MACE-Dir WG call
July 30, 2007
*Participants*
Keith Hazelton, U. Wisconsin-Madison (chair)
Scott Cantor, OSU
Paul Hill, MIT
Derek Owens, U. Notre Dame
Etan Weintraub, Johns Hopkins U.
Joy Veronneau, Cornell U.
RL “Bob” Morgan, U. Washington
Michael Pelikan, Penn State U.
Tom Barton, U. Chicago
Nate Klingenstein, Internet2
Michael Gettes, Internet2
Renee Frost, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)
New *Action Items*
[AI] {Keith} will check-in with the UK Access Management Federation for Education and Research on the question of using single or multiple-value affiliation.
[AI] {Keith} will draft a proposal that covers the common-lib-terms case via an affiliation.
[AI] {Keith} will draft a proposal on eduPersonScopedEntitlement.
Carry-over *Action Items*
[AI] {Scott} will revise the pilot proposal to add an entry for attribute definition space. (18-Jun-07)
[AI] {Keith} will model (BPMN) common lifecycle of groups, life stages of groups, grace periods, etc., soliciting ideas from the MACE-Dir list. (7-May-07)
[AI] {Brendan} will review archives related to eduAccount and search for interested folks, eventually arranging a call focused on formulating the right questions to target a solution. (26-Mar-07)
[AI] {Keith} will draft a document covering registered MACE entitlement values. (11-Sep-06)
Future *Agenda Topic*
- Decision on revising MACE-Dir defined attribute profile for SAML (18-Jun-07)
* Mikael Linden, who knows about the only production uses of eduCourseMember in a Shibbed environment, does not see a problem with Scott's proposal. See excerpt from Mikael's email below agenda.
- c (country) attribute (c.f. Tom Scavo’s email, 22-Jan-07)
- Coordinating IdP practices around changes in Attribute Release Policy.
- Proposal to add "applicant" to eP*Affiliation controlled vocabulary
* Excerpt from 29-June email from Joy Veronneau: "We are in the process of adding applicants to our directory over the summer. What we are worried about, and why I am starting this discussion, is access to shibbolized resources. If the FAFSA site shibbolizes, we would like our applicants to be able to sign in to that site with their Cornell applicant NetID. I'm assuming that edupersonaffiliation and/or edupersonscopedaffiliation might be attributes used by FAFSA? Or might they configure to use edupersonentitlement?"
- eduPersonEntitlement
* uses in the field
* good/best practices
*Agenda*
1. Proposal to add "library-walk-in" to eP*Affiliation controlled vocabulary
* This is intended to cover the common use case when a contract specifies that licensed e-resources are available to faculty, staff, students and people physically present in the library. Note that there is also an appropriate eduPersonEntitlement value to express that a person should be treated under the terms of that standard license clause: "urn:mace:dir:entitlement:common-lib-terms." The justification for an affiliation-based way to handle this comes from a large service provider in the UK that does not find entitlement a good fit for their situation where person attributes from multiple institutions are being handled by a single Identity Provider.
*Discussion*
-Proposal to add "library-walk-in" to eP*Affiliation controlled vocabulary-
The Group continued a conversation from the previous Working Group call, which was further discussed on the MACE-Dir mailing list.
The UK Access Management Federation for Education and Research has provided a use case extend the eP*Affiliation vocabulary for ‘library walk-in’, as they did not want to use Entitlement. Their case represents a very unique situation, especially given the size of the use case.
The Group decided that it would be good to define the ‘library walk-in’ generically, such that it may exist as a recommendation to others contemplating a similar situation. However, the best practice ought to still exist as ‘common-lib-terms’. {Tom} stressed the importance of considering the process rules that a campus ought to use in deciding which they will use. He said it is also important for a vendor to be aware of these process rules.
[AI] {Keith} will draft a proposal that covers the common-lib-terms case via an affiliation.
The was some confusion expressed as to how ‘member’ and ‘library walk-in’ will be used, and whether they will be used correctly. A motivation is to avoid misuse of semantics of member. The reason it is not simply ‘walk-in’ is that this is a specific library use case; other labs are not likely to have similar needs for a ‘walk-in’ solution.
[AI] {Keith} will check-in with the UK Access Management Federation for Education and Research on the question of using single or multiple-value affiliation.
{Keith} asked the Group whether common-lib-terms ought to be deprecated. It is still quite useful, and if deprecated, should be phased out over a period of time.
The Group discussed resurrecting Entitlement by scoping it, and having ‘library walk-in’ only to cover a certain class of use case. {Keith} mentioned putting together a proposal for ‘library walk-in’ and furthermore proposing work on eduPersonScopedEntitlement. This work will be shared with the Shibb-enabled vendor group.
[AI] {Keith} will draft a proposal on eduPersonScopedEntitlement.
The next MACE-Dir Working Group call will be held on Monday, August 13, 2007 at 4:30pm EDT.