Minutes: COmanage TAC call 19-Aug-2011
Attending
Ken Klingenstein, Internet2 (stand-in chair)
Benn Oshrin, Internet2
Scott Koranda, U. Wisconsin - Milwaukee (LIGO)
Marie Huynh, U. Wisconsin - Milwaukee (LIGO)
Keith Hazelton, University of Wisconsin
Steven Carmody, Brown
Michael Gettes, CMU
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)
New Action Items
[AI] (Steven) will send Ken details on the Commerce Dept. safe harbor issue.
[AI] (Keith) will check whether the Project Bamboo IAM infrastructure work plan is available on the wiki, and if yes, he will send the group a link.
Carry Over Action Items
[AI] (Ken) will send out a link to the Eve Maler presentation from the July 2011 Cloud Identity Summit.
[AI] (Keith) will start a problem statement on the need for a "virtual Switzerland."
[AI] (Keith) will check with Project Bamboo concerning IRODS connection.
[AI] (Keith) will send a pointer to OpenSearch information
[AI] (Ken) will provide a link to the French listing regarding applications and sets/bundles of attributes.
[AI] (Steven) will develop a one-page write-up on attribute aggregation.
DISCUSSION
LIGO Report
• ScottK introduced Marie Huynh, a University of Wisc. - Milwaukee employee, located at Caltech.
• LIGO / COmanage test bed is getting set up
• She will participated in LIGO meetings scheduled for August and Sept.
• There is a meeting at Caltech at end of August, plan is for Benn to attend and Heather to call in.
• There will be LIGO face-to-face meeting in Milwaukee Sept 21 and Sept 22. Focus on IdM, and COmanage will be on the agenda.
• Hope that Benn can attend
• Marie will attend the 2011 Internet2 FMM in Raleigh
•
• There is a draft InCommon membership application in the works.
• It is in the hands of JohnK
• Scott would like LIGO to be a member of InCommon by the October meeting timeframe.
SP Onboarding Report (Steven)
• InCommon TAC created a subgroup to look at simplifying process of using federated identity to access non-commerical SPs who do collaborative work and require attributes (e.g. Teragrid and LIGO)
• Current default is for campuses to release no attributes
• The subgroup recommended having campuses release an attribute bundle by default to such sites
• Proposal went to InCommon Steering, which did not object to this recommendation
• KevinM is taking the proposal to the CIC CIOs
• RodneyP is taking the proposal to a campus security officers group
• Hope to have the feedback from those groups by mid-September,
• Hope to have a demo IdP that will demonstrate best practices
• Identity linking and use of social ID are topics that will most likely come up as this process evolves
•
• Interesting footnote: Steven is working on a effort to clarify policy related to campuses using Shib directory info for students who do not opt out on FERPA
• This effort could also lead to clearer access to the SPs in question
• Ken noted that Research.gov is accepting campuses and this should ease access to FastLane
• University of Wisc. is listed as an early adopter
• CMU is also involved and has made some suggestions on ease of use.
• Account linking with the previous account via the new federated authentication seems to be working
REFEDs
• Steven reported that REFEDs formed a working group to reduce barriers to attribute release across national boundaries
• They are looking at the best way to handle the EU privacy regulations
• The REFEDs group seems to have a consensus on a policy framework
• starting to work on technical issues
• Hope that at September REFEDs meeting in Finland there will be a report out with recommendations
• There may be requirements related to notification and consent GUIs with SAML implementations
Q: Will uApprove be a likely vehicle to address these issues?
A: the ultimate solution could be something like uApprove
Q: Will these issues be addressed inside Shibboleth?
A: Yes, most likely these requirements will be addressed inside Shibboleth.
Ken: appreciation to Steven for all his efforts on this important and difficult set of issues
If applications are tagged for nature and attributes, this will involve work inside of Shibboleth, SimpleSAML and other places.
Safe Harbor Issue
• A challenge exists where there is an EU-based IdP accessing a US-based SP,
• The operator of the US-based SP must comply with Commerce Dept. safe harbor guidelines
• However, the Commerce Dept. excludes higher ed from the program
• Steven would like a contact in the Commerce Dept. to discuss this with
[AI] (Steven) will send Ken details on the Commerce Dept. safe harbor issue.
COmanage Development (Benn)
• COmanage 0.2 is now tagged in SVN
• Much of the focus was on getting the code in shape for the LIGO meeting in Pasadena in late Aug.
• Work has been done on the relationship between a CO person and the roles they can have
• Ken noted that the enrollment process work is increasingly important in contexts beyond COmanage.
• Benn: enrollment is most likely the next major item to focus on.
Project Bamboo
• Keith reported that Project Bamboo will partially fund some Univ. of Wisc employees over the coming months.
• These individual are information architects (primarily Keith) and some SysAdmin personnel from the Middleware Infrastructure group
• Work will focus on on the IAM infrastructure and the integration and restful web services areas
• Keith set up a directory server and will be building a COmanage registry
• Grouper integration into the project is scheduled for October
• An American counterculture research use case is being used (not a real use case)
• There will be use of SAML ECP in portal-like setting
• Working on doing ECP in a non browser environment; thanks to ScottK for his help on this
• Keith also hopes to look into the OpenConext work from the Netherlands
[AI] (Keith) will check whether the Project Bamboo IAM infrastructure work plan is available on the wiki, and if yes, he will send the group a link.
• Ken: the topic of groups with federated members is getting more attention.
• Michael and Ken will be at Box.net meetings the week of August 22
• Internet2 is talking with Box.net regarding a potential service offering
• Unknown if box.net services will be available to VOs
Globus Online CMP
• Globus Online has been working on data movement mechanisms
• They are now planning to create their own CMP and their own group tool
Next COmanage-TAC call: Friday, 2-Sept-2011, 2:00 pm ET