CTAB Call Tuesday June 13, 2023
Attending
David Bantz, University of Alaska (chair)
Jon Miner, University of Wisc - Madison (co-chair)
Tom Barton, Internet2, ex-officio
Warren Anderson, LIGO
Richard Frovarp, North Dakota State
Eric Goodman, UCOP - InCommon TAC Representative to CTAB
Mike Grady, Unicon
Johnny Lasker, Internet2
Kyle Lewis, Research Data and Communication Technologies
Kevin Morooney, Internet2
Emily Eisbruch, Independent, scribe
Regrets
Pål Axelsson, SUNET
Matt Eisenberg, NIAID
Ercan Elibol, Florida Polytechnic University
Scott Green, Eastern Washington U
Meshna Koren, Elsevier
Andy Morgan, Oregon State University
Rick Wagner, UCSD
Andrew Scott, Internet2
Ann West, Internet2
Albert Wu, Internet2
For Reference: InCommon CTAB 2023 Work Plan
Discussion
- Internet2 Intellectual Property reminder
Working Group updates
- InCommon TAC
- Discussion of Microsoft’s “Federation Ready” documentation
- Review of draft documentation related to supporting Entity Categories (Anonymous, Pseudonymous, Personalized) and the updated saml2int profile
- Discussion of Microsoft’s “Federation Ready” documentation
- InCommon TAC
- REFEDs Assurance Framework (RAF): (Kyle)
- Consultation of RAF 2.0 is open until July 26, 2023 https://wiki.refeds.org/display/CON/Consultation%3A+REFEDS+Assurance+Framework+%28RAF%29+v2.0
- Overview:
- Over the last two years, the REFEDS Assurance Framework (RAF) Working Group has updated the framework from RAF 1.0 to RAF 2.0. The reason for the change was two-fold:
(1) to tighten the definitions of many claims based on field experience with RAF 1.0 (the original RAF), and
(2) to provide a single set of criteria defining the Identity Assurance Profile (IAP) claims of low, moderate, and high, avoiding the need for the CSP to refer to one of several external standards and also reducing the ambiguity faced by Relying Parties who wish to have a clear understanding of what each IAP claim actually means.
- Over the last two years, the REFEDS Assurance Framework (RAF) Working Group has updated the framework from RAF 1.0 to RAF 2.0. The reason for the change was two-fold:
- Focus on risk-based identity assurance
- Old framework version is not fully upwards compatible
- New framework is backwards compatible
- Versioning is handled like SIRTFI did
- If this framework is mostly left intact after the public consultation, the new IAP High will be closer to NIST IAL 2. Gaps were mostly eliminated
- Public feedback for 2 months, until July 26, then working group will reconvene
- Kyle will present at TechEx 2023
- Hope this is live by end of 2023
- Going back to CTAB’s work plan, (item 5 on Assurance - next steps, rollout) we see why the guidance from the Assured Access working group, from a few years ago, needs updating
- RAF 2.0 provides more concrete implementation guidance
- SIRTFI Exercise Planning Working Group
- Working Group is crafting scenario; community survey is live ‘on the streets’; IAM online on ‘how to Sirtfi’ for 19 July
Operationalizing Baseline Expectations
- Final summary report is available https://docs.google.com/document/d/1pjvrkoyAF1P5HNAcwcN5Z1wMzBz6LlbRirb5wKemYak/edit
- Good working group, excellent participation
- Met biweekly over the course of several months
- Started with a spreadsheet Warren had assembled on operationalizing Baseline Expectations
- Spent several meetings discussing general philosophical principles on operationalizing baseline
- For example,
- DON'T want to be overly prescriptive with script enforcement and penalties for non compliance
- DO want good lines of communication between participants and InCommon; Strong emphasis on cooperation
- InCommon should offer to help the participant if a lapse is found.
- No single person is likely to be able to assert all elements of baseline expectations, authority at multiple levels needed
- Timeliness versus having enough time for orgs to respond and InCommon to process;
- Generally, semi annual assertions likely make sense
- Utilizing federation manager to communicate makes sense
- There are general procedural suggestions for how to operationalize, but the details of implementation are best left in hands of InCommon operations staff
- DON'T want to be overly prescriptive with script enforcement and penalties for non compliance
- DavidB: hope to hand this off to the InCommon operations staff with the understanding that some elements may be challenging given the existing technology
- Johnny: this Operationalizing Baseline Expectations document provides helpful guidance for the InCommon operations staff.
Currently, the emphasis is on automating detection of anomalies. - Kevin:
- big message is that baseline is good and we should continue with it, but there is also an acknowledgement that it is not easy.
- This is a good message for InCommon Steering and for the community.
- We are testing the will of the participants and signaling the need for constant improvement.
The collective desire for federation to get better
- Long-term strategy for reminding the participants that federation is not one and done.
- We need to do the communications work.
- Should this be considered a living document?
- We are finding out answers as we go.
- This is a summary report of what happened in the meetings
- CTAB Voted to accept the Operationalizing Baseline Expectations report
- This will be a public document
- Should this document go in the Trust and Identity document repository? Not sure
- Next steps: send this document to InCommon Steering
- Not for a vote of steering , but to ask InCommon Steering to reflect on this
- Perhaps CTAB chairs and Warren will come to InCommon Steering in August 2023, given schedules
- Final summary report is available https://docs.google.com/document/d/1pjvrkoyAF1P5HNAcwcN5Z1wMzBz6LlbRirb5wKemYak/edit
Maturing Federation Brainstorming (not discussed on today's call)
- Mural collaboration tool was used.
- Goal is to turn these into activities for CTAB in workplan:
https://spaces.at.internet2.edu/pages/viewpage.action?spaceKey=ctab&title=ctab-2023-work-plan - To be discussed more on a future CTAB call.
- Mural collaboration tool was used.
Next CTAB Call: Tuesday, June 27, 2023