MACE-Dir WG call - November 20, 2006

MACE-Dir WG call
November 20, 2006

*Participants*
Keith Hazelton, U. Wisconsin - Madison (chair)
R.L. "Bob" Morgan, U. Washington
Tom Barton, U. Chicago
Scott Cantor, Ohio State U.
Will Norris, USC
Brendan Bellina, USC
Renee Frost, Internet2
Nate Klingenstein, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

Carry-over *Action Items*
[AI] {Keith} will draft a query to the MACE-Dir and EDUCAUSE Identity Management lists regarding campuses' current handling of level of assurance, after call with U. Texas and others.
[AI] {Keith} will draft a document covering registered MACE entitlement values. (11-Sep-06)
[AI] {Keith} will begin work on eduPerson (2007??). (31-Jul-06)

Future *Agenda Topic*
– MACE -Dir & EDUCAUSE – how might/should they work together on IdM issues?

*Agenda*
1. Information and info model layer issues in our worlds
- attribute push and its popularity
- attribute aggregation
- persistent identifiers
- attribute pull: knowing where to go to pull
- metadata models, distribution and trust mechanisms
- what is a good common information model above LDAP entries, SAML subjects and their attributes?
- Levels of assurance in various contexts
- what is the cost/benefit for attribute and attribute value standardization?
Is this only and always a case-by-case, community by community question?
2. Level of Assurance – call with proposed date of 15-Dec, 2pm EST.

*Discussion*

Events:
There will be a MACE-Dir BoF at the Fall 2006 Internet2 Member Meeting. This meeting will be held at 10:30am-12pm CT, room TBA. Please stay tuned to the Program Agenda for the updated meeting room location <http://events.internet2.edu/2006/fall-mm/agenda.cfm>.

Today's discussion centered around {Keith's} suggestion to list and consider all issues that fit into one of two categories: 1) matters related to VO, federation identity management, and GRID - and which are appropriate for MACE-Dir to address, and 2) classic MACE-Dir questions, such as issues that Brendan raised. See the appended note from {Keith} (cf. email 20-Nov) [0]. The Group briefly discussed the list of issues in the first agenda topic, deciding if there is activity within that space, how much, and where. {Keith} suggested that this list continue growing, as items can be removed or appropriated as necessary.

The MACE-Dir group has connections to various people and groups involved in a number of areas. Some projects are sending proposals to NSF, etc., and MACE-Dir needs to stay informed for several reasons: 1) to not compete with similarly minded projects, 2) to assist with projects where there is overlap and when desired, and 3) to refrain from activities that digress from the Working Group scope. {Tom} suggested that the Group establish a clear path for where others want to go, and what are the steps for staying aware of everything in order to support these efforts. {Keith} mentioned it will be important for the Group to keep track of current/new projects and their activity.

{Bob's} email regarding identity schemas work targets the nature of this discussion. Many things are happening in the Identity space, and people want more than just a place to stick schemas – they want something that actually compares them.

{Brendan} raised a point about the practical issues surrounding directories, storing, handling queries, etc. Additional questions might include how a campus defines hierarchies and multiple hierarchies. If it is agreed that people ought to be represented in a flat manner, advocating group space in a hierarchical approach may raise a few issues. Addressing these kinds of topics presents another opportunity for MACE-Dir to explore, which might lead to higher adoption across campuses.

{Bob} characterized the discussion as stepping back from a pragmatic what-are-we-doing level to a more reflective what-should-we-be-doing level. He stressed that it is really the authorization and policy decisions that drives much of the current work, aside from attributes. He mentioned the Burton site, which highlights privacy and decentralizing; the links of interest were to the mailing list (cf. email 21-Nov).

Scott pointed out the importance of knowing what the community is concerned with. MACE-Dir could turn its focus to addressing issues that institutional services care about. What is the role of MACE-Dir in this ecosystem? In terms of code, best practices, etc., what else does the Working Group need to offer?

Another brief topic of discussion turned to the defining of security protocols. What is the push that is good for our users? Is OpenIdP enough assurance to access resources on campus?

Several people are planning to hold a separate call (mid-December?) regarding escalating interest in Level of Assurance issues. The call time is currently set for Friday, 15-December at 2pm EST. If you would like to join the discussion, please contact {Steve Olshansky} <steveo AT internet2 DOT edu>.

The upcoming MACE-Dir Working Group call on Monday is cancelled due to a conflict with the Internet2 Member Meeting. Therefore, the next MACE-Dir Working Group call will be held on Monday, December 18, 2006 at 4:30pm EST.