MACE-Dir WG call
May 22, 2006
*Participants*
Keith Hazelton,
U. Wisconsin - Madison (chair)
Tom Barton, U. Chicago
Bob Morgan,
U. Washington
Scott Cantor, Ohio State U.
Todd Piket, MTU
Brendan
Bellina, USC
Renee Frost, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)
New *Action Items*
[AI]
Keith will email the list with a summary of recent developments
in the eduPersonEntitlement space.
Carry-over *Action Items*
[AI] {Keith} will work on the simplifying the URN MACE and
OID registry page. (27-Mar-06) [AI] {Keith} will contact (Walter
Cohen and Jon} about contributing towards requirements. (27-Mar-06)
[AI] {Bob} will email the list with an informative sentence
regarding an additional spec. (13-Mar-06)
[AI] {Steven Carmody}
will write up use cases on requirements for provisioning systems,
and send to {Walter}. (9-Jan-05)
Future *Agenda Topic*
– MACE-Dir & EDUCAUSE – how
might/should they work together on IdM issues?
*Discussion*
{Keith} led the Group through MACE-Directory’s list of
work items: See…<http://arch.doit.wisc.edu/keith/mace-dir/draft-mace-dir-workItems-2006-00.html> or… <http://arch.doit.wisc.edu/keith/mace-dir/draft-mace-dir-workItems-2006-00.static.html>
*AuthN: Characterizing authentication events: Use cases, information models, attributes, and bindings: {Keith} suggested that a level of assurance surround the AuthN of events. Documentation can support various levels, e.g., rudimentary, basic, medium, high. What is the best way to go about making an assertion at a certain level, given policies and management of operations? {Scott} pointed out that work on this topic should be reserved for a later date when it can be further discussed in detail, if it remains in the scope of MACE-Dir's activities.
*Trusted email addresses: There is more work to be done in the trusted email space. Some may be using emails as a means to authenticate a user. {Tom} suggested taking a survey of campus practice and then giving feedback to the community. {Keith} then raised thoughts on the new EDUCAUSE Identity Management mailing list, and whether this is a venue for possibly joint work on these issues.
*Deprecating new urn:mace:dir:attribute-def assignments: {Scott} suggested making a wiki topic to address the creation of attributes. See <https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/AttributeNaming> (cf. email 23-May.)
*eduPerson (2007??): Refactored document suite: Use cases, information models, attributes, and bindings: Discussion on this item was brief, stating that there is a need for future work in this area.
*eduPersonEntitlement best practices: The Group discussed not only who should create values, but more importantly, who should bind values to their meanings. Considerations for use cases include multiple language support, mission of attributes, binary tags, etc. [AI] Keith will email the list with a summary of recent developments in the eduPersonEntitlement space.
{Brendan} referenced his thread to the list regarding how Authorization is being handled on campuses today (cf. 18,20-Apr), and furthermore questioned if some were treating AuthN as their form of AuthZ. How to cast application-level permissions, and what is recommended vs. what is being done today? He is interested in hearing if anyone has found any approaches that are or are not working with respect to Signet. Discussion pointed to the possibility of business challenges being greater than technical obstacles. A suggestion was made for MACE-Dir to assist in identifying the main hold-ups, and furthermore outlining a means of working through these challenges.
NMI-EDIT will be hosting the upcoming CAMP Shibboleth: Enabling Campus and Federated Single Sign-On, in Burlington, Vermont over June 26-28 <http://www.educause.edu/CAMP062>; Advanced CAMP: Workflow Models and Technologies to follow immediately. Details of a Fall CAMP with a Signet/Grouper emphasis are not confirmed. Affiliation may be another topic of discussion for broad AuthZ decisions.
The next MACE-Dir WG call will be held on Monday, June 5, 2006.