Versions Compared

Old Version 11

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version 12

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

How to handle multiple data sources connected to an IdP.

**************

SEE ALSO compilation of Next Steps and Action Items from the Session Notes

**************

...

ACAMPs in the future? Is this useful? Longer?

...

  • DSpace and Fedora (+ others?) missing, as other prominent open source communities...
  • What is required for federation interoperability? What conventions are needed?
  • Should eduPerson extensions or evolution be addressed at ACAMP?

Action Items/Next Steps Recorded in Individual Sessions

ECP Session

...

ACTIVITIES GOING FORWARD / NEXT STEPS

...

https://wiki.shibboleth.net/confluence/display/SHIB2/ECP  is the home for Shibboleth work around ECP support

[All] Add links on the SHIB2/ECP wiki page that point to other pages where this nascent ECP interest group's activities can be described. Use those linked pages as a home on the web for ongoing discussions

Wiki Markup
\[Roland Hedberg, Scott Koranda
]  collaborate to deliver a Python ECP client module that returns a Python cookie-jar containing session cookies that allow your Python app to keep talking to the SP

Wiki Markup
\[Arnie
]  Refactor his HPC access via SAML solution to use the ECP approach

Wiki Markup
\[ACAMPScribe:ScottK\]
working with Condor group on ECP-enabled file mover.

Wiki Markup
\[ScottK and all
]  Suggest to InCommon that they should consider recommending that sites protect their ECP endpoint on the IdP with X.509 certs. Otherwise there will be as many varieties of protection as there are ECP endpoints.

 
REQUESTS:

  • Todd Picket: Document other ECP clients & how you use them: PAM/Shib
  • ECP reading list, tutorial??

Dealing with Multiple Attribute Stores and the Shib IdP

ACTIVITIES GOING FORWARD / NEXT STEPS

1. Document the use of attribute aggregation.

2. Get input on the multi-datastore handling by the IdP from IdP developers.

Grouper Permissions Allow/Deny 

ACTIVITIES GOING FORWARD / NEXT STEPS

- Looking at agreeing on adopting one of the simpler UI's?  - Status of maturity of API's?
- What are the use cases for this?

SPs Over-Trusting Weak Identities, What to Do?

ACTIVITIES GOING FORWARD / NEXT STEPS

- Perform or complete a classification of confidential data at the institution.

- Where possible, require a risk assessment from any unit using authentication information.

- Where possible, gather information after the fact about sites using authentication information.

- Where possible, gather information after the fact about sites using authentication information.

- Have a conversation about VPN and level of assurance at the institution, come to an understanding and publish it.

- Repeat for services other than VPN.

OAUTH

ACTIVITIES GOING FORWARD / NEXT STEPS
- Look forward to CAS OAuth support.
- Look forward to finalization of OAuth 2.0 and stabilization of the OAuth protocol.
- Gain more experience using OAuth with apps

Roles Vs Groups Rematch

ACTIVITIES GOING FORWARD / NEXT STEPS

  • Finding a common space where we can throw up doc from campuses that have done significant role engineering
  • Campuses using Grouper should share how they are establishing/defining groups vs roles, and push towards a common ground

FIFER API

ACTIVITIES GOING FORWARD / NEXT STEPS

  1. Need to figure out best way to move forward WRT preferred approach for Group Web Service aka Alternate Demo Plan Mock-ups
  2. FIFER needs project player (FIFER API consumer) input, but also those in VO/CO space

Permissions Mgmt UX and UI Issues

...

ACTIVITIES GOING FORWARD / NEXT STEPS

...

Wiki Markup
\[ACAMPScribe:TomZ\]
: Mock up a UI...

Wiki Markup
\[ACAMPScribe:All\]
: Bring selected UX/UI Business Analysis experts at our institutions into the ongoing conversation (SteveC: Their first question is gonna be "What are your requirements?" (knowing laughter from the audience)

Wiki Markup
\[ACAMPScribe:KeithH\]
 Create child wiki pages off the "MACE-Paccman" site. Adopt "Permissions Management UX/UI" as an ongoing Paccman work item and as a regular agenda item for Paccman conference calls. Supplement the "Canonical Use Cases with Solutions" with material from this group's work.

Wiki Markup
\[ACAMPScribe:KeithH\]
 Contact Nils about what Surfnet Conext and COIN offer and about his willingness to participate in these discussions

Wiki Markup
\[ACAMPScribe:All\]
 Email hazelton@wisc.edu if you are interested in participating in ongoing work

Wiki Markup
\[ACAMPScribe:MichaelG\]
 Draft a mini-charter for an effort to develop something like an RFP for a Permissions Management UI/UX Package

CIC InCommon Silver Certification

ACTIVITIES GOING FORWARD / NEXT STEPS

InCommon to

  • develop a list of campuses implementing InC IAPs
  • create a mailing list of folks implementing InC IAPs who wish to share ideas 
  • announce when a campus becomes Silver (or Bronze) compliant on the InC Participants list
  • create an implementation wiki to include case studies and community-driven implementation FAQ

Buildling Partnerships between Research and IT (IdM)

ACTIVITIES GOING FORWARD / NEXT STEPS

  • Sharing of U of Toronto's document.
  • Sharing of the job descriptions of the Customer Relations Manager, or the central IT research support staff member.