COmanage Call 11-June-2010
*Attending*
Heather Flanagan, Independent (chair)
Ken Klingenstein, Internet2
Tom Barton, University of Chicago
Steven Carmody, Brown
Renee Frost, Internet2
Benn Oshrin, Internet2
Dan Pritts, Internet2
Ann West, Internet2
Steve Olshansky, Internet2
Emily Eisbruch, Internet2, scribe
*New Action Items*
[AI] (Steven and Benn) will continue to work on demo development.
[AI] (Ken) will initiate discussion with UK around collaboration platform work.
[AI] (Heather) will raise the VO Cookbook issue on the upcoming International Collaboration Call.
*Carry Over Action Items*
[AI] (Steven) will email the COmanage-dev list a pointer to information on the Shibboleth Discovery Service.
[AI] (Jim) will send the group screenshots of the Penn State Confluence dashboard.
[AI] (Benn, Jim, Chris, Steven) will discuss what's needed to move ahead with the Women's Science Network VO. (on hold as of June 11, 2010)
DISCUSSION
*Demo Script*
There was positive response to the demo script that Steven emailed on June 10. This is the generic researcher demo script, and other demo scripts may follow. Rob and Shilen at Duke will provide some input on student use of the portal for additional scripts. Management of permissions is an area of the demo where Steven would like input.
The demo script might be used for both:
- an ESnet presentation in early July
- GENI Engineering meeting in San Diego July 20-22
The initial demo will be constructed in a generic environment. People will log in from any IdP that's a member of InCommon. Phase two could be to construct a demo in a GENI ORCA environment. ORCA has a portal, so mapping will be needed. More research into the requirements will be necessary to explore the potential issues.
The idea was raised of adding a box for additional services to be registered. Currently, there is an assumption that trust has been previously established. In the future, support of adding/registering additional services could be another capability of the COmanage platform.
There was discussion of the reason for passing along a delegated token versus having the backend tier doing an attribute query. Steven explained that the delegated token is being passed along so that the backend tier can validate the token by querying the VO's IdP. The attribute assertion that the portal gets from the VO can't be delegated since it isn't associated with the authentication assertion. The application does not have a notion of federation with the COmanage platform itself. In the future, it could make sense to establish a federation of services associated with the COmanage platform.
[AI] (Steven and Benn) will continue to work on demo development.
*Grouper and COmanage*
Benn plans to integrate Grouper 1.6, with its user interface, into COmanage. It was noted that Grouper 1.6 has web service support for permission management, but not a UI for permission management. The Grouper Team is waiting for a use case to develop the UI for permission management.
Q: If inside COmanage, someone defines a permission and gives it to a group, can the IdP retrieve the permission value from within COmanage?
A: It is possible to retrieve permissions from Grouper via XMPP or ESB. It may be possible via Ldappc-ng in the future.
Benn and Steven should be sure to loop in Chris Hyzer in making requests for Grouper features.
*COmanage Brand and Effort*
Ken and Heather both agreed with Benn's assessments in his "COmanage Brand and Effort" summary, emailed to the group on June 10.
Ken remarked on the need for further clarification/definition of the word "domestication." Niels is starting to work on a document to accomplish this, including to clarify that applications can be domesticated against a variety of calls.
The Dutch are also building a registry of domesticated applications. This will show for domesticated applications, which kinds of external calls they are domesticated against.
It was noted that hearing from NSF about pending grant applications will help to establish the priorities for COmanage work.
Concerning deploying a COmanage service offering, the level of commitment required from Internet2 or InCommon will be an important factor.
TomB suggested that for the time being it could make sense to focus on developing COmanage capabilities as a set of web services that could be exposed as web services or wrapped as UIs.
*Debrief on TERENA/REFEDS meeting*
There was a meeting at end of the TERENA called "Collaborating on Collaboration: are we going somewhere?," led by Niels and Andras Kovacs (NIIF/Hungary).
http://tnc2010.terena.org/schedule/meetings/index.php?event_id=20
It was a productive session, attended by about 20 people people representing 5-6 different federations.
*Cookbook / Checklist for VOs*
The need for some defined profile of output by various group management tools was discussed.
TomB noted that in Grouper, group objects and role/permission objects are handled the same way in terms of namespace. There are objects for permission definition and objects for permission assignment/delegation, and all are structured in a consistent and flexible way.
It could be helpful to provide guidelines on how VOs should define their namespaces and handle authority/releasing of attributes, and define a WAYF. Heather will raise this as a discussion topic for the next meeting with Niels.
[AI] (Heather) will raise the VO Cookbook issue on the upcoming International Collaboration Call.
Ken noted that given the substantial traction of Grouper in the UK and the fact that a fair number of VOs will have bases in the UK, it would be helpful to initiate discussion on collaboration platforms.
[AI] (Ken) will initiate discussion with UK around collaboration platform work.
Next Call: Friday, June 25, at 2pm ET