MACE-paccman Call 4-Feb-2010

Tom Dopirak, CMU, (chair)
Chris Hyzer, U. Penn
Tom Barton, U. Chicago
Mark Scheible, NCSU
Rob Carter, Duke
Dan Seibert, UCSD
Ray Davis, U.C. Berkeley, Sakai
Vijay Konda, MIT
Paul Hill, MIT
Michael Pelikan, Pennsylvania State University
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)

**Carry Over Action Items**

[AI] (Everyone) review use cases, especially Kuali Rice responses
https://spaces.internet2.edu/display/macepaccman/Rice+KIM+and+selected+uses+cases

[AI] (TomD) and (R. L. Bob) will set a date for MACE review of the MACE-paccman charter.

[AI] (MichaelP) will work to polish the glossary, as a next step, until events warrant revisiting it.

[AI] (R.L. Bob) will separate “assurance” from “authentication” in the glossary.

[AI] (Rob) and (Paul) will look at Rob’s use cases and mapping to XACML.

*Workflow and Access Management*

TomD mentioned that MACE-paccman’s focus on privilege management overlaps with some workflow issues. For example, in the MACE-paccman glossary, there are terms related to workflow. When compiling use cases, there are use cases involving sign-offs.

Keith reported that Itana has been discussing workflow and defining the gaps related to workflow in our information systems. There are many definitions and solutions. It would be good to have a recommended enterprise workflow solution.

The Itana wiki has a workflow section:
https://spaces.internet2.edu/display/itana/Enterprise+Workflow

Keith is especially interested in the question of what happens when workflow needs to cross from a particular ERP into another area.

Workflow tools include:

YAWL (http://www.yawlfoundation.org/)

Intalio Tempo Workflow (http://www.intalio.org/confluence/display/TEMPO/Home;jsessionid=ELKIMHCKMCFB)

Kuali Enterprise Workflow (KEW) (http://rice.kuali.org/kew)

Drools (http://legacy.drools.codehaus.org/Design+for+Workflow+and+Rule+Management+System)

Chris says U. Penn has a funded project to use KEW. A prototype has been developed awaiting final approval.

Ray noted that Sakai 3 is going to start off using Drools as the workflow engine.

Concerning workflow for privilege management problems, TomB believes that with a good permission or privilege management system, then even workflow becomes actions within the privilege mgmt system. However, people still want a workflow solution.

Workflow has strengths when reviews are needed of someone else’s judgment/authority is need. People are comfortable with workflow since it’s the way existing (non automated) systems work. Workflow also offers an efficient way for someone to initiate a request and try to obtain approval.

People interested in workflow are invited to please join the Itana call, held after MACE-paccman on alternating Thursdays 2pm – 3pm ET.
https://spaces.internet2.edu/display/itana/Home

*NCSU Use Case*

The NCSU use case is now written up at:
https://spaces.internet2.edu/display/macepaccman/NCSU+Use+Cases

This use case involves providing access to specific functions in the PeopleSoft environment. NCSU wrote an in-house approval request application for auditing purposes. This is a workflow-oriented solution to a privileging problem.

This system requires approvals both for changes to privileges associated with a person and to changes affecting an object or resource.

PeopleSoft has a concept of attaching roles to users themselves and separately using lists of targets (objects or resources to be impacted). One problem: A change of scoping (e.g. from view to update) changes the scope for all of the objects a person can affect across departments (at least that is how PeopleSoft is configured at NCSU).

Perhaps PeopleSoft that doesn’t allow for the granularity of control that seems natural in higher ed (but might not be natural in a large private sector organization).

Mark will check with PeopleSoft support experts on the flexibility of PeopleSoft. The question is whether it Is possible to configure PeopleSoft to allow for more granularity.

*Kuali Reposes to use Cases*

Dan did a good job of responding to the use cases from a Kuali perspective.
https://spaces.internet2.edu/display/macepaccman/Rice+KIM+and+selected+uses+cases

Dan is still hoping to get comments/suggestions from other Kuali folks. There was not time at a recent face-toface meeting in Tucson to get their feedback.

*Use Case Modeling Tools and Examples*

Links to use case modeling tools and examples are now on the MACE-paccman wiki at:
https://spaces.internet2.edu/display/macepaccman/Use+Cases
*Sakai Update (Ray)*

Sakai 3 is in early stages on groups and roles thinking.
Charles Sturt University in Australia will be working on integrating Sakai 3 with academic structures.
Ray reviewed the latest release of Grouper , and it covers more of the target use cases.
Ray will be working closely with the NYU team as they look at integrating Grouper with Sakia 3.

*Grouper Update (Tom)*

The Grouper team updated their roadmap with a tentative list of features for Grouper 1.6.
Target release date for Grouper 1.6 is end of April 2010.
https://spaces.internet2.edu/display/GrouperWG/Grouper+Product+Roadmap

Next Meeting: Thursday, 18-Feb -2010, 1pm ET