MACE-Dir WG call
March 12, 2007
*Participants*
Michael Gettes, Internet2 (chair)
Paul Hill, MIT
Jim Leous, Penn State U.
R.L. “Bob” Morgan, U. Washington
Etan Weintraub, Johns Hopkins U.
Scott Cantor, Ohio State U.
Steven Carmody, Brown U.
Todd Piket, MTU
Brendan Bellina, USC
Ann West, EDUCAUSE/Internet2
Renee Frost, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)
New *Action Items*
[AI] {Etan, Bob, and Victoriano} will begin to draft ideas surrounding the use of vocabulary in eduPersonAffiliation and eduPersonEntitlement.
[AI] {Scott} will talk to {Ian Young} about soliciting proposal for a library patron.
Carry-over *Action Items*
[AI] {Steve C.} will connect the UK folks with the mailing list and ask {Michael Kim)s at Ovid-Silver Platter to post there.
[AI] {Keith} will post a thread with discussion on members, and {Scott} will pass this on to folks in the UK.
[AI] {Keith} will draft a document covering registered MACE entitlement values. (11-Sep-06)
Future *Agenda Topic*
– c (country) attribute (c.f Tom Scavo’s email, 22-Jan-07)
– eduAccount (c.f. Quanah Gibson-Mount’s email on 20-Feb-07)
*Agenda*
1. Focus and future of MACE-Dir-
2. Resurfacing of affiliation control vocabulary - stemming from recent discussion in Spain. (18-Dec-06)
3. MACE-Dir & EDUCAUSE – how might/should we work together on IdM issues?
*Discussion*
- Focus and future of MACE-Dir-
The Group discussed the scope of MACE-Dir Working Group, and it was noted that the home page says nothing of the vision of the Working Group. The efforts of the Group have gone beyond the initial topics of LDAP directories, ranging to a variety of technologies. Further discussion will continue on future Working Group calls.
-Resurfacing of affiliation control vocabulary (c.f. Victoriano’s email, 16-Dec-06)-
Stemming from recent discussion in Spain <https://mail.internet2.edu/wws/arc/mace-dir/2006-12/msg00001.html>, {Michael} asked the group about addressing affiliation in terms of eduPerson or if it should be declared a federation problem. What are the terms used (e.g., staff, faculty, employee, etc.), and should the federation be the one to define the terms? {Bob} spoke of how values were referenced by relying parties when there was an attempt to access a service – it is inefficient to think of filtering out the wrong people; rather it is better to give access to those that can provide the right information. This means that the terms have to be somewhat unified, else a myriad of affiliations are presented, without narrowing the actual data presented.
Bridging countries presents another set of issues, where a definition may have very different implications due to cultural differences. Another concern is how to deal with vendors in this space; how can they come to an understanding of the depth and breadth of the issues across a panorama of institutions? An institution should not have to come up with a new set of definitions for each vendor. Chances are that the loosely defined definition of [e.g., student] is more than sufficient to meet their needs.
What distinctions can be made between, for example, different kinds of students? – Grad, Medical, Law, and many others. Still yet another problem of defining terms is the multiple ranges that exist not only across several institutions, but also between the various campuses that do not fit the traditional [i.e., R1] models.
{Paul} suggested making a clear distinction between defining a process for expanding vocabulary versus the actual direction itself. A business case could register new vocabulary and offer new test to be used between sites within a set period of time. Something may not be proposed by name, though perhaps by application.
Another question is whether there is a desire or need for different values, dependent on internal versus external use. While there is an assumption that eduPersonAffiliation is external, it may very well satisfy a local need within a campus. Additionally, new populations such as alumni and Friends of the Library add to the ever-growing complexity of terms needed.
{Brendan} said that the original meaning is for sharing internally within an institution. For external authorization needs, he suggested people look to eduPersonEntitlement. Attributes are useful internally, but affiliation may not be useful externally as they are likely to be defined differently.
The Group discussed how they could work to clarify the benefits of eduPerson, narrowing the scope, though taking into account the changing needs since its inception. It was agreed that something should evolve in a written form that would aim to clarify the concerns that lead to this discussion. [AI] {Etan, Bob, and Victoriano} will begin to draft ideas surrounding the use of vocabulary in eduPersonAffiliation and eduPersonEntitlement. This discussion will be further discussed at the approaching Spring 2007 Internet2 Member Meeting <http://events.internet2.edu/2007/spring-mm/>, though the document will have a later aim to surface by the Fall Internet2 Member Meeting in October.
[AI] {Scott} will talk to {Ian Young} about soliciting proposal for a library patron.
-MACE-Dir & EDUCAUSE – how might/should we work together on IdM issues?-
The Group briefly discussed how they see their efforts working alongside and with EDUCAUSE on Identity Management issues. {Paul} gave a broad perspective, that EDUCUASE provides the supply and support of issues, whereas he sees Internet2 aiding in research and development. The balance for MACE-Dir is for their work to move from development to deployment. He said that MACE-Dir acts as a cauldron where issues are raised and solutions are matched.
The following two topics will be raised in future MACE-Dir Working Group discussion:
- c (country) attribute (c.f Tom Scavo’s email, 22-Jan-07)
<https://mail.internet2.edu/wws/arc/mace-dir/2007-01/msg00007.html>
- eduAccount (c.f. Quanah Gibson-Mount’s email on 20-Feb-07)
<https://mail.internet2.edu/wws/arc/mace-dir/2007-02/msg00003.html>
The next MACE-Dir Working Group call will be held on Monday, March 26, 2007.