1

Rewriting IAM Policies

Establish the TEP (Tools and Effective Practices) wiki space as the home for policy and governance discussions

Michael Pelikan

ECP

ScottK will continue work with the Condor group on the ECP-enabled file mover

ScottK

Tom will do some follow-up with leads on the ECP work

ECP

Add links on the SHIB2/ECP wiki page that point to other pages where this nascent ECP interest group's activities can be described. Use those linked pages as a home on the web for ongoing discussions

ECP

Collaborate to deliver a Python ECP client module that returns a Python cookie-jar containing session cookies that allow your Python app to keep talking to the SP

Roland, ScottK

ECP

Work with Condor group on ECP-enabled file mover

ScottK

ECP

Refactor his HPC access via SAML solution to use the ECP approach

Arnie

ECP

Suggest to InCommon that they consider recommending that sites protect their ECP endpoint on the IdP with X.509 certs. Otherwise there will be as many varieties of protection as there are ECP endpoints.

ScottK (and others?)

ECP

Document other ECP clients and how you use them PAM/Shib

requested by Todd Picket

ECP

Create an ECP Reading list / tutorial

not assigned

Multiple Attribute Stores and Shib IdP

Create documentation on the use of attribute aggregation. Get input on the multi-datastore handling by the IdP. Big question is how to handle multiple data sources connected to an IdP.

Mike Wiseman & Steven Carmody

RL "Bob" will do some follow-up with leads

OAUTH

ACAMP Prog. Committee should encourage the Social ID working group to deal with these issues:
- Look forward to CAS OAuth support.
- Look forward to finalization of OAuth 2.0 and stabilization of the OAuth protocol.
- Gain more experience using OAuth with apps

Social ID WG

Permissions Mgmt UX and UI

ACAMP Prog. Committee needs to encourage the MACE-paccman WG to address the items that emerged, including:

• Wiki Markup
  \[TomZ\]

  : Mock up a UI...*
•  

  Wiki Markup
  \[All\]

  : Bring selected UX/UI Business Analysis experts at our institutions into the ongoing conversation *

• Wiki Markup
  \[KeithH\]

   Create child wiki pages off the "MACE-Paccman" site. Adopt "Permissions Management UX/UI" as an ongoing Paccman work item and as a regular agenda item for Paccman conference calls. Supplement the "Canonical Use Cases with Solutions" with material from this group's work.*

• Wiki Markup
  \[KeithH\]

   Contact Nils about what Surfnet Conext and COIN offer and about his willingness to participate in these discussions*

• Wiki Markup
  \[MichaelG\]

   Draft a mini-charter for an effort to develop something like an RFP for a Permissions Management UI/UX Package

MACE-paccman

InCommon Silver Certification

Facilitate discovery of InCommon Silver work and sharing community work -- facilitate outreach on community outreach and outcomes
InCommon to

• develop a list of campuses implementing InC IAPs
• create a mailing list of folks implementing InC IAPs who wish to share ideas 
• announce when a campus becomes Silver (or Bronze) compliant on the InC Participants list
• create an implementation wiki to include case studies and community-driven implementation FAQ
  

Ann West

Making Services Discoverable to Users

ACAMP Prog. Committee needs to follow up with Michael and Roland to discuss concrete action items. (Establish standards for storing info? Work with SWITCH on this? Establish a service catalog? )

MichaelG and Roland

RL "Bob" will do some follow-up with leads

Identify Gaps in IdM

Ensure that a secure environment exists to have discussions about vendor products.

Identify Gaps in IdM

Berkeley and FIFER work together to develop some documentation for the community.

Identify Gaps in IdM

Identify people who can answer people about different IdM systems. ( Use cases, user storeis are more useful than features in a grid. )

Social Identities in R&E

Migrate from "OPENID" wiki space to "Social Identity" wiki space

SteveO

Social Identities in R&E

Create a listing of what people are doing and track what the standards are in the higher ed environment

Steven and the Social ID working group

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3adf336dc494bca6-21664363-49b54b78-9e3992c0-85d72e66107392d1e0e541b6"><ac:plain-text-body><![CDATA[

LDAP Options, SubTrees, and Composite Attributes for Identity

Send writeup of issue statement for "eP[Scoped]PAeP"

Todd Piket

]]></ac:plain-text-body></ac:structured-macro>

LDAP Options, SubTrees, and Composite Attributes for Identity

Ask Rob Carter for permission to use the 389DS plugin that he & Michael Gettes wrote to handle Kerberos "the right way".

Delegate this to MACE-Dir