Date: Thu, 28 Mar 2024 12:12:00 +0000 (UTC) Message-ID: <241616869.6295.1711627920603@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6294_1483389381.1711627920600" ------=_Part_6294_1483389381.1711627920600 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Welcome and Introductions
* Thomas J. Barton, Senior Director for Integration, Univer= sity of Chicago and *Ann West, Sr. Program Manager, Internet= 2/EDUCAUSE, Michigan Technological University
Access Management Building Blocks
* Tom Dopirak,Sen= ior Consulting IT Architect, Carnegie Mellon University (slides)
Q: What are the different terminologies in this access management space?=
A: There are different vocabularies for policy and for software. X= ACML has a terminology, Kerberos has a terminology, Active Directory has a = terminology. The MACE-paccman working group wiki has a comparison bet= ween XACML and Signet and are hoping to build more terminology mappings in = the glossary.
Q: How should we handle scalability issues that arise when role-based ac= cess management is embedded in the application?
A: That's a problem. If you build a wonderful access management pr= ogram and it can't interact with the applications, that's also a prob= lem. Ways of doing application integration will change as new technol= ogies come into view.
Categorizing Access Management Challenges
* Rob Carter, Consultant, IT, Duke University , * Scott Ful= lerton, Sr IT Architect, University of Wisconsin-Madison (slides)= p>
Q: Thinking in terms of an application a campus might buy, how do you ho=
ok it up? Who has what role? What questions should we ask vendors?
A: When we are looking at implementations, think in terms of what IdM info=
we have available and what will the applications want to consume? Also, as=
k to what extent the potential application meshes with business processes y=
ou have in place, and If it does not mesh, how does the data support the ne=
w business process it's forcing on you.
Q: How to handle a very complicated workflow, with many roles, ranks, sc= hools, etc.?
A: Try to figure out if there are groupings that can be more broadly pro= visioned.
Discussion and Lightning Rounds: What are Your Use Cases?
* Moderator: Tom Barton, Senior Director for Integration, U= niversity of Chicago
* Caleb Racey, Newcastle University
Access Controlling Online Resources -- Wikis, Lecture capture, Room Book= ing (not= es)
* Michael McDermott Brown University
Security Faculty Information Systems(slides)
* David Langenberg, University of Chicago
Quarterly Instructor Access, Student testing(slides)<= /a>
* Jimmy Vuccolo, Pennsylvania State University
Financial Workflows (notes)
* Liz Salley, University of Michigan
Organizations as Subjects (notes)
* Jim Beard, University of Oregon
Thorns in Password Reset (notes)
Describing the Solution Patterns and Real World Examples
* Elizabeth A. Sa= lley, Product Manager, Michigan Administrative Information Services, Univer= sity of Michigan-Ann Arbor (Mod= erator and Presenter),
* Tom Barton, Senior Director for Integration, University o= f Chicago
* Caleb Racey, Middle= ware ISS, Newcastle University
(slides - Elizabet= h, Tom and Caleb)
* Steven Carmody, IT Architect, Brown University (slides)
Discussion and Lightning Rounds: Testing the Solution Patterns= strong>
* Moderator: Tom Barton, Senior Director for Integration, U= niversity of Chicago
* Jean Marie Thia, University Pierre et Marie Curie
Shibboleth attributes for SharePoint (slides)
* Paul Hill, MIT
perMIT (notes)= a>
* Caleb Racey, Newcastle University
Access control with Shibboleth and Grouper. How to populate identity sto= res. (notes)
* David Bantz, University of Alaska
Organizational hierarchy & the phone book (slides)
* Luca Fillipozzi, University of British Columbia
A physical access management solution (notes)
* Astrid Fingerhut, University of Chicago
Trusted Agent program (n= otes)
Environmental Scan - What Technology Tools Work (and Don't Work)= ?
