Versions Compared

Old Version 5

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Heather Flanagan, Internet2 (chair)   
Steven Carmody, Brown   
Tom Barton, U. Chicago
Keith Hazelton, University of Wisconsin-Madison
RL “Bob” Morgan, U. Washington
Dan Pritts, Internet2
Benn Oshrin, Internet2
Steve Olshansky, Internet2  
Emily Eisbruch, Internet2 (scribe)  

New Action Items

Wiki Markup\[AI\] (Keith) will check with Project Bamboo concerning IRODS connection.unmigrated-wiki-markup

\[AI\] (RL "Bob") will initiate a GSS / SAML / LDAP discussion with Scott Cantor.unmigrated-wiki-markup

\[AI\] (Keith) will send a pointer to OpenSearch information

Carry Over Action Itemsunmigrated-wiki-markup

\[AI\] (Ken) will provide a link to the French listing regarding applications and sets/bundles of attributes.      

Wiki Markup\[AI\] (Ken) will contact David Groep about VOMS GUMS.      

Wiki Markup\[AI\] (Steven) will develop a one-page write-up on attribute aggregation.   

DISCUSSION

List Names, Charters, and Project Org Structure

Heather reported that after discussions with stakeholders, it was decided:
    • There is currently no need for a new oversight / advisory group for COmanage
    • The existing COmanage-dev group should be renamed to COmanage TAC
    • In the future, if there are multiple developers, the name COmanage-dev could be used again.
    • "COmanage Gears" will be called "COmanage Registry." That is the name that has picked up traction anyhow.unmigrated-wiki-markup

*iRODS/Shib call*     • A recent call instigated by iPlant was useful in clarifying issues related to iRODS work     • iPlant plans to allocate some of the SDCI sub-award to fund iRODS to become Shibboleth enabled.     • Representatives from the iRODS program at UNC were on the call, and they had a good technical understanding     • The UNC group will look at writing policy in the iRODS policy engine to take advantage of SAML-delivered attributes     • In the longer term, the work ScottC has done as part of Project Moonshot could be helpful     • GSS is promising in solving the challenges the iRODS people are working on     • The Moonshot work connects GSS with Radius and EAP     • There is also a SAML, non-Radius approach     • If we want to reuse SAML infrastructure for this purpose, we need to make the resources available. JANET devoted resources to the Moonshot work, and JoshH has assembled a team with a broad set of skills.     • In the draft document, ( [call
    • A recent call instigated by iPlant was useful in clarifying issues related to iRODS work
    • iPlant plans to allocate some of the SDCI sub-award to fund iRODS to become Shibboleth enabled.
    • Representatives from the iRODS program at UNC were on the call, and they had a good technical understanding
    • The UNC group will look at writing policy in the iRODS policy engine to take advantage of SAML-delivered attributes
    • In the longer term, the work ScottC has done as part of Project Moonshot could be helpful
    • GSS is promising in solving the challenges the iRODS people are working on
    • The Moonshot work connects GSS with Radius and EAP
    • There is also a SAML, non-Radius approach
    • If we want to reuse SAML infrastructure for this purpose, we need to make the resources available. JANET devoted resources to the Moonshot work, and JoshH has assembled a team with a broad set of skills.
    • In the draft document, ( http://tools.ietf.org/html/draft-cantor-ietf-kitten-saml-ec-01 ) |http://tools.ietf.org/html/draft-cantor-ietf-kitten-saml-ec-01] GSS is the last mile to client, but there is SAML ECP architecture upstream     • On the iRODS call, there was some discussion of SP native attribute aggregation     • Some of the attributes relevant here are iRODS managed     • The attribute aggregation approach can imply a lower level of privacy     • IRODS has been deployed w Kerberos support     • JimL noted that storage grids use a server to server approach, using protocols other than HTTP     • It is likely that in the future a lot of repositories will be based on IRODS     • DuraSpace will make iRODS an option     • Could be important to include file sharing inside of the COmanage framework \[AI\] (Keith) will check with Project Bamboo concerning IRODS connection. GSS is the last mile to client, but there is SAML ECP architecture upstream
    • On the iRODS call, there was some discussion of SP native attribute aggregation
    • Some of the attributes relevant here are iRODS managed
    • The attribute aggregation approach can imply a lower level of privacy
    • IRODS has been deployed w Kerberos support
    • JimL noted that storage grids use a server to server approach, using protocols other than HTTP
    • It is likely that in the future a lot of repositories will be based on IRODS
    • DuraSpace will make iRODS an option
    • Could be important to include file sharing inside of the COmanage framework
[AI] (Keith) will check with Project Bamboo concerning IRODS connection.

[AI] (RL "Bob") will initiate a GSS / SAML / LDAP discussion with Scott Wiki Markup\[AI\] (RL "Bob") will initiate a GSS / SAML / LDAP discussion with Scott Cantor.

GENI

    • Steven reported that Tom Mitchell is working towards the July demo.
    • This involves building a portal showing someone authenticating on the inbound side with SAML, and then being able to interact with GENI components on the backend via the portal
    • The portal would have something like a CILogon functionality and map incoming SAML assertions to certificates

...

    • Keith noted that Bamboo may be considering incorporating the OpenSearch approach to queries and repositoriesunmigrated-wiki-markup

\[AI\] Keith to send COmanage the URL for the wiki pages on opensearch.org

    • Using Google Scholar can address some of the needs for federated search.

...