CACTI notes of Wednesday, March 1, 2023

Attending: Kevin Hickey, Chris Phillips, Margaret Cullen, Richard Frovarp, Derek Owens, Kevin Mackie, Gareth Wood, Stoney Gan, Rob Carter, Marina Krenz,

With: Steve Zoppi, David Walker

Reminders

  1. Transparency is a critical part of CACTI's duty to the community. Please promptly approve, edit (or indicate reason for disapproval) of minutes after they are posted.

Pre-Read Materials: 

  1. See working doc on verifiable credentials and wallets for pre-reads and initial asynchronous discussion and fact-finding ahead of the call

Action Item Review:

 Agenda

  1. Administrivia

    1. Please say your name when you start to speak, until we learn each others' voices

    2. Please ask colleagues to define terms, expand acronyms, etc, until we learn each others' jargon

    3. It's ok to challenge your colleagues in pursuit of quality of discourse. Hopefully in a nice way

    4. Please disclose any conflicts of interest you may have in any of the agenda topics, and potentially excuse yourself from the relevant conversations

    5. Please use the CACTI scribing doc

    6. Internet2 Intellectual Property Agreement reminder

    7. CACTI Charter pointer

    8. Agreements:

    9. Volunteer(s) to scribe (new standing item)

    10. Agenda bash

  2. Announcements

    1. Working Group Updates (email only) - Please share via email on the CACTI list ahead of time

  3. Main Business

    1. Parallel CACTI workstreams and how to handle them asynchronously

      1. (doc link)

        1. Topics on the workstreams can have an expiration date.  If we do not act on them we may miss the opportunity.

        2. Committee members should review the workstreams and if you have an interest in one or more of them, please reach out via the mailing list or Slack to lead the topic for the year.  Action Item Remind group before the next meeting.

        3. Covert workstreams / raw spreadsheet (doc link) into a document that can be used to track progress on topics.

    2. Verifiable credentials and digital wallets

      1. Is there value we can bring to the table? What are institutions currently doing?

        1. Is a working group the proper place? Workshop?  

          1. Should the community be brought into the conversation?

            1. Suggestion: connect with the other WG to see where it’s on the roadmap → so far, not seen.

            2. Keith Wessel says TAC is ready and willing to work with CACTI on digital wallets in R&E [from previous notes]

      2. Wallets and credentials are different.  

        1. Suggested outputs/work items

          1. The last charter appeared to be too big/not the right thing

            1. Suggested items

              1. A comparison of R&E trust to wallet features, verifiable credentials (blog post?  Cross-walk table? Techniques on how to use the credentials

                1.  Action Item : Work: coming up with more tangible user stories/ use cases

                  1. Kevin Mackie interested in participating in collecting/sharing some of the use-cases. 

                  2. Helpful for some prescribed times, a google doc, an i2 slack channel that can be participated in for real time messaging.

                2. Is this a task for CACTI or is CACTI asking for contributions in this area

              2. How can CACTI assist harmonizing the understanding of technologies?

                1. Trusted Relationships for Access Management: The InCommon Model - http://doi.org/10.26869/TI.3.2

              3. Stoney Gan (uSouthFlorida): some comments about the MSFT story on Decentralized ID 

                1. At proposal writing stage that may use MSFT platform to handle the 

                2. https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/decentralized-identifier-overview 

      3. Student IDs 

        1. Student IDs

          1. Discussion on the qualities of an item/way to bootstrap a wallet ‘element’/credential.

          2. Complications on bootstrapping from one area to another 

          3. The use of one trust model or another is not exclusive.. It is likely ‘all of them’ and then how to navigate between them (go from one ‘system’ to another in various ways)

          4. Discussion topic on the wallet:

            1. Unclear if it makes sense 

        2. Transcripts

        3. Schema / Standard attributes - consider linking/connecting to CAUDIT Data Reference Model - https://caudit.edu.au/resources/caudit-ucisa-joint-statement-reference-models/ 

          1. Institutions have sole ownership of roles (faculty, staff, student, etc)

        4. Privacy

          1. Minimal attribute release

      4. Authentication is not the same as attribute presentation

      5. Trust model

        1. Trust is key to the operation of the verifiable credential ecosystem.  Do the lessons learned by federations provide insight on the development of VC trust models?

        2. Is the work needed to be done to be a way to assess if/how trust models can manifest/exist in other technologies 

        3. The initial establishment of the trust relationship between Issuer, holder, and verifier is expensive.  Can the existing InCommon Federation trust model be used as a starting point?

        4. Kevin: 800-63-4 feedback from the community could be a venue we could advocate/illustrate/evangelize the use of the alternative identity technology 

          1. Feedback for the 800-63-4 needs to be submitted by March 24th

      6. Standards (W3C VCs, OIDC SIOP, ISO 18013-5)

      7. Sign-in for multiple protocols - web, eduroam, workstation, etc.

    3. Update on Newsletter article on passwords, MFA and passwordless authentication (Kevin)

      1. (doc link)


Next Meeting: Wednesday, March 29, 2023



  • No labels