MACE-paccman April 18, 2011

MACE-paccman Meeting Minutes
Monday, April 18, 2011
2011 Spring Member Meeting

Note: Thank you to Dean Woodbeck for preparing these minutes

----------
Recipe Book

https://spaces.internet2.edu/display/macepaccman/Privilege+and+Access+Management+Recipes--A+Discussion-starter+Draft

Keith Hazelton discussed the idea of an access management recipe book and what it might include. He envisions this as something similar to the LDAP recipe book that already exists. Ideas for content include:
• privileges - a generic model
• do we have the right terminology now, or can we agree on terminology?
• attribute delivery recipe
• generalizing to federated scenarios and VOs
• rule-based access control
• policy – a generic model
• examples of access mgmt. in production
• delegation
• provisioning to groups,

Comments on the recipe book
• If we want to achieve interoperability in a broad fashion, we need to drill down to specific recommendations.
• When including examples, sprinkle them throughout the document; do not put them all at the end.
• Build on decisions already made in other MACE groups (Grouper, COmanage)
• Make as software agnostic as possible
• In recommendations or strategy section, including recommendations about sunset of life cycles.
----------

Building a MACE Glossary on Access mgmt.
• Most Middleware groups using different terminology
• Other MACE groups have done glossaries it the past – these might provide a starting point

Is it worthwhile to have a common glossary?
• General agreement that there is
• Need to keep definitions as simple as possible
• Need to try to implement common terms among all working groups
• Need to keep in mind that, no matter what we do, and international groups will continue to have their own terminology
• COmanage has started something similar and Heather Flanagan (from COmanage) volunteered to work with Paccman on this

----------

Axiomatics

Penn State and the University of Wisconsin-Madison have been talking to Axiomatics and have the company’s process development software to use and evaluate for a year. They plan to report back to MACE-paccman on their thoughts. Lynn Garrison (Penn State) is evaluating this for use as a policy engine.

Penn State is looking at everything related to access management, so are also reviewing Grouper, perMIT, and Oracle Entitlement Server. The plan is to put together a set of data against which to test these products.