CTAB Call of April 2, 2024

Attending
Warren Anderson, LIGO
Pål Axelsson, SUNET 

David Bantz, University of Alaska (chair)  

Tom Barton, Internet2, ex-officio 
Gabor Eszes, Univ of Virginia (rep from CACTI)  
Richard Frovarp,  North Dakota State 

Mike Grady, Unicon   
Christopher Keith, Brown University 
Johnny Lasker, Internet2 

Jon Miner, University of Wisc - Madison (vice chair)  
Rick Wagner, UCSD 

Kevin Morooney, Internet2 

Andrew Scott, Internet2 
Ann West, Internet2 

Albert Wu, Internet2 

Regrets
Scott Green, Eastern Washington University
Matt Eisenberg, NIAID 
Ercan Elibol, Florida Polytechnic University 
Kyle Lewis,  Research Data and Communication Technologies 
Ryan McDaniel, University of Alaska Anchorage
Kathy Wright, Clemson, InCommon TAC rep to CTAB

Discussion

Working Group Updates

  • InCommon TAC (David B)
    • Consultation for REFEDS Access Entity Categories Deployment Guidance
      (more for CTAB in next agenda item)

    • Charter for InCommon Federation Proxies Working Group
      •  A continuation of over two prior years of effort looking at proxies, which are  a common architectural pattern on resource provider side especially for research orgs (such as LIGO). There is a reliance on knowing the right thing to do.  This is what AARC Blueprint helps codify this info. It includes policies and practices.  Perhaps InCommon should highlight that. Goal is to amplify and raise awareness.
      • AARC Blueprint…a clear starting point”
      • As we introduce recipe books to help fill the gap, we can start from the AARC Blueprint
      • The AARC blueprint is being refined, a 2-year project
      • Today InCommon assigns SP to any proxy. 
      • Perhaps InCommon should recognize proxies as a different actor from other SPs
      • FIM4R is also looking at the proxy space
      • Is REFEDs looking at the proxy space also? 
      •    Not this year, perhaps in the future. 
  • InCommon Steering (David B)
    • InCommon leadership described several threads of new work to implement the goals and recommendations in the InCommon Futures2 report, https://internet2.edu/wp-content/uploads/2024/03/InCommonFutures2-Strategy-Report-March2024.pdf including reallocation of resources for the new initiatives. Theme of broadening the InCommon community.  Collaborative work among institutions will be key.   Want to keep the broad community informed as we move along in implementation. 
    • (sub-points here not for published notes)
      • “Refresh IAM function and architecture blueprints for unique research and higher education use cases” & align CTAB & other advisory group work plans with that goal
      • “Partner with at least one HE consortium interested in enhancing their curricula’s through leveraging shared infrastructure for access to shared courses”
      • “Partner with key Federal Agencies” - shareable toolkit & training; foster resources leveraging InC 
  • CACTI: (Gabor & Richard)
    • Discussion about next steps for NGCWG (Next-Gen Creds Working Group)
    • Discussion about InCommon as a Trust Registry for Entities participating in a world of Verifiable Credentials (as suggested by Dmitri Z. from Digital Credentials Consortium). Likely a new CACTI working group will be formed to compile requirements.
    • Discussion about eduRoam  
      • Directing eAC (eduRoam Advisory Committee) to develop baseline expectations for eduRoam. Will be advised to reach out to CTAB due to our experience with such a process. (Might include potentially pivoting from non-TLS RADIUS protocols to improve security)
  • NIST 800-63A comparison to RAF2 IAP/high
    • White paper initially complete, out to a few informal readers for feedback
    • Hope to come back to this at a future call

Deployment Guidance for REFEDS Access Entity Categories (Albert)

SIRFTI 2 - introducing into Baseline Expectations? (Albert)

    • Impact, timing
    • Difference between SIRTFI 1 and SIRTFI 2 is around requirement for practitioner to respond to incidents
    • Albert suggests that as part of attestation to baseline expectations, we ask orgs to acknowledge adherence with SIRTFI 2.
    • This is part of the next chapter of operationalizing baseline expectations.  
    • This would involve a community consultation to be sure the community wants this addition of SIRTFI 2 to the attestation. 
    • AI - Albert will create a written proposal on this approach


Baseline Futures - Improving Federation Interoperability

    • CTAB as the InCommon steward of Baseline Expectation policies
    • Where does Baseline Expectations focus next?
      What needs are being addressed by existing productive groups?
      What needs are ripe for CTAB contribution?
    • How do we make progress?
    • An “educational” initiative is needed - whether recommended operations, conventions, best practices,...(Albert and Michael)
    • Example: requesting nameID format & syntax poorly supported for seamless integration of relying parties (can’t add to InC metadata; SPs don’t know to specify in requests).

    • Ideas:
      • Albert: Attribute release vocabulary should be standardized to improve interoperability
        • There is value in defining this vocabulary and requiring its use when performing federation transactions
        • This could be next chapter of “baseline” (not “you MUST do this” it’s more we really expect this)
      • Albert: Do we want to tackle having a new participant type (proxy) in federation?  Could be too early for this.

      • Mike Grady: educational component is the most important next step for CTAB
        • Mike still plans to write up some of the concerns he encounters from the field, (including registering NameID formats, cert algorithms, supporting OIDC and more)

    • What level of specificity do we want in our guidelines and policies for federation interoperability?  Benefit risk challenge.

Next CTAB Call: Tuesday, April 16, 2024


  • No labels