* Moderator: Tom Barton,= Senior Director for Integration, University of Chicago=
*Bill Kasenchar, Project Leader, University of Pennsylvania<= /em> (slides)
* Laura Hunter, I= dentity Architect, Oxford Computer Group (slides)
* Bob Bailey, Sr. Dev= eloper, Lafayette College (slides)
Q for Bob Bailey: How are you dealing with latency issues for sync=
hronous writes into the OpenLDAP directory?
A: we only have 5000 entries in our LDAP dir. So we don't have a problem.<=
/p>
Q: If someone in the business school, for example, wants to know groups = in other part of campus. How do you handle appropriate boundaries for= sharing?
A: from Bill Kasenchar: You ca=
n allow or deny that level of sharing.
A: from Bob Baily: with OpenLDAP, you just add somebody to a group. The si=
mple solution is that access is granted based on group affiliation.
A: from Laura Hunter: AD natively makes that challenging, everyone has acc=
ess to everything. There are ways to tweek around it.
Environmental Scan - What Policy and Process Approaches Work (an= d Don't Work)?
* Elizabeth A. Salley, Product Manager, Michigan Administrative Info= rmation Services, University of Michigan-Ann Arbor (moderator and panelist)= (slid= es)
*Andrea Beesing A= ssistant Director, IT Security, Cornell University (slides)= p>
* Renee Shuey, Senior Systems Engineer, The Pennsylvania State Unive= rsity = (slides)
Q: Why did the University of Michigan project need to go back several ti=
mes to get funded? What was that process like?
A: Our project was one of the first, and there was the question of "how do=
we fund projects like this." We thought we could get funded without knowin=
g what technology to put in place. Then we did the RFP, and we chose Novell=
IdM. Key stakeholders wanted to know the technology before approving=
funding.
Q: What are the key awareness and education issues involved?
A: We need to work hard to find ways to create the understanding that this=
is not just an IT effort, it's about the community.
Bringing the Workshop Home: Applying Your Knowledge to Your Acce= ss Mangement Challenges
BREAKOUT SESSIONS:
Lightning Rounds of Use Cases, Solutions Integration, and Relate= d Topics
* Moderator: Jens Hauesser, Director, Strategy, The University of Br= itish Columbia
* Chris Hyzer, University of Pennsylvania
Grouper Future Features, (slides)
* Kent Fong, University of British Columbia
UBC's IdM program
(notes)
* Jim Beard, University of Oregon
IdM Implementation from the Rear View Mirror (notes)
Looking Forward
Moderator: Elizabeth A. Salle=
y, Product Manager, Michigan Administrative Information Services, =
University of Michigan-Ann Arbor
Panel: * Ken Klingenstei= n, Direc= tor, Internet2 Middleware and Security, Internet2
* Tom Dopirak, Senior Consulting Architec= t, Carnegie Mellon University
* Michael McDermott, = Senior Programmer/Analyst, Brown University
* Bob Bailey, Sr.= Developer, Lafayette College
Q: We spent time in lightning rounds talking about use cases and solutio= n patterns and trying to build that into a design pattern library. What wou= ld you like to see as next steps for making some of that happen?
A: Clear writing and scribing those use cases anad patterns = and recipes for how they might be implemented is really helpful to a lot of= people to understand how to approach the space in different ways.
Q: Why shouldn't we look at open source as being as viable as a sole pro= prietor solution?
A: Issues detering people from open source solutions include desire for = a support contract, desire for "someone to yell at" if things go wrong, nee= d to have folks on your team who can modify it, worries about scalability.<= /p>
Comment: it can be possible to get a support contract for open source, s= uch as with Debian or Open LDAP
Buddy Groups were formed for ongoing consultation and support with acces= s management issues.
See Buddy Groups page<= /p>
- Looking at use cases and solution patterns was helpful. It's important= to continue the approach.
- Would be nice to have more breakout session opportunities.
- At future CAMPs, it would be good to facilitiate a dinner out, w= here people can go to a certain restaurant and chat about a designated topi= c of common interest.