MACE-Dir call - May 21, 2007

MACE-Dir WG call
May 21, 2007

*Participants*
Keith Hazelton, U. Wisconsin-Madison (chair)
Scott Cantor, OSU
Rob Banz, UMBC
Ann West, EDUCAUSE/Internet2
Nate Klingenstein, Internet2
Michael Gettes, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Keith} will forward a link to an article in Network World regarding the ITU and Identity Management.
[AI] {Keith} will email {Bob} regarding his thoughts on a proper and useful relationship with Identity Commons.

Carry-over *Action Items*
[AI] {Keith} will model (BPMN) common lifecycle of groups, life stages of groups, grace periods, etc., soliciting ideas from the MACE-Dir list. (7-May-07)
[AI] {Brendan} will review archives related to eduAccount and search for interested folks, eventually arranging a call focused on formulating the right questions to target a solution. (26-Mar-07)
[AI] {Keith} will draft a document covering registered MACE entitlement values. (11-Sep-06)

Future *Agenda Topic*
- c (country) attribute (c.f Tom Scavo’s email, 22-Jan-07)
- Coordinating IdP practices around changes in Attribute Release Policy.

*Agenda*
1. Levels of assurance of credentials and of authentication events: getting a handle on the problem
2. IETF RFC &/or ITU X.520 standardization of edu* attributes; X.521 standardization of edu* object classes.
3. Guidance on what ePEntitlement registry doc should cover
4. Liaison with identity gang work: what form, who,...
5. Begin a persistent queue of open areas of potential work on wiki, e.g.,
5.1 localEduPerson OC, attributes; affiliation sub-types and roll-ups
5.2 Collaborative use, evolution of SCHAC userStatus
5.3 Coordination with SCHAC generally
5.4 Crispification of language around meaning of ePAffiliation values:
student, staff, faculty, affiliate, member
5.5 Guidelines on reassignment of ePPNs, ePTIDs (& by whom promulgated?)
5.6 Guidelines on values of identifiers... ePPNs are human friendly???
6. Use of the wiki to expand; starting with discussion topics on this call
Subscribe to RSS feeds on changes to wiki pages vs. email as only e-forum for MACE-Dir work.
Keep mace-dir list plugged into all work areas wiki or not.

*Discussion*
-Levels of assurance of credentials and of authentication events-
Keith} suggested that this topic be raised again for in-depth discussion when a broader group of people can be present.

-IETF RFC &/or ITU X.520 standardization of edu* attributes-
{Scott} raised an opportunity for the Working Group to be more aggressive, in terms of setting precedence for using new technologies. The MACE-Dir Working Group has several years of experience with pushing attributes, and as the use of SAML grows, there will be more of an opportunity to push more out at the forefront. He asked the Group if ITU was the right place to proceed with this work.

{Keith} summarized with these two questions to the Group: 1) Do they agree with {Scott} that there is such an opportunity? and 2) If so, where, beyond MACE-Dir, ought the work happen – the ITU or another standards body?

{Michael} commented that standardizing work will not prevent large commercial entities from doing what they want. Vendors will have their own approach, and Higher Ed will have theirs. He asked the Group to reconsider the questions around {Scott’s} proposal in a way that pinpoints what the MACE-Dir WG would actually like to accomplish. Though we are presented with a vacuum, what are the real pressing issues?

{Scott} commented that the interest/opportunity has less to do with eduPerson and more to do with widening use cases. What are the different options for asserting employment? There may be no problem if the attributes do work, but if they are not sufficient, interoperability is compromised. He said that while they may not want to see eduPerson standardized, it is desirable to see a wider support of it. This brought up the isMemberOf specific, which went through the NMI release but did not get through ITU.

{Michael} suggested that they work first with Higher Ed, and if the problems are solved there, then the solutions will gain strength that can translate beyond. {Scott} shared his perspective that standardizing the work vertically in the educational sector will not work; he thinks broadening the scope is necessary, if with some difficulty. While this work is important, how to best approach it? {Michael} asked how they planned to measure success. This lead to {Keith} to mention the next agenda time, regarding liaising with the identity gang – do they need a metric to post items to this group?

{Keith} recommended that the Group try to define the scope for capturing this topic. Is it ok to move beyond the stated charter? [AI] {Keith} will forward a link to an article in Network World regarding the ITU and Identity Management.

-Guidance on what ePEntitlement registry doc should cover-
{Keith} decided to postpone gathering advice for next steps on the ePEntitlement registry document, though he did mention starting on a table-of-contents that would branch into a larger document.

-Liaison with identity gang work: what form, who,…-
{Keith} reiterated that if they want to be part of the conversation, they need to be where the conversation is happening. {Rob} agreed that they should bring experience and actively participate with them by showing what works and what does not. {Michael} still suggested that talking with them is one matter, while it is another to try to standardize more broadly with limited resources. [AI] {Keith} will email {Bob} regarding his thoughts on a proper and useful relationship with Identity Commons.

-Begin a persistent queue of open areas of potential work on wiki-
{Keith} asked the Group about the importance of the below list of activities:
- localEduPerson OC, attributes; affiliation sub-types and roll-ups
- Collaborative use, evolution of SCHAC userStatus
- Coordination with SCHAC generally
- Crispification of language around meaning of ePAffiliation values:
student, staff, faculty, affiliate, member
- Guidelines on reassignment of ePPNs, ePTIDs (& by whom promulgated?)
- Guidelines on values of identifiers... ePPNs are human friendly???

The MACE-Dir wiki has moved to <https://spaces.internet2.edu/display/macedir/MACE-Dir+Working+Group+Space> Working Group members can use the wiki to post drafts and proposals, etc., then passing the link to the MACE-Dir mailing list.

In response to an action item, {Keith} has posted a page in the MACE-Directory wiki <https://spaces.internet2.edu/x/qwo>, linking to a list of open issues.

He also posted < https://spaces.internet2.edu/x/CAs> as a place to share thoughts, opinions and pointers on the general subject of MACE-Dir work beyond the traditional MACE-Dir community.

The next MACE-Dir Working Group call will be held on Monday, June 4, 2007 at 4:30pm EDT.