...
Heather Flanagan, Internet2 (chair)
Steven Carmody, Brown
Tom Barton, U. Chicago
Keith Hazelton, University of Wisconsin-Madison
RL “Bob” Morgan, U. Washington
Dan Pritts, Internet2
Benn Oshrin, Internet2
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)
New Action Items
\[AI\] (Keith) will check with Project Bamboo concerning IRODS connection.unmigrated-wiki-markup Wiki Markup
\[AI\] (RL "Bob") will initiate a GSS / SAML / LDAP discussion with Scott Cantor.unmigrated-wiki-markup
\[AI\] (Keith) will send a pointer to OpenSearch information
Carry Over Action Itemsunmigrated-wiki-markup
\[AI\] (Ken) will provide a link to the French listing regarding applications and sets/bundles of attributes.
\[AI\] (Ken) will contact David Groep about VOMS GUMS. Wiki Markup
\[AI\] (Steven) will develop a one-page write-up on attribute aggregation. Wiki Markup
DISCUSSION
List Names, Charters, and Project Org Structure
Heather reported that after discussions with stakeholders, it was decided:
• There is currently no need for a new oversight / advisory group for COmanage
• The existing COmanage-dev group should be renamed to COmanage TAC
• In the future, if there are multiple developers, the name COmanage-dev could be used again.
• "COmanage Gears" will be called "COmanage Registry." That is the name that has picked up traction anyhow.unmigrated-wiki-markup
*iRODS/Shib call*
• A recent call instigated by iPlant was useful in clarifying issues related to iRODS work
• iPlant plans to allocate some of the SDCI sub-award to fund iRODS to become Shibboleth enabled.
• Representatives from the iRODS program at UNC were on the call, and they had a good technical understanding
• The UNC group will look at writing policy in the iRODS policy engine to take advantage of SAML-delivered attributes
• In the longer term, the work ScottC has done as part of Project Moonshot could be helpful
• GSS is promising in solving the challenges the iRODS people are working on
• The Moonshot work connects GSS with Radius and EAP
• There is also a SAML, non-Radius approach
• If we want to reuse SAML infrastructure for this purpose, we need to make the resources available. JANET devoted resources to the Moonshot work, and JoshH has assembled a team with a broad set of skills.
• In the draft document, ( [call
• A recent call instigated by iPlant was useful in clarifying issues related to iRODS work
• iPlant plans to allocate some of the SDCI sub-award to fund iRODS to become Shibboleth enabled.
• Representatives from the iRODS program at UNC were on the call, and they had a good technical understanding
• The UNC group will look at writing policy in the iRODS policy engine to take advantage of SAML-delivered attributes
• In the longer term, the work ScottC has done as part of Project Moonshot could be helpful
• GSS is promising in solving the challenges the iRODS people are working on
• The Moonshot work connects GSS with Radius and EAP
• There is also a SAML, non-Radius approach
• If we want to reuse SAML infrastructure for this purpose, we need to make the resources available. JANET devoted resources to the Moonshot work, and JoshH has assembled a team with a broad set of skills.
• In the draft document, ( http://tools.ietf.org/html/draft-cantor-ietf-kitten-saml-ec-01 ) |http://tools.ietf.org/html/draft-cantor-ietf-kitten-saml-ec-01] GSS is the last mile to client, but there is SAML ECP architecture upstream
• On the iRODS call, there was some discussion of SP native attribute aggregation
• Some of the attributes relevant here are iRODS managed
• The attribute aggregation approach can imply a lower level of privacy
• IRODS has been deployed w Kerberos support
• JimL noted that storage grids use a server to server approach, using protocols other than HTTP
• It is likely that in the future a lot of repositories will be based on IRODS
• DuraSpace will make iRODS an option
• Could be important to include file sharing inside of the COmanage framework
\[AI\] (Keith) will check with Project Bamboo concerning IRODS connection.) GSS is the last mile to client, but there is SAML ECP architecture upstream
• On the iRODS call, there was some discussion of SP native attribute aggregation
• Some of the attributes relevant here are iRODS managed
• The attribute aggregation approach can imply a lower level of privacy
• IRODS has been deployed w Kerberos support
• JimL noted that storage grids use a server to server approach, using protocols other than HTTP
• It is likely that in the future a lot of repositories will be based on IRODS
• DuraSpace will make iRODS an option
• Could be important to include file sharing inside of the COmanage framework
[AI] (Keith) will check with Project Bamboo concerning IRODS connection.
[AI] (RL "Bob") will initiate a GSS / SAML / LDAP discussion with Scott \[AI\] (RL "Bob") will initiate a GSS / SAML / LDAP discussion with Scott Cantor. Wiki Markup
GENI
• Steven reported that Tom Mitchell is working towards the July demo.
• This involves building a portal showing someone authenticating on the inbound side with SAML, and then being able to interact with GENI components on the backend via the portal
• The portal would have something like a CILogon functionality and map incoming SAML assertions to certificates
...
• Keith noted that Bamboo may be considering incorporating the OpenSearch approach to queries and repositoriesunmigrated-wiki-markup
\[AI\] Keith to send COmanage the URL for the wiki pages on opensearch.org
• Using Google Scholar can address some of the needs for federated search.
...