SP Onboarding

DATE and TIME: Thursday, May 26, 2011, 3:30pm

CONVENER: Jim Basney

SCRIBE: Jim Basney

# of ATTENDEES: 22

MAIN ISSUES DISCUSSED

  • Why don't IdPs release attributes? Why don't IdPs trust InCommon SPs? One example: commercial SPs.
    • Library space. R1 has licenses with Elsevier, etc. No record of what you've read. Preserve this model in the digial world. Results in default of "release nothing".
    • Shibboleth 2001 use case: collaboration, needs attribute sharing
  • How do we go from default of "release nothing" to default that recognizes more complex world?
    • Beefing up consent process (uApprove, etc.)
    • Federation categorizes SPs, IdPs release attributes according to categories
    • Danish / WAYF model: centralized proxy run by federation, attribute filtering done there
  • REFEDS establishing a group to work on this problem (outcome of Prague meeting)
  • Survey: 11 InCommon IdPs total; 6 willing to release for fac/staff name, email, phone (directory information) to all InCommon SPs; 4 private institutions, 7 public; 2.5 would be willing to release with uApprove
    • one hold-out: up to IdP to vet attribute release; still go through HR for fac/staff
  • uApprove / user consent
    • Now is the time to impact uApprove-NG
    • 2 attendees experimenting with uApprove; uApprove goes a long way to solving the boarding challenge
    • uApprove even helps with FERPA students
    • Can uApprove support: user approves access to LIGO wiki, wiki loads images and requires a re-authentication; can user click "don't ask me again" button? Yes, user can click the button. Campus can also deploy JSP to allow users to revoke their decisions (being improved).
  • SP attribute requirements in metadata
  • IdP attribute capabilities in metadata
  • Scalable establishment of SP trust
    • Categorizing SPs
  • IdP filtering / IdP registration
    • only list IdPs who are releasing attributes
  • Error handling (centralized?)
  • Centralized federation services to help with on-boarding 
    • Centralized IdP proxy does attribute filtering
    • InCommon web page that lists all service providers in metadata, combined with summary blurb about what InCommon is, description of what the SP does, what it means to release (potential risks), document process
      • incommon-participants announcements about available SPs; routed to the appropriate people on campus
      • InCommon lists SPs now but not what they do, what their privacy policy is
      • SPs willing to provide info if it'll help with the boarding process
    • Centralized "I'm having trouble logging in to an SP" page; provides IdP contact info, needed attributes, diagnostics
  • Terms for SPs that have trouble with on-boarding: "non-contract", "user-driven", "user-managed" ("non-institution"), "collaborative"
  • Examples: national student clearing house, NSF grants management
  • related to boarding problem: education about SPs that are available in InCommon, what they can do (example: learning management system, MIT course management system)

ACTIVITIES GOING FORWARD / NEXT STEPS

  • uApprove adoption (support work already in progress on this)
  • discussion of central InCommon services
  • REFEDS WG

If slides are used in the session, please ask presenters to convert their slides to PDF and email them to SteveO@internet2.edu

Thank you!

  • No labels