COmanage Call 10-Dec-2010

Attending

Heather Flanagan, Internet2 (chair)
Ken Klingenstein, Internet2
Chris Hyzer, U. Penn,
R.L. "Bob" Morgan, U. Washington
Steven Carmody, Brown U.
Jim Leous, Pennsylvania State U.
Benn Oshrin, Internet2
Ann West, Internet2
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)

New Action Items

[AI] (Heather) will include a discussion of a 3rd COmanage VO as topic for the Tuesday call.
[AI] (Heather) will schedule an Internet Identity webinar for iPlant IT staff.
[AI] (Heather) will arrange a meeting with iPlant in Tucson.
[AI] (Heather) will add questions about role transition to the assessment document.
[AI] (Ken) will contact David Groep about VOMS GUMS.

Carry Over Action Items

[AI] (Steven) will develop a one-page write-up on attribute aggregation.
[AI] (Jim) will check on whether there has been discussion on the CIC list concerning LIGO and the domesticated apps list.
[AI] (Heather) will ask U. Chicago people to contribute an academic (intra-institutional) use case to the COmanage use case library. [https://spaces.at.internet2.edu/display/COmanage/Use+Case+Library|display/COmanage/Use+Case+Library]
[AI] (Jim) will share ESWN call notes with the COmanage-dev list.

Discussion

Report on LIGO Meeting at Caltech

https://spaces.at.internet2.edu/display/COmanage/Full+Meeting+Notes+-+Dec+2-3%2C+2010

On Dec 2-3, Heather and Benn met at Caltech with LIGO staff, including ScottK, Melody, Stuart and Warren, to discuss LIGO's COmanage requirements. It was a very productive meeting for all involved. Use cases were reviewed, including scenarios that the LIGO people had not previously considered. This meeting could possibly be used as a model for engagement with other VOs in the future.

The VOs are interested in assisting, and learning from, each other in this process. ScottK will participate in an upcoming meeting with the iPlant VO.

Heather noted that COmanage aims to facilitate a federated environment.  In some cases steps need to be taken to build a proper IdM environment that can be branched out into federation.  Heather encourages interested people to review the info on the wiki

https://spaces.at.internet2.edu/display/COmanage/LIGO+Use+Cases

Jim noted that LIGO has been around for 10-11 years and so they developed IdM before federated ID was broadly used.

Benn reported:

• There is a Kerberos realm that must be dealt with in the short term
• LIGO is an identity provider for its participants, though going forward this identity provider role can hopefully be minimized 
• The invite problem applies to one subset of the LIGO user space
• LIGO also has the applicant problem/issue, i.e., some people go to the form and apply for access to resources
• The LIGO IdM workflow depends to some extent on how you came in and who approves you 
• We are exploring how much of this process should be built into the COmanage software

Q: Is COmanage going to consider using the Grouper external people invitation capability?

A: Benn: have not made any clear technology commitments.

For LIGO, invite is less than half of the problem.  It's called the "enrollment problem" not the "invitation problem"

Ken: We have two different VOs. LIGO and iPlant. Do we want to search for a third VO in terms of engagement?  If yes, what characteristics do we want?  Perhaps a VO that is just forming would be good. Possibly ESWN?

[AI] (Heather) will include a discussion of a 3rd COmanage VO as topic for the Tuesday call.

LIGO needs to further explore steps involved when a participant transitions from one state to another (e.g. from a post-doc to a researcher).

[AI] (Heather) will add questions about role transition to the assessment document.

Heather said that engagement and conference calls with LIGO are ongoing.

iPlant

Ken's conversations with iPlant have gone well.  There have been some internal timing issues. iPlant has a big Plant Biology meeting January 16-19, 2011. Most likely a meeting with the COmanage and iPlant folks will happen after that, in late Jan. or early Feb.

iPlant breaks things into two parts: 

1. Internal needs for the iPlant VO and

2. The community of all plant biologists (whether an iPlant researcher or not)

So an important topic is the mechanics and lifecycle of bringing users in. It will be important for any user to be able to establish a collaboration.

Iplant would like a webinar on Internet Identity for the IT group, including discussion of integration of OpenIDs and SAML etc.

iPlant has a use case for metered use of applications, possibly including enforced logout. This comes into play for applications/services with a limited number of seats.

[AI] (Heather) will schedule an Internet Identity webinar for iPlant IT staff.
[AI] (Heather) will arrange a meeting with iPlant in Tuscon.

ESWN

Benn and Steven have been working with Earth Science Women's Network (ESWN), including conducting a recent conference call that included folks from Penn State. Functionality has been agreed upon. The current focus is on the building of a Drupal environment.  Drupal will be connected to a federated infrastructure underneath, based on the COmanage proof of concept.

The ESWN Administrator, Rose, will meet with the ESWN Board next week.  She will have access to an intial cut of an ESWN site that runs in a VM at Penn State, set up by Chris. This will show what functionality will be available. The plan is that the ESWN group will be using COmanage by Feb. 2011.

It was noted that the work done for ESWN is a great example of what's required to package up a simple COmanage appliance that a group with limited technical skill could pick up and us.

FileSender Discussion on Recent MACE Call

Ken reported that Jan Meijer of UNINET joined the 6-Dec-2010 MACE call to discuss the opensource FileSender project from Assembla. This project is intended for ad hoc file sharing.

http://www.assembla.com/wiki/show/file_sender/News_-_FileSender_Google_Gears_and_HTML5

The file sharing capability could be of interest to some of our VOs, especially the need to share large datasets with sensitivity to firewalls.  It will be useful to understand more of the use cases and scenarios.

The next MACE thematic call in January will most likely be devoted to the topic of provisioning

"Practices with OpenID" Call on 13-Dec-2010

MACE is responding to community interest in integrating OpenID and other social network identities into federated environments.  There are various approaches and there are questions on whether there is a business opportunity for inCommon.

The Shib-dev call on Monday 13-Dec-2010 will be devoted to this topic.

Ken noted that iPlant may have strong interest in integrating OpenID and social network signons.

Ken referenced a recent Bob Blakley article revision suggested that OpenID is starting to fail

RL "Bob": OpenID may be starting to fail as an interoperable technology, but many sites still want to get users from Google, Facebook, etc.

Use cases related to integration of OpenID and other social network identities are being collected here:
https://spaces.at.internet2.edu/display/OpenID/Use+Cases

Next Call: Friday, 7-Jan.-2010 at 1pm ET.