Notes in progress -- NOT COMPLETE
Comanage Working Group
2010 FMM in Atlanta, 1-Nov-2010
http://events.internet2.edu/2010/fall-mm/agenda.cfm?go=session&id=10001467&event=1159
Overview
Heather Flanagan, Working Group Chair, welcomed the group.
In August, the Internet2 Middleware Initiative was awarded an NSF grant, which started Sept 1, 2010. This grant will serve to fund much of the COmanage efforts for the next three years. The grant is titled "SDCI Sec Improvement: Building from Bedrock: Infrastructure Improvements for Collaboration and Science"http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=1032468
Specific VOs to be addressed first under the grant include LIGO and iPlant.
Other VOs involved in the grant include Neon and OOI. Their needs will be addressed when they are ready to move forward.
The COmanage wiki and website have recently been revamped. Heather thanked Steve Olshansky for his help.
There is new use case library at https://spaces.at.internet2.edu/display/COmanage/Use+Case+Library
The COmanage service offering isn't going to be available in the short-term. There is some interest in it, but there are questions around where it would be housed and what would the service model be.
The emphasis will be on getting collaboration infrastructure working for LIGO and iPlant.
Background on COmanage
The concept for COmanage started 3-4 years ago to answer the question of how to build a collaboration platform to tie together MACE products (Shibboleth, Grouper etc.) as well as other tools researchers use for collaboration.
Michael Gettes was the original developer an set up a mockup instance. That was a great proof of concept.
There was an attempt to develop a downloadable COmanage instance, a VM. This became a sys admin challenge rather than a collab solution. Too big a problem for the available resources.
Today the focus is on solutions that groups like LIGO can stand up at their own institutions.
Benn's Overview
Benn Oshrin started working with the COmanage project 5-6 mos ago.
Benn has developed COmanage mockups of the COmanage COnsole. This would be a UI for managing collaboration platform users, permissions, etc. The mockups are linked from the COmanage Gears section of the wiki:
https://spaces.at.internet2.edu/display/COmanage/Home
Reference architecture is seen on the wiki:
https://spaces.at.internet2.edu/display/COmanage/Reference+Architecture
Benn has also worked on a glossary to standardize terminology:
https://spaces.at.internet2.edu/display/COmanage/Glossary
Under the COmanage brand, the space has been divided into several products:
- COmanage Gears - the technical piece dealing with identity management, including Grouper for group management, SAML (or OpenID) for authentication etc., possibly channeling thru a portal.
- Domestication of Applications
- Integration
There are 3 roles/levels of authorization in COmanage:
Random participant - generally just access the applications
Collaboration admin ("Collabmin") - can invite a new participant
COmanage admin - can initiate a new collaboration
Details on the roles and their capabilities are found here:
https://spaces.at.internet2.edu/display/COmanage/Roles
Discussion (led by Heather)
Q: Is the work that has described on target ? Is it the kind of thing you are looking for?
Comment: Looks nice, looks like a solution to a problem a lot of us have.
Heather noted that specific use cases still need to be documented. Contributions to the use case library are encouraged.
The generalized top level use case for COmanage deals with multi-institutional collaboration. We also want to be sure the use case library reflects he needs of smaller VOs. Ensuring that domain applications work is a priority, beyond the authentication and authorization issues.
There have been requests to design a system that will automatically infom certain members of the collaboration (based on their profile information) when particular data sets of interest become available. iPlant and possibly other VOs have an interest in this.
Ken: One issue in this space is that researchers are being asked to develop an maintain an profile in too many places, for multiple institutions and VOs. How should COmanage approach this question of profile management, identity management, and taxonomy management?
Ken: A related issue is the effort to tackle disambiguation of authors. One effort looking at this issue is ORCID.
Benn: What sort of technical expertise will folks who download the ultimate COmanage package most likely possess?
A: This will vary significantly from site to site
Q: The Dutch are embracing the OpenSocial environment in their collab platform work.To what extent should COmanage incorporate "friendly, "Facebook-like" (thumbs-up thumbs-down) type features?
Q: Are researchers still suspicious of Google Apps?
Response: Google apps are not about to handle Domain Apps, needed for hard science collaborations
Q: Do we need mechanisms outside of Google Apps to handle authentication?
Suggestion: On the COmanage reference architecture diagram, add a larger area for Domain Apps. Researchers just want to get their science done.
They want it to be efficient and quick
StevenC: In some areas, outside the hard sciences, the domain apps don't have to be king.
At SMM, there was a presentation from Pepperdine showing a method of using Google Apps as a front door to various applications outside of Google Apps.
]
KEN: Use of Google apps, is that generic or is it just Google apps?
Is there another vendor doing what Google does
She had an LMS built on top of Google sites?
She was brining in apps built way outside of Google
She had a front end thru which she was able to
Amazon EC2?
JUST GOOGLE in answer to Ken's question
Google APPS plus Cloud in general
Ken: there is a question of how far we go w this
Integration?
Do we want to include the admin of research?
Fast Lane?
Difference ..
Some people afraid of identitiy getting out. Spectrum out. Single sign on raises that concern.
Better authenticiation is needed.
Ken feeds from student info sstem into the VO
Some part of that will be COmanage.
Some will be ? back into student info sstems
Do we hae a use case for that?
Be;ond getting students to log in.
Attributes that get carried along with that
FERPA
STUDENT groups establishing themselves on facebook : Michael Pelikan
1.5 hands saying there is a case for this?
We have talked about the big picture.
The large group, large VO question, lke what Scott has a t LIGO
But for Internet Society, Lincoln talk about what is going on
We are at the beginning. Lincoln wants to understanding.
Using SAML for single sign-on. Want to become an IdP to become part of a
Fedeation.
Heather: how many groups are you trying to pull together?
Lncoln: haven't begun defining groups
At Lincoln I hope to learn at Grouper WG
ISOC is starting at same point
A lot of use cases centered around higher ed.
How can higher ed filter down to ISOC>
Heather: interesting how to filter down?
ISOC won't have the student problem
But what problems wil ISOC have that higher ed doesn't
How to line up attributes from disparate organizations and make them line up with...
The institutions are undefined as to who might be interested in joingin the federation
Ken asks: How important is it to include other forms of idenity:
Facebook , facebook connect and Open ID
How much d o poepole want those
At univ of Iowa, interinstitutionsla research effort. Many people have IDs at AOL.
A fairly small population uses IDs from institatuiosn that are incommon members.
We'd have to make it possible for people to access with other IDs
Bamboo is interested in managed Identities and others, OAUTH?
Ken: VOs who take their outreach mission seriously need to rely on other identity sources