COmanage BOF at Internet2 SMM Arlington, VA Monday, 26-Apr-10
*Introduction*
Heather Flanagan, Stanford (chair), welcomed the group.
http://www.internet2.edu/presentations/spring10/20100426-comanage-flanagan.pdf
*Agenda*
- How does the architecture look to you?
- Definition of domestication?
- Service model
- Issues around Configuration Management
- Provisioning and De-provisioning
- Do we have a system administration problem?
- Big VOs are one thing, but what about the little VO?
- What are other people/companies doing -- is that perhaps a better direction?
*COmanage Model*
The COmanage model includes:
- Dashboard
- Shib SP
- Shib IdP (provides attributes to applications/SPs that need them, assuming they speak SAML)
- Grouper
- STS
- Ldappc (including provisioning)
- Data Store (LDAP Directory)
Other collaboration management platforms have used the same model, but with a different data store (instead of LDAP). The Swiss have a very nice collaboration platform, but it does not handle SAML.
Q: Where does COmanage stand in regard to providing applications or not?
A: When the COmanage team worked on the VM, user-facing collaborative applications were included and we ran into difficulties. The future direction may depend on the needs of organizations that become the pilot users.
*Attributes *
Inside of COmanage there is a mix of attributes from the enterprise and the VO.
Permissions can originate from the VO, Grid and SSH certificates.
Some organizations (such as the Grid community) prefer to have a second pass at attributes using local conditions.
*Service Model and Hosting*
Should InCommon or Internet2 host COmanage, if it's offered as a hosted service?
For domain science, having COmanage as a hosted service can be very attractive.
Supporting applications is problematic, but small VOs frequently want/need someone to support their applications
Can we offer a multi-tiered service? (Infrastructure, Applications, Support, with one inside the other). Then adopters could choose just what they want.
Tom Barton (U. Chicago, Grouper project lead) suggested that we ask ourselves what we are good at doing and focus on that (most likely that's providing the glue in the middle, NOT the applications)
Scott Koranda (LIGO/U. Wisconsin - Milwaukee) suggested that providing building blocks is good. The LIGO Collaboration uses Shib and Grouper. If blocks are built with the correct discreteness, it can be possible to solve multiple problems.
Michael Gettes, MIT (developer of the COmanage proof-of-concept) stated he does not believe that a COmanage VM is needed, given the resources required to provide such a packaged product. He noted that people want a unified experience, but they don't specifically need a VM.
It was noted that some organizations (like Penn State) have an IT Group that handles many VMs. Smaller institutions may prefer a cloud-based approach.
Niels van Dijk (SURFnet) commented that even if there is not a VM, it's good to have a low threshold to entry so folks can tinker with COmanage.
*Tech Writer*
Heather stated that a tech writer has been hired to document the COmanage work that has been developed over the past few years.
*Other Approaches to Collaboration Management*
Other approaches to collaboration management were reviewed:
Mike Grady (UIUC) commented on the CIC's work in Shibbolizing SharePoint. This SharePoint-enabled collaborative workspace has worked well, supporting several hundred collaboration groups.
Brown U. is exploring Google Apps for Education. One issue is that while many services in Google Apps for Education are SAML-enabled, IMAP (for mail services) is not yet SAML enabled. The Google Apps approach at Pepperdine was discusses at a track session: http://www.internet2.edu/presentations/spring10/20100427-fedcollab-group.pdf
The Dutch COIN model will establish a national collaboration infrastructure. COIN will incorporate Grouper and will not handle application services, just the "glue." COIN was discussed further in a track session: http://www.internet2.edu/presentations/spring10/20100427-fedcollab-group.pdf
SWITCH and Itumi are working on a collaboration infrastructure. This was discussed further at the MACE-paccman working group: http://www.internet2.edu/presentations/spring10/20100426-vo-platform-lajoie.pdf
Project Oz at Duke uses Grouper to manage collaborative tool suites for courses
Q: Do we need to be sure various collaboration platforms can talk to each other?
A: This could involve ensuring that data can be moved back and forth between platforms. It could also involve ensuring a consistent user interface experience, which does seem like a good goal.
Q: Should we resurrect SPML?
A: TomB noted that the new Ldappc uses SPML. University of Memphis plans to replace the Nexus system with the new Ldappc.