MACE-Dir call
October 10, 2005
*Participants*
Keith Hazelton, U. Wisconsin - Madison (chair)
RL "Bob" Morgan, U. Washington
Brendan Bellina, USC
Craig Hancock, Notre Dame
Paul Bert, Stanford U.
Etan Weintraub, Johns Hopkins U.
Bruce Vincent, Stanford U.
Walter Hoehn, U. Memphis
Scott Cantor, Ohio State U.
Renee Frost, Internet2
Ann West, EDUCAUSE/Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)
New *Action Items*
[AI] {RL “Bob” and/or Scott} will email the {MACE-Dir} list with a few
sentences on “groups of service providers” in the material on
eduPersonTargetedID.
[AI] {Keith} will remove all references to the Directory of Directories
from the eduPerson spec.
[AI] {Keith} will change the recommendation for the surname search, so
that it includes the full surname as a value, in addition to separate
parts of a surname.
[AI] {Keith} will add requirements from use cases to the agenda for the
MACE-Dir working group.
[AI] {Walter} will send his requirements and scenario documents from U.
Memphis.
[AI] {Group} should send all comments for the new revision of the
Directory Implementation Roadmap be sent to {Ann} by Wednesday
afternoon.
Carry-over *Action Items*
[AI] {Tom} will contact Walter Hoehn and Roland Hedberg to discuss the
scoping of work that may be appropriate for the Internet2 Middleware
Initiative (I2MI) to take on, in the areas of metadirectories and
provisioning.
[AI] {Group} Review Brendan's Higher Education Person draft, sent to
the working group list 29-August, and direct comments to the list.
[AI] {SteveO and Brendan} will work offline to get the latest revs of
the Higher Education Person draft posted to the WG website.
*Discussion*
The Group reviewed the eduPerson draft (200510) in hopes of sending it
on to MACE for approval.
The single value rule for eduPerson was one item of discussion. How
does an institution account for multiple roles while operating under a
single enterprise directory? There was a suggestion to move to a
multi-value rule, which would require some effort. {Bob} suggested that
the ePOrgDN is not changed to multiple valued; instead it would be more
advantageous to try to deprecate old things and replace with new.
{Keith} suggested reviewing attributes one-by-one and describing where
they fall into areas such as reassignment, persistence, and privacy.
The approach for eduPersonTargetedID (ePTID) is a persistent,
non-reassigned, privacy-preserving identifier. The
eduPersonPrincipleName (ePPN) is human-palatable - not-so-private, as
people know it and use it widely. Privacy preservation comes with a
cost, and choice of identifiers is critical here. The InfoModel is an
LDAP-specific introduction to the meaning of identifiers. [AI] {RL
“Bob” and/or Scott} will email the {MACE-Dir} list with a few sentences
on “groups of service providers” in the material on
eduPersonTargetedID.
The Group discussed the state of RFC2256 – content-wise, it is
complete. {Bob} will take a look at RFC2252 – SAML attribute profiles,
InfoModel, LDAP binding.
{Keith} will remove all references to the Directory of Directories from
the eduPerson spec.
{Keith} will change the recommendation for the surname search, so that
it includes the full surname as a value, in addition to separate parts
of a surname.
The Group discussed provisioning and metadirectory prospects, such as
Nexus-plexus WG. {Walter} discussed their implementation of Nexus
at U. Memphis, which has been around for roughly 8 months. Their
experience may prove valuable for others, and contributions could come
in the way of code improvements – or more importantly, best practices.
This information could help to identify how Nexus meets up to
technologies requirements, how the software works, etc. {Walter} has
received a good amount of feedback from his 3 presentations so far –
wanting copies of the presentations, access to code, etc. {Tom Barton}
at U. Chicago, along with folks at Brown U. and Notre Dame have
expressed interest. Without a real budget for this work, considerations
need to be made for programming time, project manager time, etc.
{Craig} raised the question of whether Nexus is the chosen one by
default, or because it has the qualities that the group is looking for
– are there others that may be worth looking into? {Keith} suggested
that Nexus and surrounding provisioning issues be a boilerplate item in
the MACE-Dir agenda. {Keith} will add requirements from use cases to
the agenda for the MACE-Dir working group. {Walter} will send his
requirements and scenario documents from U. Memphis.
[AI] {Group} should send all comments for the new revision of the
Directory Implementation Roadmap be sent to {Ann} by Wednesday
afternoon.
The next MACE-Dir conference call will be held on October 24, 2005 at
4:30pm ET.