**MACE-Dir Call 13-June-2011**

 

**Attending**

Brendan Bellina, USC (co-chair)

Keith Hazelton, U. Wisconsin - Madison (co-chair)

David Bantz, U. Alaska - Fairbanks

Scott Cantor, The Ohio State U.

Michael Pelikan, Penn State U.

Jim Green, Michigan State U.

RL "Bob" Morgan, U. Washington

Todd Piket, MNSCU

Steve Olshansky, Internet2 (scribe)

 

 

**Next call: June 27, 2011 11:00 AM EDT (GMT-4)

(NOTE: All future calls will be at 11:00 AM ET)

PIN: 0179884#

 

**New Action Items**

[AI] (All) discuss feedback or concerns about revised EPTID text on the mailing list.

[AI] (RL "Bob) will distribute information about the UW person registry web service.

[AI] (Keith) will draft a problem statement on person and organization identifiers from social IdPs related to VOs, as a discussion starter, and will refer to IPEDS for reference.

[AI] (Brendan) will distribute some reference materials related to person and organization identifiers from PESC.

[AI] (MichaelP) will add Penn State psuCourse reference materials in the MACE-Dir wiki.

 

**Carryover Action Items**

[AI] (Keith) will send a discussion starter on the use of eduCourse to the mailing list.

 

[AI] (Scott) will send a discussion starter on organizational attribute issues in attribute aggregation scenarios to the mailing list.

 

[AI] (Keith) will issue a last call for eduPerson edits, beyond EPTID revisions, for inclusion in a forthcoming revision.

 

[AI] (Keith) will develop a Bamboo use case for persistent identifiers.

 

[AI] (Keith) will write up the current state of the identifier discussion and apparent consensus, and associated explanatory material, for use by REFEDs.

 

[AI] (Keith) will edit the previous versions of the SAML Attribute Profiles documents to note that they have been superseded by a newer

version:

 

http://docs.oasis-open.org/security/saml/SpecDrafts-Post2.0/sstc-saml-attribute-x500-cd-01.pdf

 

http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attributes-200604.pdf

 

http://middleware.internet2.edu/dir/docs/draft-internet2-mace-dir-saml-attributes-20071202.pdf

 

http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attributes-200804.pdf

 

http://wiki.oasis-open.org/security/SstcSaml2AttributeX500Profile

 

http://www.oasis-open.org/committees/download.php/28042/sstc-saml-attribute-x500-cs-01.pdf

 

See also:

http://www.edugain.org/policy/edugain_policy_build20110124/attribute_profile_20101215.pdf

 

[AI] (RL "Bob") will query the REFEDs list about whether identifier reassignability is an issue for them esp. in grid environments.

 

[AI] (Keith) will take a first pass at revving http://middleware.internet2.edu/dir/docs/internet2-mace-dir-ldap-group-membership-200507.html in the wiki, then run it by the group for comment, with the goal of perhaps finalizing it in the near future.

 

[AI] (Brendan) will poll the mailing list for feedback on the use of name fields, and whether they have had the need to extend eduPerson locally with additional name fields.

 

 

**Discussion**

1. Per discussion on the call, Keith will send out the revised EPTID text as final call on 20-June, for inclusion in a revision of the eduPerson schema.

[AI] (All) discuss feedback or concerns about revised EPTID text on the mailing list.

 

2. Report & discussion: Advanced CAMP session on attribute options (i.e. labels or tags on attribute values), person-rooted subtrees and on complex attributes (complex as in the XML Schema definition of complex attributes). See https://spaces.internet2.edu/display/ACAMPScribe/Friday+10am+CottonCreek

 

Attribute options have been used effectively in a variety of contexts. This could be used for structured values under a person entry, e.g. phone numbers.

 

Person-rooted subtrees have also been used, but some app developers have difficulty in using them.

 

For non-simple attributes, this is perhaps a good solution. It was noted that scope is an attribute value...

 

Are complex values useful in attribute assertions? What has been the experience in the wild?

 

A person registry web service deployment at U. Washington was cited as an example, displaying directory information utilizing a RESTful interface to make the data available to client apps.

 

[AI] (RL "Bob) will distribute information about the UW person registry web service.

 

3. Trouble ahead: person and organization identifiers from social IdPs

 

Standardization, or at least an attempt to limit diversity, may be a useful task to pursue.

 

Identifying organizations is not simple, as the asserter of the attribute is not necessarily the SoR.

 

Scott proposed that a survey of current practice in identifying organizations (limited to higher ed and related, e.g. libraries and research) would be useful to inform the discussion, i.e. classification schemes and their limitations.

 

IPEDS (the Integrated Postsecondary Education Data System) has been used for this purpose in some settings, but it is unclear whether this is really the right approach for all.

http://nces.ed.gov/ipeds/

 

PESC (Postsecondary Electronic Standards Council) was also cited as a potentially useful source for reference.

http://www.pesc.org/

 

The org identifier used often depends on the business scenario, which makes life difficult for developers.

 

VOs (including and especially those which are international) seem to be the scenario in which this problem presents itself most often. The relationship between "scope" and organizational identity ought to be clearly explained, as a good first step. A given scope is only authorized back to one source system or IdP, but there could be more complex situations that need an alternative solution.

 

An actual use case, with a proposed solution, is needed to clarify the discussion and potential work in this area.

 

In the K12 setting, one solution seems to be to ignore school affiliations and default to a user-centric approach. Is this viable in other settings?

 

[AI] (Keith) will draft a problem statement on person and organization identifiers from social IdPs as it relates to VOs, as a discussion starter, and will refer to IPEDS for reference.

 

[AI] (Brendan) will distribute some reference materials related to person and organization identifiers from PESC.

 

4. eduCourse update activity beginning

MichaelP has been looking at eduCourse for some work at Penn State, and has determined that there would be value in taking a fresh look at this. eduCourseMember in particular is an attribute that may be good to revisit.

 

eduPersonOrgUnitDN and eduPersonPrimaryOrgUnitDN are also potentially useful in this context, i.e. using a DN in an LDAP entry rather than a string literal.

 

They created psuCourse with 2 attributes, courseKey and courseTitle, with a subclass comprising many attributes describing course specifics. They also tied this in with their work on a central person registry.

 

The similarity to Grouper hierarchies was cited as an interesting correlation, perhaps. It would be good to discuss this with the Grouper team for feedback, and this will be discussed further on a future MACE-Dir call.

 

[AI] (MichaelP) will add Penn State psuCourse reference materials in the MACE-Dir wiki.