*Participants*
Keith Hazelton, U. Wisconsin-Madison (chair)
Scott Cantor, OSU
Rob Banz, UMBC
Tom Scavo, NCSA
R.L. “Bob” Morgan, U. Washington
Michael Gettes, Internet2
Renee Frost, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)
New *Action Items*
[AI] {Michael} will email the MACE-Dir Group with his proposal for a new attribute called groupDisplayName for use by group objects.
[AI] {Keith} will check with {Mikael Linden} about the use of eduCourse in Finland.
[AI] {Scott} will revise his proposal on MACE-Dir attribute profiles for SAML from 22-Apr and submit a new working draft.
[AI] {Keith} will post an item about the IMS Enterprise Services 2.0 charter to the list for feedback, regarding eduCourse attributes.
Carry-over *Action Items*
[AI] {Keith} will model (BPMN) common lifecycle of groups, life stages of groups, grace periods, etc., soliciting ideas from the MACE-Dir list. (7-May-07)
[AI] {Brendan} will review archives related to eduAccount and search for interested folks, eventually arranging a call focused on formulating the right questions to target a solution. (26-Mar-07)
[AI] {Keith} will draft a document covering registered MACE entitlement values. (11-Sep-06)
Future *Agenda Topic*
- c (country) attribute (c.f. Tom Scavo’s email, 22-Jan-07)
- Coordinating IdP practices around changes in Attribute Release Policy.
*Agenda*
1. Decision on revising MACE-Dir defined attribute profile for SAML
* Responses to Keith's email indicate there is little or no production use of eduCourse attributes in a federated mode, though a number of institutions are now considering adopting the object class and attributes.
* A note on the freshly chartered IMS Working Group on version 2.0 of Enterprise Services (which will include Courses (templates, offerings and sections). See < http://www.imsglobal.org/enterprise.cfm>
* Background: See Scott Cantor's email of 22-Apr: "Scoped attribute and naming compatibility" and the discussion under the last heading("MACE I2MI attribute profiles for SAML") in notes from the MACE-Dir WG at the Internet2 Member Meeting:
< https://spaces.internet2.edu/display/macedir/MACE-Dir+Bof+Notes/ >
2. Levels of assurance of credentials and of authentication events: getting a handle on the problem
*Discussion*
The Group discussed whether they should do more with Identity Commons regarding discussion on the MACE-Dir mailing list. {Bob} mentioned a few views around OpenIdP and suggested that discussion points to its moving towards SAML in the future. Another venue for collaboration is the Concordia project: < http://projectconcordia.org/index.php/Main_Page/ >. He expects there to be a Liberty discussion at the Burton Group Catalyst Conference: < http://catalyst.burtongroup.com/NA07/index.html/ >. {Scott} encouraged the Group to consider the context and remember to look for opportunities to contribute, even if it does not mean moving to Identity Commons.
-Decision on revising MACE-Dir defined attribute profile for SAML-
{Keith} expressed a desire for the Group to reach consensus on {Scott’s} email regarding scoped attribute and naming compatibility < https://mail.internet2.edu/wws/arc/mace-dir/2007-04/msg00084.html >. He was interested in 1) whether the Group has clearly identified the concern around courseOffering and 2) how the Group can agree on an approach to move forward.
{Bob} mentioned those campuses that may not be federated, but very well may be using Shibboleth on an intra-campus level. Discussion pointed to the eduCourse article, which has moved beyond draft status: < http://middleware.internet2.edu/courseid/docs/internet2-mace-dir-courseid-educourse-ldap-200507.html >. [AI] {Keith} will post an item about the IMS Enterprise Services 2.0 charter to the list for feedback, regarding eduCourse attributes.
{Scott} talked about looking to best practices for setting standards; {Bob} mentioned his email (4-Jun) where he responded to a thread around attribute naming being a problem for ADFS, commenting on its limitations.
{Keith} did not think that the rules defined by the IMS are enough; they discouraged making extensions loosely. However, in terms of definitions, there is not much to tighten up. {Scott} reminded all that the idea is to support different profiles. Initial cases had limitations of the software, which was not expected to be a perfect solution. [AI] {Keith} will check with {Mikael Linden} about the use of eduCourse in Finland.
[AI] {Scott} will revise his proposal on MACE-Dir attribute profiles for SAML from 22-Apr and submit a new working draft.
Though eduMember is baked, {Michael} commented that it would be nice to add DisplayName. [AI] {Michael} will email the MACE-Dir Group with his proposal for a new attribute called groupDisplayName for use by group objects. [0]
{Keith} talked about the IMS Global Learning Consortium < http://www.imsglobal.org/ >. Both U. Washington and U. Wisconsin-Madison have shown an interest and concern around courseOffering. The MACE-Dir Group could continue to monitor this space and respond with feedback to the mailing list.
-Levels of assurance of credentials and of authentication events: getting a handle on the problem-
{Keith} referenced the February NMI-EDIT CAMP, where there was much discussion on Level of Assurance. Proceedings from the CAMP can be found here: < http://www.educause.edu/Proceedings/12128/ >. He asked if there is critical mass around this work, and if not in MACE-Dir, where should it take place?
One of the drivers for level of assurance is the consensus around applications wanting to know the LoA. Additionally, bringing parents and alums into the picture creates a need for a physical distinction in approaching authentication and authorization. {Bob} expanded on these ideas with thoughts on how to apply these concepts to the identity lifecycle. There ought to be better identifying of good practices for setting standards. Again, how should the MACE-Dir Working Group continue to monitor this space, and should they recruit the efforts of another Group? How can the Group create value around the role of Identity Management? It is not enough to simply ask if folks can meet the eAuth checklist. The community needs to reach a realistic expectation in this space.
The next MACE-Dir Working Group call will be held on Monday, June 18, 2007 at 4:30pm EDT.
“”””””””””””””””””””
[0] C.f. Michael Gettes’ email to the MACE-Dir mailing list on 4-June:
< https://mail.internet2.edu/wws/arc/mace-dir/2007-06/msg00007.html >