**MACE-Dir Call 10-January-2011**

 

**Attending**

Keith Hazelton, U. Wisconsin - Madison (co-chair)

Etan Weintraub, Johns Hopkins U.

Eric Owens, Notre Dame

Benn Oshrin, Internet2

Ann West, Internet2

Tom Barton, U. Chicago

Tom Scavo, InCommon

Steve Olshansky, Internet2 (scribe)

 

** Next two calls: in two weeks: Jan 24, 2011 at 5:00 pm EST; In four weeks: February 7, 2011 at 11:00 am EST

 

**New Action Items**

[AI] (Tom Scavo) will explain the concerns about audience scope in EPTID in a mail to the MACE-Dir list.

**Carryover Action Items**

[AI] (RL "Bob") will query the REFEDs list about whether identifier reassignability is an issue for them esp. in grid environments.

[AI] (Keith) will draft some text to provide guidance to users about the utility of eduPerson in federated scenarios, for use on the eduPerson web page.

 

[AI] (RL "Bob") will query the REFEDs list about whether identifier reassignability is an issue for them esp. in grid environments.

 

[AI] (Keith) will summarize and propose a near-term solution to the identifier reassignability issue

 

[AI] (Keith) will draft some text to provide guidance to users about the utility of eduPerson in federated scenarios, for use on the eduPerson web page.

 

[AI] (Keith and Chad) will take a first pass at revving http://middleware.internet2.edu/dir/docs/internet2-mace-dir-ldap-group-membership-200507.html in the wiki, then run it by the group for comment, with the goal of perhaps finalizing it on the next call in 4 weeks.

 

[A] (All) Volunteers for working on surveys about managing people entries, attributes, and affiliations from non-authoritative sources, contact David Bantz (db@alaska.edu) and SteveO (steveo@internet2.edu).

 

[AI] (RL "Bob") will craft a survey on use of the mail attribute and possible need for additional email attributes. This surfaced again at the recent TF-EMC2 meeting, in the context of a campus IdP serving Grid apps. E.g. what are RPs assuming?

 

[AI] (Brendan) will poll the mailing list for feedback on the use of name fields, and whether they have had the need to extend eduPerson locally with additional name fields.

 

**Discussion**

1. Why did we purge SSN?

See 10-Jan-2011 email thread: "Why so much effort to minimize use of SSN?"

 

Its widespread use by financial institutions to vet callers, who are then authorized to perform sensitive transactions, was a key reason cited for reluctance to use it in apps in which it is not absolutely required. If it is compromised, the effects are severe.

 

Data leaks which include SSN also result in an expensive and extensive notification process.

 

What if there were a globally unique identifier which was kept secret?

 

The discussion turned to the history of how SSN, which was originally intended for very limited use, became so widespread. The financial industry's use of SSN in issuing credit was one example cited. It's attribute as a globally unique identifier that everyone possessed (or could possess) made it a compelling target for other applications beyond its original intent.

 

What is our goal? To have a correlatable identifier? The political implications of having national identity cards comes into play, although arguably passports already large serve that role, as do driver's licenses.

 

Grid and scientific computing, and the healthcare sector, were cited as arenas in which unique identifiers are required for the provision of services.

 

The question then turned to who could or should issue and manage unique identifiers, if not the national government given their unique authoritative role. The logistics of implementing a new infrastructure to bind and maintain a new one would be daunting...

 

The binding of the identifier with the human it is intended to represent may be problematic in certain cases.

 

The recently announced US "National Strategy for Trusted Identities in Cyberspace" was discussed, with the concern that it could be used for purposes other than its stated intent. Given the history of SSNs, and the evolution of their use beyond their original intent, this is a real possibility. See recent news on this at http://www.mmdnewswire.com/white-house-cybersecurity-16543.html

 

Where does EPTID fit into this discussion, with respect to its use by SPs?

 

At this point, SSN is very convenient to use in support of many business purposes, but its flaws are likewise well known. Registrars seem to be generally aware of the problems, and are looking for alternatives.

 

The InCommon-Student working group would be a natural forum in which to continue this conversation:

https://spaces.internet2.edu/display/InCCollaborate/InC-Student

 

Note the next InCommon IAM Online, Wednesday, January 12, 2011, 3:00 PM EST

"A Panel Discussion About Persistent Identifiers for Education"

http://www.incommonfederation.org/iamonline/

 

 

2. Proposed eduPersonTargetedID text changes (see mail to the list from Scott Cantor 3-January-2011)

 

There was some question about this: "The value of the principal identifier SHOULD be different for different "audience" values, but this is also at the discretion of the identity provider."

 

If the IdP specifies a value for the audience (as a component of the triple), then does this mean that the EPTID would be asserted for every SP that meets that definition? E.g. what if it is set for all of InCommon? Isn't this problematic? TomS noted that "affiliation" applies to groups of entities, and could replace naming individual SPs. E.g. the value of EPTID could be unique across any members of that "affiliation."

 

[AI] (Tom Scavo) will explain the concerns about audience scope in EPTID in a mail to the MACE-Dir list.

 

It was observed that EPTID is intended to preserve anonymity, or controlling spheres of validity for a given identifier, while SSN is intended to block confusion about identity. Are these being incorrectly conflated in this discussion?

 

When an institution has multiple SoRs, SSN is often the only identifier than can be used to tie them together...