MACE Directories BoF 2-May-2005

Directories BoF, Spring 2005 Internet2 Member Meeting
May 2, 2005

*Participants*
Keith Hazelton, U. Wisconsin, Madison (MACE-Dir chair)
Michael Gettes, Duke U.
Brendan Bellina (BB), USC
Scott Cantor, Ohio State U.
Tom Barton, U. Chicago
Shelley Henderson, USC
Roland Hedberg, TERENA
Thomas Lenggenhager, Switch
RL "Bob" Morgan, U. Washington
Michael Grady, U. Illinois, Urbana-Champaign
Jim Phelps, U. Wisconsin, Madison
David Bantz, U. Alaska, Fairbanks
Dwight Raum, Johns Hopkins U.
Heather Flanagan, Duke U.
Ross Wilper, Stanford U.
Shumon Huque, U. Pennsylvania
Tom Dopirak, Carnegie Mellon U.
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

*Discussion*
{Keith} and {Michael} guided the discussion about Local Domain Person affiliations vs. eduPersonAffiliation - controlled vocabulary. There was general concern amongst the participants regarding the current use of multiple languages. Ideally, the use of a single language would be implemented, which could be understood inter-institutionally – common practices among collaborating groups. It was pointed out that there are two types of users who will need to process this language: people and machines. There are several options for how the language could look, and this might include a common set of word-terms, not simply number-terms.

Discussion also focused on the Schema Harmonization Committee (SCHAC http://www.terena.nl/tech/task-forces/tf-emc2/schac.html), and how it coordinates attributes across institutions. Currently, the US is more coordinated in this area than its European counterparts; how will this change in the future? Shibboleth is not used consistently, and this presents different approaches on the handling of attributes and authorization. There are some attributes that may or may not be useful or desirable across institutions – for example, the gender of a person. Is there value here? This introduces privacy policy issues, which may vary according to the institution, and also according to the use of this attribute. What set of attributes should comprise the set of “standard” attributes? The Local Domain Person survey (see http://middleware.internet2.edu/dir/) focuses only on what individual institutions are doing, while there is a need to focus on the broader realm of multiple institutions. It may prove valuable to approach the problem from a couple of perspectives – this would provide more than one solution from which to derive strategies.

How valuable is password expiration, and is it really solving the problems it is designed to? How do people handle expirations of passwords to email accounts? What is an appropriate length of time between expiration dates? How is the notification of the password expiration to the user handled, such that there is a seamless transition between passwords for the user?

Another issue is how directories handle name spaces – you can no longer assume that people will be listed by their first and last name, for example. They are finding alternate ways of existing within a directory, but in such a way that it is all but impossible to search for and find them – for the sake of maintaining their privacy.

The Group discussed methods for data management, and which policies best target the handling of data in order to ensure that data is only shared with desired entities. However, these policies are dependent on whether they are being pushed by IT or the business side.

There are many policy issues to consider regarding name spaces, use of directories and passwords, and data policy - while also being sure to capture technical decisions.

The draft version of eduPerson is expected to be available 3Q2005

The next Mace-Directories WG call will be Monday, May 9, 2005 at 4:30pm ET. For information regarding the Fall 2005 Internet2 Member Meeting, stay tuned to <http://events.internet2.edu/2005/fall-mm/>.