MACE-paccman call of 29-Sept-2011

Attending:

Tom Dopirak, CMU, (co-chair)
Chris Hyzer, University of Pennsylvania
Rob Carter, Duke
Michael Pelikan, Pennsylvania State University
Remco Poortinga-van Wijnen, SURFnet
Steve Olshansky, Internet2

=======

**New Action Items**

[AI] (TomD) will talk to Keith about Action Item review

[AI] (TomD) will ping HeatherF about VOs and access management

[AI] (Rob) will solicit the OSIdM4HE Provisioning group about contributing to the paccman wiki

[AI] (MichaelP) will work on classifying use cases

[AI] (TomD) will work with Keith on agenda for I2MM session

=======

**Carry Over Action Items**

[AI] (Keith) will add to the agenda for a future paccman call:

- Gartner use case classification review
- SCIM work (update from ChrisP and TomZ)
- Review of permission limits work in Grouper http://www.youtube.com/watch?v=06l381Myjxg

[AI] (Keith) will test the definitions from the recipe work on "Access Control Policy Management" against the paccman use cases and report back to the group.

https://spaces.internet2.edu/display/macepaccman/Privilege+and+Access+Management+Recipes--A+Discussion-starter+Draft

[AI] (Keith) will investigate and report back to the paccman list on licensing policy terms for the Axiomatics Policy Server

[AI] (Keith and Charlotte) will preview the Axiomatics Policy Server.

=======

DISCUSSION

Internet2 Fall Member Meeting in Raleigh

Sessions of Interest Include:

- MACE-paccman Working Group - Monday, Oct 3, 9:15 - 10:15 am

- Where the Sidewalk Used to End--Privilege and Policy Management
Strategies (Chris Hyzer and Boyd Wilson) -
Tuesday Oct. 4 , 8:45 am

- Getting to a Full-spectrum Open Source Identity and Access Management
Solution (Steven Carmody, Keith Hazelton)
Wed Oct. 5, 8:30 am

======

Topics for the Working Group Hour on Monday, Oct 3:

Keith was not able to attend this call, but in his email, Keith suggested these topics related to provisioning for the WG meeting on Oct. 3:

Progress on Provisioning:
- Models at logical & conceptual level
- Relevant standards: SPML, XMPP, PubSub, SAML Change Notification, SCIM
- Implementations in whole or part, in production or development or evaluation stage (audience participation)

It was noted that it would be valuable to kickstart the access management recipe work at:
https://spaces.internet2.edu/display/macepaccman/Privilege+and+Access+Management+Recipes--A+Discussion-starter+Draft

Rob suggested that some introductory text is needed on that wiki page.

The recipe, plus work on the MACE Glossary, are important deliverables from this working group. Glossary is found at:
https://spaces.internet2.edu/display/macepaccman/Another+Glossary+Page

Keith and Rob are both interested in a focus on provisioning, partly because of the activities around OSIdm4HE
https://spaces.internet2.edu/display/OSIdM4HE/OSIdM4HE+Initiative

Rob will talk with others on the OSIdm4HE provisioning subgroup about sharing some of their work on the paccman wiki.
[AI] (Rob) will solicit the OSIdM4HE Provisioning group about contributing to the paccman wiki

Regarding provisioning, TomD noted that it is not always well understood by developers/application programers how to get attributes in and out of the directory.
Would be good to provide real world implementation examples on how to do this.

Another interesting question is how do you generalize attribute delivery for federations.
[AI] (TomD) will ping HeatherF about VOs and access management

Chris stated that as part of Grouper development work, he's interested in externalizing the Shibboleth release policies from Shib config files.
The idea is to have Grouper control which SPs get which entitlements/memberships, and not have to edit an XML file.

TomD suggested it would be helpful to look at use cases in production and analyze applying various access management approaches and processes.
MichaelP said that Penn State has use cases in the planning stages.

[AI] (MichaelP) will work on classifying use cases

Chris stated that the database permissions example he presented at the
14-Sept-2011 IAM Online could be of interest regarding a real world approach to an access management challenge:
That use case is described in the webinar called "Get Schooled on the New Grouper 2.0" found under the "Archived Sessions " heading here:
http://www.incommon.org/iamonline/
To see just the slides, the link is:
http://www.incommon.org/docs/iamonline/20110914_IAM_Online.pdf

=======

Other Projects

Grouper 2.0 has been released. http://www.internet2.edu/grouper/software.html
The Grouper WG session on Monday, Oct 3 will look at the roadmap for Grouper 2.1 and 2.2

=======

Handling of Older Action Items

TomD will talk with Keith about handling of older action items.
[AI] (TomD) will talk to Keith about Action Item review

=======

Next Call: Thursday, 13-Oct-2011, 1pm ET