Committee meeting - March 5, 2020

Carol Lu  
Secretary to the Committee  
March 5, 2020  
  
Present: Erick Engelke, Steven Bourque, Trevor Bain, Jason Testart, Paul Miskovsky, Robyn Landers, Andrew McAlorum, Bill Baer, Adam Savage, Pratik Patel, Lori Paniak
  
Regrets: Dave Kibble, Andrea Chappell, Daryl Dore, Greg Smith, Don Duff-McCracken  
  
Agenda  

1. Chair’s remarks [5 min.]
2. Approval of the minutes of the meetings of Thursday February 20, 2020 [5 min.]
3. Teams retention follow-up (Steven Bourque) [5 min.]
4. TLS Deprecation (Jason Testart) [20 min.]
5. Process for WatIAM account/assertion expiry (Lori Paniak) [5 min.]
6. Other Business [10 min.]
7. Roundtable discussion – all [20 min.]
8. Next CTSC Meeting
   [Will be held Thursday March 19 at 1:30 p.m., in EC2 1021.]

  
Chair's Remarks (Steven Bourque)  

• No remarks.

Approval of the minutes of the previous meeting  

• The previous meeting’s minutes were accepted as distributed.  

Teams Retention follow-up (Steven Bourque)

• Retention period has been increased from one year to two years
• IST will continue to work with the Secretariat while Teams use cases are reviewed
• CTSC will work on creating a document to outline the various use cases among faculties
  • Document will be shared with UCIST who will create a policy on Teams file storage and retention
  • Trevor Bain to lead document creation 

TLS Deprecation (Jason Testart)

• Jason Testart gave a presentation on TLS Deprecation. 

Comments and discussion

• TLS standards are always changing; it is hard to maintain an 'A' rating
  • Can the policy criteria specify having an 'A' at the time of certificate renewal? 
  • Won't be an immediate shut off, a warning period (30, 60, or 90 days) will be granted
  • Jason to write up a proposal and circulate among the committee 
  • Jason to distribute spreadsheet list of servers via email
  • Resources: 
    • https://www.ssllabs.com/ssltest/
    • https://testssl.sh/
    • https://ssl-config.mozilla.org/
    • https://www.nartac.com/Products/IISCrypto/

Process for WatIAM account/assertion expiry (Lori Paniak)

• Is there a more automated process for sponsoring WatIAM accounts? 

Comments and discussion

• How would we determine whether or not an account is still needed after the sponsorship expires if the process is automated? 
• Contact Matthew Oliver if your department requires additional time beyond April 9 to update the WatIAM account sponsorship of the expiring accounts
• The new WatIAM system should have a comment field attached to the assertion like the old system did 
  • Helps administrators understand the nature of the account
• Lists sent out to each department to update account sponsorship is a one-time clean up 
  • Accounts were migrated from the old system before sponsorship was required
  • Accounts created in the new WatIAM system are not part of this clean up 
• The Library had accounts on their list that already had updated sponsorship 
  • Department was updating sponsorships around the time the list was sent out; could have been an outdated list

Other Business

Office 365 Steering Committee (Andrew)

• Trevor Bain will be joining the committee as a faculty rep, meetings to commence soon 

Comments and discussion

• Potential interest from Math, Engineering, and Arts to join the committee 
• The focus of the committee will revolve around campus usage of Office 365 applications
  • Is not related to the Office 365 email investigation 
    • Email migration for faculties will take place after the migration for Academic Support Units 
    • The migration will be further discussed at UCIST

Adobe VIP Consortium (Bill)

• Working with Andrew McAlorum, Lisa Tomalty, and Will Lewis to determine billing/payment process
  • Current process allows every purchaser to create a VIP for themselves; there should only be one VIP per area
• Softchoice currently just sends a link to pay for the purchase using a credit card; is there a way to identify whether or not the card used is a p-card? 
   

Wireless RFP (Steve)

• RFP has been posted with 20 days left to bid
• Update on the RFP will be given in a future meeting

Roundtable

Math (Robyn) 

• Is there a recommended file encryption tool for Unix? 
  • Crypt or GPG are recommended tools
• MathSoc is now using a Windows 10 POS system similar to WUSA's
   

WUSA (Pratik)

• Lemur is a x.509 certificate orchestration framework created by Netflix
  • Easy to use, self-hosted server for managing certificates

Library (Adam)

• Currently reviewing the Library's public workstations, looking for feedback/input on what patrons would like to see implemented at the workstations
• Working on coming up with a budget
• Would like to authenticate the workstation machines
   

AHS (Trevor)

• There has been an increase in DUO/2FA tickets
  • Students are being prompted to sign up for Learn and Quest

Comments and discussion

• DUO tokens are only available for staff
• 2FA is being triggered more often because it has been enabled on more student applications
• Should we discourage the use of SMS 2FA pushes? 
  • There has been an increase in SMS porting fraud
  • Could send targeted messaging to 2FA users that are not using the 'remember me for 30 days' function and users who are using the SMS pushes
• DUO should enable pushes on laptops 
• YubiKey may become the standard authentication method
  • If YubiKeys become the standard, they should be provided to students 

Science (Paul)

• Currently working through Pandemic Planning for the department
• There are some inconsistencies in procedures
  • Some groups do not have WFH policies set up; some groups do not use IM