...
How to handle multiple data sources connected to an IdP.
**************
SEE ALSO compilation of Next Steps and Action Items from the Session Notes
**************
...
ACAMPs in the future? Is this useful? Longer?
...
- DSpace and Fedora (+ others?) missing, as other prominent open source communities...
- What is required for federation interoperability? What conventions are needed?
- Should eduPerson extensions or evolution be addressed at ACAMP?
Action Items/Next Steps Recorded in Individual Sessions
ECP Session
...
ACTIVITIES GOING FORWARD / NEXT STEPS
...
https://wiki.shibboleth.net/confluence/display/SHIB2/ECP is the home for Shibboleth work around ECP support
[All] Add links on the SHIB2/ECP wiki page that point to other pages where this nascent ECP interest group's activities can be described. Use those linked pages as a home on the web for ongoing discussions
] collaborate to deliver a Python ECP client module that returns a Python cookie-jar containing session cookies that allow your Python app to keep talking to the SP Wiki Markup \[Roland Hedberg, Scott Koranda
] Refactor his HPC access via SAML solution to use the ECP approach Wiki Markup \[Arnie
working with Condor group on ECP-enabled file mover. Wiki Markup \[ACAMPScribe:ScottK\]
] Suggest to InCommon that they should consider recommending that sites protect their ECP endpoint on the IdP with X.509 certs. Otherwise there will be as many varieties of protection as there are ECP endpoints. Wiki Markup \[ScottK and all
- Friday morning "ECP Continued" discussion|display/ACAMPIdSummit2011/ECP+the+discussion+continues|||||||\: X.509 may be too limiting. Basic Auth use cases (Live@EDU) are common. Multiple ECP endpoints? One for X.509 and one for Basic Auth?
REQUESTS:
- Todd Picket: Document other ECP clients & how you use them: PAM/Shib
- ECP reading list, tutorial??
Dealing with Multiple Attribute Stores and the Shib IdP
ACTIVITIES GOING FORWARD / NEXT STEPS
1. Document the use of attribute aggregation.
2. Get input on the multi-datastore handling by the IdP from IdP developers.
Grouper Permissions Allow/Deny
ACTIVITIES GOING FORWARD / NEXT STEPS
- Looking at agreeing on adopting one of the simpler UI's? - Status of maturity of API's?
- What are the use cases for this?
SPs Over-Trusting Weak Identities, What to Do?
ACTIVITIES GOING FORWARD / NEXT STEPS
- Perform or complete a classification of confidential data at the institution.
- Where possible, require a risk assessment from any unit using authentication information.
- Where possible, gather information after the fact about sites using authentication information.
- Where possible, gather information after the fact about sites using authentication information.
- Have a conversation about VPN and level of assurance at the institution, come to an understanding and publish it.
- Repeat for services other than VPN.
OAUTH
ACTIVITIES GOING FORWARD / NEXT STEPS
- Look forward to CAS OAuth support.
- Look forward to finalization of OAuth 2.0 and stabilization of the OAuth protocol.
- Gain more experience using OAuth with apps
Roles Vs Groups Rematch
ACTIVITIES GOING FORWARD / NEXT STEPS
- Finding a common space where we can throw up doc from campuses that have done significant role engineering
- Campuses using Grouper should share how they are establishing/defining groups vs roles, and push towards a common ground
FIFER API
ACTIVITIES GOING FORWARD / NEXT STEPS
- Need to figure out best way to move forward WRT preferred approach for Group Web Service aka Alternate Demo Plan Mock-ups
- FIFER needs project player (FIFER API consumer) input, but also those in VO/CO space
Permissions Mgmt UX and UI Issues
...
ACTIVITIES GOING FORWARD / NEXT STEPS
...
: Mock up a UI... Wiki Markup \[ACAMPScribe:TomZ\]
: Bring selected UX/UI Business Analysis experts at our institutions into the ongoing conversation (SteveC: Their first question is gonna be "What are your requirements?" (knowing laughter from the audience) Wiki Markup \[ACAMPScribe:All\]
Create child wiki pages off the "MACE-Paccman" site. Adopt "Permissions Management UX/UI" as an ongoing Paccman work item and as a regular agenda item for Paccman conference calls. Supplement the "Canonical Use Cases with Solutions" with material from this group's work. Wiki Markup \[ACAMPScribe:KeithH\]
Contact Nils about what Surfnet Conext and COIN offer and about his willingness to participate in these discussions Wiki Markup \[ACAMPScribe:KeithH\]
Email hazelton@wisc.edu if you are interested in participating in ongoing work Wiki Markup \[ACAMPScribe:All\]
Draft a mini-charter for an effort to develop something like an RFP for a Permissions Management UI/UX Package Wiki Markup \[ACAMPScribe:MichaelG\]
CIC InCommon Silver Certification
ACTIVITIES GOING FORWARD / NEXT STEPS
InCommon to
- develop a list of campuses implementing InC IAPs
- create a mailing list of folks implementing InC IAPs who wish to share ideas
- announce when a campus becomes Silver (or Bronze) compliant on the InC Participants list
- create an implementation wiki to include case studies and community-driven implementation FAQ
Buildling Partnerships between Research and IT (IdM)
ACTIVITIES GOING FORWARD / NEXT STEPS
- Sharing of U of Toronto's document.
- Sharing of the job descriptions of the Customer Relations Manager, or the central IT research support staff member.