MACE-Dir October 13, 2008

MACE-Dir Working Group session
at Internet2 Fall Member Meeting in New Orleans
October 13, 2008

Welcome

Brendan Bellina started the meeting with welcome and introductions.

Recap of What’s Been Going On/Completed Items

- The MACE-Dir working group released the eduPerson (200806) specification, with the addition of the new eduPersonAssurance attribute.
For details, see http://middleware.internet2.edu/eduperson/ .
Thanks go to Paul Caskey, University of Texas.

- Updated RFC references

- Updated LDIFs
- OpenLDAP - Davide Vaghetti, University of Pisa
- Fedora Directory Server, Victoriano Giralt

Active Items

- Group usage survey
Etan Weintraub of Johns Hopkins is coordinating a Group Usage Survey,
https://spaces.internet2.edu/display/macedir/Survey+on+Group+Usage

Anyone with comments, suggestions, corrections, or additional questions should
add their comments on the wiki. There will be additional iterations before sending out the survey.

- Survey on Handling Test/Training/Admin Accounts

Joy Veronneau of Cornell is coordinating a survey on usage and handling of test/training/admin accounts. Issues occur when Shibboleth sometimes will not accept a test account to access the resources needed for troubleshooting.

https://spaces.internet2.edu/display/macedir/Survey+on+Test+Identities

Everyone is encouraged to go to the wiki and contribute.

- Possible Survey on eduCourse Usage

Only a small number of institutions are implementing eduCourse. Are people just not getting to it, and if not, why not? A survey be a good way to find out what solutions people are using for addressing courses.

- Request to Release Attributes in eduOrg

Scott Cantor reported that Europeans have requested a means to release attributes in eduOrg through SAML as part of person assertion. However, there is a problem releasing the cn of person and cn of org simultaneously due to labeling conflicts and privacy issues. Both subjects have the same attributes with different values.

After discussion, the consensus was that it is not appropriate to release the cn of person and cn of org simultaneously. The proper way to get info on a person and on that person’s organization is with two separate queries. MACE-dir is not going to devise a naming scheme to disambiguate these attributes.

- Implementation of Organizational Structure Information

What are the issues around understanding and recording the roles in the organizational hierarchy?

* Departments tend to be under divisions in most of academia, but this hierarchy is often reversed in medical schools.
* Where a payroll system is used to track roles, there is the problem that this does not track associations with no salary connected.
* Sometimes there are rings of associations, including individuals in external institutions
* There is no central system that knows enough about work structure and hierarchy. And collaborative activities are often not reflected at all.
* When someone in a dept. can sponsor a new dept. member, then what happens when the sponsor changes dept? Do adoptees lose their status?

Jim Leous reported that Penn State hired a librarian to help work out the definition of the organizational hierarchy.

The eduOrg spec is found at: http://www.educause.edu/eduperson/

National Student Clearinghouse

The National Student Clearinghouse (NSC) -- a big entity handling student records (their service being to verify degrees and enrollment to entities offering products or services to college/university students) in this country -- has joined the InCommon Federation.
http://www.studentclearinghouse.org/

What are the key attributes to support the Clearinghouse? How do we determine which identifier to send? (Similar questions arose with NIH.) The application could deal with getting a set of identifiers, but it’s easier for them if we just send one. Need alignment in MACE-Dir regarding what’s the right identifier to use. Possibilities:

- One frequently used identifier is the Institution identifier OPEID (Office of Postsecondary Education ID)
An institution may have multiple OPEIDs due to different organizations within the institution communicating with the Clearinghouse.

- Student Number - the primary identifier communicated from the institution to NSC (sometimes SSN is used, but this does not work for international students)

- PESC (Postsecondary Electronic Standards Council) - many registrars use this
http://www.pesc.org/

Other identifiers are already in use in some states for development of K-12 student portfolios.

Steven Carmody noted that the National Student Clearinghouse runs some businesses aside from their primary offering, such as verifying whether someone is a student and is therefore eligible for a particular discount. The federated approach can undercut this business model.

February CAMP

The Internet2/Educause “CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle” will be in Tempe, Arizona in Feb. 2009.
http://net.educause.edu/CAMP091

InCommon Working Group with Research Administrators

There is a New InCommon working group with research administrators. If you know of research administrators who might be interested, have them contact Steve Olshansky <steveo AT internet2 DOT edu>.

Determining Age of Social Networking Tool User

Bob Morgan reported that he is working with the Berkman Institute on reviewing proposals for ways of certifying if a person is underage. The goal is that MySpace, Yahoo, etc. will use this age information to prevent minors from mixing in certain spaces. Methods are being explored for vendors such as Yahoo to work with schools to ascertain a person’s date of birth.

Next MACE-Dir WG Call: 3-Nov-08