You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

Notes in progress -- NOT COMPLETE

Comanage Working Group

2010 FMM in Atlanta, 1-Nov-2010

http://events.internet2.edu/2010/fall-mm/agenda.cfm?go=session&id=10001467&event=1159

Overview

Heather Flanagan, Working Group Chair, welcomed the group.

In August, the Internet2 Middleware Initiative was awarded an NSF grant, which started Sept 1, 2010. This grant will serve to fund much of the COmanage efforts for the next three years. The grant is titled "SDCI Sec Improvement: Building from Bedrock: Infrastructure Improvements for Collaboration and Science"http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=1032468

Specific VOs to be addressed first under the grant include LIGO and iPlant.

Other VOs involved in the grant include Neon and OOI. Their needs will be addressed when they are ready to move forward.

The COmanage wiki and website have recently been revamped. Heather thanked Steve Olshansky for his help.

There is new use case library at https://spaces.at.internet2.edu/display/COmanage/Use+Case+Library

The COmanage service offering isn't going to be available in the short-term. There is some interest in it, but there are questions around where  it would be housed and what would the service model be.

The emphasis will be on getting collaboration infrastructure working for LIGO and iPlant.

Background on COmanage

The concept for COmanage started 3-4 years ago to answer the question of how to build a collaboration platform to tie together MACE products (Shibboleth, Grouper etc.) as well as other tools researchers use for collaboration.

Michael Gettes set up mockup instance. That was a great proof of concept.

There was an attempt to develop a VM , downloadable COmanage instance. This became a sys admin challenge rather than a collab solution. Too big a problem for the available resources.

Today the focus is on solutions that groups like LIGO can stand up at their own institutions.

Benn's Overview

Benn Oshrin started working with the COmanage project 5-6 mos ago.

Benn has developed COmanage mockups of the COmanage COnsole. This would be a UI for managing collaboration platform users, permissions, etc. The mockups are linked from the COmanage Gears section of the wiki:

https://spaces.at.internet2.edu/display/COmanage/Home

Reference architecture is seen on the wiki:

https://spaces.at.internet2.edu/display/COmanage/Reference+Architecture

Benn has also worked on a glossary to standardize terminology:

https://spaces.at.internet2.edu/display/COmanage/Glossary

Under the COmanage brand, the space has been divided into several products:

- COmanage Gears - the technical piece dealing with identity management, including Grouper for group management, SAML (or OpenID) for authentication etc., possibly channeling thru a portal.
- Domestication of Applications
- Integration

There are 3 roles/levels of authorization in COmanage:

Random participant - generally just access the applications
Collaboration admin ("Collabmin") - can invite a new participant
COmanage admin - can initiate a new collaboration

Details on the roles and their capabilities are found here:

https://spaces.at.internet2.edu/display/COmanage/Roles

Discussion (led by Heather)

Q: Is the work that Benn has described on target ? Is this the kind of thing you are looking for?

Comment: Looks nice, looks like a solution to a problem a lot of us have.

Heather noted that specific use cases still need to be documented. Contributions to the use case library are encouraged.

Use Case Library:

- The generalized top level use case for COmanage deals with multi-institutional collaboration

Heather has talked w smaller VO's--- their biggest concerns - they want to make sure the domain applications actually work, it's not just about single sign on. 

It's about the whole profile they already have for interested parties.

Iplant has researchers that have the profiles

and DataOne and OSG

Researchers want certain data set sent to them authomatically

Profiles says I'm a researcher with these interests.

I want automatic access to data sets on topic X

Data One wants this too

OSG wants this too

Are you hearing that back at home

Steven: the model where I define my profile and expect any dataset that gets aded to the collection w attributes that match my interests to be sent to me automatically, that's a different access control model than I'm used to.

Automatically being granted because I've self asserted

Heather: but it makes sense.. a researcher in a large collaborative org. will want data to be filtered

Immediate access to stuff you want is facilitating collaboration

So, It's a notification problem?

