COmanage-Dev Call 26-Jun-09
Attending*
Heather Flanagan, Stanford (Chair)
Ken Klingenstein, Internet2
Tom Barton, U. Chicago
Michael Gettes, MIT
Renee Frost, Internet2
Ann West, EDUCAUSE, Internet2
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)
*New Action Items*
[AI] Tom and Michael will edit the PowerPoint diagrams to clarify issues.
[AI] Ken will send an email to the comanage-dev list inviting people to join a call with Dutch partners
[AI] Ken will be in touch with key contacts from Sweden and the UK about joining future COmanage calls.
[AI] Heather will suggest to the list a new earlier call time to accommodate European partners.
*Carry Over Action Items*
[AI] (Ken) will work on COmanage scripting.
[AI] (Digant and SteveO) will put together a demo video.
[AI] (SteveO) will discuss using a COmanage VM with the Attribute Workshop Program Committee.
[AI] (Digant) will register the Sympa bug in the COmanage JIRA for our reference, and follow up with Sympa developers/maintainers.
[AI] (Digant) will verify that Confluence is working with COmanage
[AI] (Digant) will incorporate the user dashboard that Steven designed into COmanage.
[AI] (Ken) will send an outline to Steven, Tom and Digant as a basis for talking to NSF about collaboration with HUBzero.
[AI] (Ken) will draft an email to interested parties who could be helpful in COmanage testing.
[AI] (Steven and Jim) will flesh out the existing developer domestication guidelines in the wiki.
[AI] (Ken) will ask his contact at the Norwegian Federation about Foodle.
[AI] (Bob) will provide to the list background on user stories.
[AI] (Ken) will talk with Lois about Fluid involvement in improving the COmanage GUI, scheduling it for later in the year.
[AI] (Chris) will contact Atlassian and try to obtain a timetable for Jira domestication. (Ken) will provide some wording for this communication with Atlassian.
[AI] (Bob) will send links to the group on the invitation problem.
[AI] (Ken) will send a note to his contact at OOI to explore their level interest (after the COmanage alpha is ready).
[AI] (Ken) will ping Frank Siebenlist from Argonne National Laboratory, who is interested in COmanage.
*Discussion*
*COmanage Framework Architecture Slides*
(posted in the wiki, linked from the Presentations page: https://spaces.at.internet2.edu/display/COmanage/Presentations)
The group discussed the COmanage Framework slides that Ken sent to the COmanage-dev list on 25-Jun-09.
Tom reviewed the diagram on Slide #12. The slide is not a roadmap; it is intended to represent what COmanage might become and to spur discussion about the possibilities.
Concepts expressed in the diagram:
To promote and support broader domestication of apps, common identity service interfaces and objects will be shared.
COmanage will interface with a range of services/apps:
- legacy (where data will need to be provisioned or pushed into COmanage)
- integrated (at least can do authentication and linking)
- domesticated (can do richer integration, including
passing of attributes)
Possible interfaces between COmanage and services/applications are IdP, LDAP, STS (security token service), ID Services (things we hope will come into being as an outgrowth of Identity Services Summit/Advanced CAMP), and Provisioner (for legacy apps). COmanage currently works with LDAP in that space. This diagram proposes that COmanage could eventually use other interfaces.
There is a blue box for a policy engine and one for monitoring and diagnostics - we have not substantially addressed these issues yet.
The uPortal box is represented in the service side in the diagram. This represents the possibility to put a portlet around some not-yet-domesticated capabilities in the service domain.
Ken reported that the Dutch appreciated the agnostic approach used in the diagrams to represent the IdP and SP, since they may not have Shibboleth in their configuration. Ken noted that the Dutch have developed some code for a user dashboard in PHP.
- Slide #13 -
Collabmin adds a new CO to the platform
1. Create group, assign Admin to power user
2. Allocate server resources
- Slide #14 -
Power user invites a collaborator and gives them privileges
1. Invite user
2. Add user to CO group
3. User receives invitation token, presents it to invitation service to register with the platform.
- Slide #15 -
End user accesses a service
1. User goes to service
2. Redirected to platform IdP, then back to user's home
3. Platform attributes, groups, and privileges added
Michael suggested making account linking a sub-aspect of the access manager. Michael also suggested tweaking the diagram to clarify that the services shown in the pink/orange box need not necessarily be part of the infrastructure of the VO. There could be completely external services interfacing with the VO and with the COmanage instance.
[AI] Tom and Michael will edit the PowerPoint diagrams to clarify issues.
*Ken's Comments*
The Dutch will convert slide #4 ("Positioning COmanage") into a schematic diagram showing Federations as waffles, enterprises as waffle bumps, and sprinkles as COmanage. The idea of this proposed diagram is to show distinctions between federations and enterprises and to highlight the lightweight aspect of COmanage.
A question was raised about the first part of bullet #1 stating that "COmanage is not intended as an enterprise-class approach, though many enterprises and federations may well deploy large numbers of instances or a ....."
Ken reported that the Dutch will create a video based on Slide #6 ("Four Types of Users") illustrating how the various types of users interact with COmanage.
The Dutch are looking into sponsoring a collaboration CAMP, not unlike the Identity Services Summit/Advanced CAMP in Philadelphia. One difference: some of the software the Dutch want to domesticate does not originate from the university/open source community.
*Development Collaboration*
How do we most effectively coordinate with other development communities?
A concern was raised that we need to clarify further what we are trying to produce and on what platform.
Heather suggested getting the European partners on the regular biweekly COmanage calls.
[AI] Ken will send an email to the comanage-dev list inviting people to join a call with Dutch partners
[AI] Ken will be in touch with key contacts from Sweden and the UK about joining future COmanage calls.
[AI] Heather will suggest to the list a new earlier call time to accommodate European partners.
*Next COmanage Call: Friday, July 10, 2009, 2pm ET*