)
Privacy
Minimal attribute release
Authentication is not the same as attribute presentation
Trust model
Trust is key to the operation of the verifiable credential ecosystem. Do the lessons learned by federations provide insight on the development of VC trust models?
Is the work needed to be done to be a way to assess if/how trust models can manifest/exist in other technologies
The initial establishment of the trust relationship between Issuer, holder, and verifier is expensive. Can the existing InCommon Federation trust model be used as a starting point?
Kevin: 800-63-4 feedback from the community could be a venue we could advocate/illustrate/evangelize the use of the alternative identity technology
Feedback for the 800-63-4 needs to be submitted by March 24th
Standards (W3C VCs, OIDC SIOP, ISO 18013-5)
Sign-in for multiple protocols - web, eduroam, workstation, etc.
Update on Newsletter article on passwords, MFA and passwordless authentication (Kevin)
(doc link)
Next Meeting: Wednesday, March 29, 2023