Notes - conference call - 5/1/09:
Vendor subgroup minutes
David Kennedy (Duke) -- Chair
Jason Zavar (OCLC)
Kent Percival (U of Guelph)
Andy Ingham (U of North Carolina)
Fred Zhang (Michigan State)
Adam Chandler (Cornell)
Joy Veronneau (Cornell)
Foster Zhang (Johns Hopkins)
Dean Woodbeck (Internet2)
(sorry if I missed some attendees)
Notes by Ingham
Reviewed goals and subgroup proposal, as sent by Dave Kennedy prior to the call.
Goals (as introduced by Kennedy):
#1: Prioritize a list of resources
-determine the list of resources, with choices based not only on volume but where it adds value (beyond perhaps just the SSO aspect) [e.g., such as attribute based authorization OR personalization]
-majority should be ones that are already shib-capable ?
#2: Document recommendations for service providers
-whys and hows, with lots of specifics
#3: Develop a registry of compliant resources
-includes what it means to be compliant
-there is usefulness in building the registry for the benefit of building the business case for Shibboleth
General discussion around the above:
Should use lessons learned from Phase I (solutions developed but not well documented and also not delivered to vendors)
Should also use lessons learned from UK experiences
Important to attract OTHER providers with reasons that they can buy into on the first pass
We can come up with a list of items initially, but that needs to seed a dialogue with the vendors.
May be helpful to find some way to "give the vendors 'credit'" for reaching each milestone along the road to "compliance". (potentially via a list of checkboxes - to tick off ?)
Examples thrown out as potential "stages of compliance":
1. having initially enabled Shibboleth
2. joinging InCommon
3. enabling sessionInitiators
...
We should have a draft of the stages of compliance PRIOR to approaching the vendors
Adam Chandler discussed the NISO initiative
Why pair this work with that of the NISO group?
all the main vendors are part of NISO - this will be an important stamp of approval from that standards group
This got underway last fall, became a NISO work item, then got voted on, now working group membership is being selected and volunteers sought. (Kennedy volunteered during the call and Ingham volunteered separately afterward to be involved with the NISO group.)
The products it addresses are still "fuzzy"
It goes BEYOND EZproxy (e.g., if they come at restricted sites from the open web, how will users then get authenticated ?)
we can help define a lot of the work just by taking the initiative
loose coupling between the two initiatives
the NISO initiative is very vendor-centric (from the vendor perspective, they deal with multiple federations and so come at this from a different angle)
Discussion around the NISO initiative:
Fair to say that the NISO initiative is more strategic and the inCommon group more tactical / directed ? (general agreement is yes)
time frame of a couple months for incommon
much longer time frame for the NISO initiative
with inCommon, we can begin by creating the registry, defining the criteria getting the ball rolling for individual campuses and then potentially subsuming this to the NISO work
where should the registry live? (is it an inCommon registry or a Shibboleth registry?)
process should start from the InCommon mandate, but can proceed to a (UK-like) model where we continue to maintain and that it includes even those vendors that DON'T support Shibboleth
IF all goes well, we are somewhat trying to prove Shibboleth as the de facto standard. If that is what ends up documented, and it works, it will snowball.
Tasks going forward
coming up with the criteria (framing out the checkboxes)
come up with the registry (and put it onto the wiki)
coming up with vendors we want to contact
come up with a strategy for HOW to contact vendors
we should move all the documentation onto the internet2 wiki
Kennedy to work with Dean to set aside a couple of documents / pages about the registry and what our tasks are
Chandler volunteered to help Kennedy setup the website (Foster Zhang also?)
Zabar from OCLC (happy to participate but wary of conflict of interest)
Noted that shib access to FirstSearch is NOW available for InCommon participants (should this be one of the first ones in our registry?)
strengthening the use case for VENDORS due to the network effect that benefits EVERYONE
Believe it possible to have most of this done in the next two months
should we have the subgroup conference call more frequently, instead of such frequency with the larger group
seemed agreement for bi-weekly calls for the sub-group
Discussion about the list of the top 10 resources to address:
Kennedy has since decided he'd like to add RefWorks, since it allows personalization
Chandler suggested just start with the list that Kennedy sent previously via email
It will provide a starting point and lets us get started ASAP
Should we instead focus on products instead of vendors? (proquest, for instance, has any number of products, with varying levels of support / viability for integration)
two columns (one for resources and one for vendors)
in the UK, the registry is based to some degree on the time frame (e.g., these vendors are committed to supporting Shib on this time frame)
perhaps we could "deprecate" the lists from phase I
the "new" list (registry) should have various bits of information, such as who the vendors are, when they were contacted, what we know about them. Keep this separate from the list of "desirable" / to-do vendors / resources.