Heather: It could still be an access control problem. Depends on how that data set is handled

What do the researchers need to make collab happen?

Ken: Single profile: As NSF and others motivate data centric virtual organiziation

9 differet data organizations want to build profiles and expect researchers to maintain those. To broker access to the data set

How much should we include profile mnagement and identity management. and taxonomy management

We don't go thru ontology wars'

The want tools to help mnage those ontologies

Ken: related issue: author IDs and disambiguation of authors

It's being pushed by NIH and schooarly fields

Will say these are all published by same person even though they went thru name change

ORCHID is one effort in this space.

Orchid ID versus SSN

Benn: ask the audience... if there's a package to download the mockups and they work

What sort of technical expertise will folks who download it have
?

Answer : all of the above

Lay of the land

Does it skew one way or the other

Who are the consumers and what do they need?

Do we present these according to the platforms we understand

Or opensocial platform

FRIENDS and THUMBS UP and THUMBS DOWN

Question: who is the target audience? What do the users want it to look like.

VOs and collaborations don't want to provision another server and have software on it.

They want to go to GOOGLE apps

Management of underlying systems - want to be able to pass it off to someone else

Back when Google apps was perking up. Researchers were suspicious.

BUT Google are not about to do DOMAIN apps

Do we need mechanisms outside of google apps to handle authentication?

Starts w email and collab and building a group to do email back and forth.

Google apps does that well

But then to extract later is hard

Diagram misses the majority of applications - the DOMAIN application.

ADD IN THE DOMAIN apps.

Researchers want to get their science done

They want it to be efficient and quick

They will run around what's not efficient.

Not worried about google apps

More wirried about domain level apps

ScottK representes the hard science community

StevenC: in some areas the domain apps don't have to be king

Such as writing.

Where there is already a portal

That's a domain app but not as hard as the LIGO domain aps

A lot these projects have a front door.

When it becomes very easy to build a front door on to Google apps, then this is

KEN: Use of Google apps, is that generic or is it just Google apps?

Is there another vendor doing what Google does

She had an LMS built on top of Google sites?

She was brining in apps built way outside of Google

She had a front end thru which she was able to

Amazon EC2?

JUST GOOGLE in answer to Ken's question

Google APPS plus Cloud in general

Ken: there is a question of how far we go w this

Integration?
Do we want to include the admin of research?

Fast Lane?

Difference ..

Some people afraid of identitiy getting out. Spectrum out. Single sign on raises that concern.

Better authenticiation is needed.

Ken feeds from student info sstem into the VO

Some part of that will be COmanage.

Some will be ? back into student info sstems

Do we hae a use case for that?

Be;ond getting students to log in.

Attributes that get carried along with that

FERPA

STUDENT groups establishing themselves on facebook : Michael Pelikan

1.5 hands saying there is a case for this?

We have talked about the big picture.

The large group, large VO question, lke what Scott has a t LIGO

But for Internet Society, Lincoln talk about what is going on

We are at the beginning. Lincoln wants to understanding.

Using SAML for single sign-on. Want to become an IdP to become part of a
Fedeation.

Heather: how many groups are you trying to pull together?

Lncoln: haven't begun defining groups

At Lincoln I hope to learn at Grouper WG

ISOC is starting at same point

A lot of use cases centered around higher ed.

How can higher ed filter down to ISOC>

Heather: interesting how to filter down?
ISOC won't have the student problem

But what problems wil ISOC have that higher ed doesn't

How to line up attributes from disparate organizations and make them line up with...

The institutions are undefined as to who might be interested in joingin the federation

Ken asks: How important is it to include other forms of idenity:
Facebook , facebook connect and Open ID

How much d o poepole want those

At univ of Iowa, interinstitutionsla research effort. Many people have IDs at AOL.
A fairly small population uses IDs from institatuiosn that are incommon members.

We'd have to make it possible for people to access with other IDs

Bamboo is interested in managed Identities and others, OAUTH?

Ken: VOs who take their outreach mission seriously need to rely on other identity sources

  • No labels