Draft Minutes: COmanage-TAC call 30-March-2012
Attending
Ken Klingenstein, Internet2 (stand-in chair)
Scott Koranda, University of Wisconsin-Milwaukee and LIGO
Benn Oshrin, Internet2
Steve Oshansky, Internet2
*New Action Items*
[AI] (Ken) will follow up with Scott and Wendy Huntoon about a session at the I2MM
[AI] (Benn & Heather) will draft a brief description of what is motivating the importance of offboarding.
*Carry Over Action Items*
[AI] (Heather) will set up meetings with IRODS/iPlant/Internet2
[AI] (Steven) will develop a one-page write-up on attribute aggregation.
2012 SMM
- COmanage Developers meeting: Sunday, April 22, starting at 10am
- REFEDs BoF : Sunday, April 22, from 1pm - 5pm, Salon C
- Ken is working on a document on Interfederation, there are many policy challenges
- One topic for the REFEDs BOF: setting up a service instance for Interfederation.
- There will most likely be a representative from the federal gov't there at the REFEDs BoF. They are working on schema
- COmanage WG, Monday, April 23, 9:15-10:15 am, Salon A
Heather and Benn will work to prepare the revised demo script for the demo
- Collaboration is Happening: Updates from the Field and Beyond, Tuesday, April 24 at 3pm, Jefferson Room
- Scott Koranda will participate in panel on April 23 on "Research and Education Networks in India"http://events.internet2.edu/2012/spring-mm/agenda.cfm?go=session&id=10002240&event=1036
- Heather is coordinating a meeting during SMM between the COmanage people and Grouper team.
VO CAMP (VAMP)
- Ken has been working with Nili on the VAMP proposal and it's about to be submitted
- VAMP dates : Sept 6-7 in Utrecht.
- SURFnet has hired a part-time coordinator for the workshop
- our request to NSF was primarily for travel support
Federated Groups
-Federated Groups work coming out of Norway is interestinghttps://rnd.feide.no/2012/03/30/federated-oauth-2-0-saml-voot-chat-proof-of-concept/
Enrollment Capability in COmanage
- Ken has been promoting the enrollment capability in COmanage
- The demo at SMM will be able to show one enrollment use case, the one from LIGO
- We have a broader vision of what enrollment is capable of doing than what we can show for the demo
- A separate document shows the general enrollment flow process. See https://spaces.at.internet2.edu/display/COmanage/Registry+Enrollment
Offboarding
https://spaces.at.internet2.edu/display/COmanage/Registry+Offboarding
- Benn reported that Offboarding (removing people's privileges) was discussed in Pasadena
-including how to trigger depovisioing
- terrminology:
- enrollment is bringing enrollments in (technical term)
- onboarding is hiring (functional term)
- offboarding is removing somebody from your organization
- de-enrollment is removing someone from the registry
(rarely want to do this, you want to keep their data for reference or to reinstate them if they come back)
- could be a good discussion topic for member meeting
- could be next major piece of functionality
- two attributes were identified for how somebody is off boarded:
-friendly vs unfriendly
and
- voluntarily vs in voluntary
- there are six names, thought there might not need to be 6 ways of dealing with it
-expiration
-resignation
-termination
-retirement
- leave of absence
-desertion
Ken commented that the terms are clear, would be good to have a few paragraphs on why these issue are so important
[AI] (Benn & Heather) will draft a brief description of what is motivating the importance of offboarding.
COmanage Registry versus InCommon Identity Assurance Profiles (IAP)
https://spaces.at.internet2.edu/display/COmanage/InCommon+IAP+Support
- Benn: there have been conversations around LIGO and InCommon Assurance certification (Bronze and Silver)
- In cases were LIGO (as an IdP) issues credentials, might want to attach assurance to those credentials
- What changes would be required for the registry to support that?
- See task list on what would be needed to support a VO that wants to issue credentials compliant w the IAPs at https://spaces.at.internet2.edu/display/COmanage/InCommon+IAP+Support
- One approach: a plug-in for those who want to attach assurance in order to meet profile requirements
- Scott: not a high priority, but worth talking about
- Ken mentioned recent discussions on "tarnishing bronze" to reduce the stringency of bronze certification
- At the recent IDTrust Meeting, Ken spoke about the importance of VO IdM,
- Everyone knows of a collaboration space that needs to be in the identity ecosystem
- Os most likely VO IdM will become increasingly important
Next COmanage-TAC call: Friday, April 13, 2012 at 2pm ET