MACE-Dir call - December 3, 2007

MACE-Dir WG call
December 3, 2007

*Participants*
Keith Hazelton, U. Wisconsin-Madison (chair)
Scott Cantor, OSU
RL “Bob” Morgan, U. Washington
Tom Barton, U. Chicago
Brendan Bellina, USC
Ann West, EDUCAUSE/Internet2
Michael Gettes, Internet2
Nate Klingenstein, Internet2
Renee Frost, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Keith, Etan Weintraub, and Mike Roszkowski} to put together an initial draft on interoperation with a non-Shibboleth Service Provider.
[AI] {Scott} will produce a final last-call draft of the attribute profiles document.
[AI] {Keith} will revise the eduPerson*Affiliation value for “library-walk-in” to clarify its exclusivity.

Carry-over *Action Items*
[AI] {Bill} will share a whitepaper addressing global Identity Management.
[AI] {Keith} will craft a survey question to understand what is going on within the eduCourse space in the real world, as it pertains to Section, and share with relevant mailing lists. (22-Oct-07)

*Agenda*
1. Discussion and Approval (?) of new Cantor redraft of attribute profiles document
* See < http://middleware.internet2.edu/dir/docs/draft-internet2-mace-dir-saml-attributes-20071202.pdf >
* With revisions marked < http://middleware.internet2.edu/dir/docs/draft-internet2-mace-dir-saml-attributes-20071202-diff.pdf >
2. MACE last call announced for eP*Affiliation value, "library-walk-in"
3. What do SPs and IdPs need to communicate about properties of identifiers?
* based on cullings from marathon thread on AAP/LOA.
Discussion and Approval (?)

*Discussion*
-Discussion and Approval (?) of new Cantor redraft of attribute profiles document-
{Keith and Scott} led the group through a discussion of the draft and recent changes made by {Scott}; see < http://middleware.internet2.edu/dir/docs/draft-internet2-mace-dir-saml-attributes-20071202.pdf >
View revisions marked at < http://middleware.internet2.edu/dir/docs/draft-internet2-mace-dir-saml-attributes-20071202-diff.pdf >

The draft is meant to be a supplement to the Shibboleth documentation and is not intended to be an actual how-to document for Shibboleth implementation. It will be beneficial to create a set of best practices around profiles that point to a normative document.

{Scott} pointed out that developers’ future work will focus on Shibboleth v2.0, as opposed to exerting efforts towards v1.3. However, as many are and will still using v1.3 for some time, it would be useful to have a page identifying important points, such as application specific pieces. [AI] {Keith, Etan Weintraub, and Mike Roszkowski} to put together an initial draft on interoperation with a non-Shibboleth Service Provider.

In particular, {Scott} discussed Artifact Configuration and Attribute Push; see < https://spaces.internet2.edu/display/SHIB/AlternateProfiles >. {Tom} reiterated the usefulness of non-normative illustrative examples to convey what is to be profiled.

The draft recommends traditional structured encoding (2.3.1.1) and using simple coding (2.3.1.2) only when it is not possible to use the former. Shibboleth SP will not do filtering for simple coding.

The Group requested examples alongside each definition for clarity. [AI] {Scott} will produce a final last-call draft of the attribute profiles document.

-MACE last call announced for eP*Affiliation value, "library-walk-in"-
The Group had a final discussion on the proposed library-walk-in value. In particular, there was clarification of when “library-walk-in” could be used alongside “member” or “affiliation”, and when it should not be confused with or accepted in place of those values. For example, library-walk-in is independent from member (and affiliation) and might have different privileges. While a member might also be a library-walk-in by virtue of being in the physical location of the library, being a library-walk-in does not assume that one has the same privileges as does a member or affiliation value. [AI] {Keith} will revise the eduPerson*Affiliation value for “library-walk-in” to clarify its exclusivity.

-What do SPs and IdPs need to communicate about properties of identifiers?-
Please reference the discussion on the MACE-Dir WG mailing list, beginning with the thread (subject: how to express a LOA/IAP) on 16-Nov < https://mail.internet2.edu/wws/arc/mace-dir/2007-11/msg00032.html >.

The next MACE-Directory Working Group call will be held on Monday, December 17, 2007 at 4:30pm EST.