VidMid-VC Conference Call March 21, 2005

Signet Conference Call April 1, 2005

*Action Items*

New
[AI] {Group} will develop use cases for Signet.

Carry Over
[AI] {Lynn} will contact the development group in Australia about their UI development efforts.
[AI] {Tom} will work on coming to agreement on the subject interface.
[AI] {Group} will respond to Minh’s subject API proposal.
[AI] {Minh} will research at Stanford to see if Sakai has enterprise integration aspects that might also apply to Signet and Shibboleth.
[AI] {Tom} will arrange and send a conference call/agenda to WG for enterprise integration within Internet2 UI contexts for Signet.
[AI] {Lynn and Minh} will provide the written summary of the conditions and requirements for privacy and security.
[AI] {Jennifer} will solicit on site feedback from UC Davis about the UI demo/mock up.
[AI] {Lynn} will send out a revised development roadmap.
[AI] {Minh} will develop a list of requirements for how Signet will interface with LDAP and Grouper.
[AI] {Tom, Jennifer and Gary Brown (Bristol)} will discuss the modularity of Signet’s UI and the internationalization of code for Grouper and Signet.
[AI] {Group} will via the list begin compiling scenarios to be used as potential use cases.
[AI] {Keith} will summarize the naming discussion and make proposals to begin defining privilege, task, function, etc.
[AI] {Lynn} will write up a person and function summary to express the relationship of privileges to roles and to determine what gets expressed in the eduPerson entitlement space.

*Participants*
Lynn McRae, Stanford (chair)
Minh Nguyen, Stanford
Tom Poage, University of California, Davis
Tom Arons, University of California, Davis
Steve Barrett, Cornell University
Karel Sedlacek, Cornell University
Joy Veronneau, Cornell University
Andrea Beesing, Cornell University
Shelly Henderson, University of Southern California
Tom Barton, University of Chicago
Keith Hazelton, University of Wisconsin, Madison
Bob Morgan, University of Washington
Steve Carmody, Brown University
Ann West, EDUCAUSE/Internet2
Terrie Clark, Internet2 (scribe)
Renee Frost, Internet2
Mike McGill, Internet2
Steve Olshansky, Internet2

*Discussion*
There is a Signet WG session at the Spring Internet2 Member Meeting, May 2 – 4, 2005 in Washington, DC. The Signet session is currently scheduled for 1:00PM Monday, May 2, 2005. For more information please see: http://events.internet2.edu/2005/spring-mm/.

The group discussed the nature and quality of Signet’s outputs. How does the data look once it is captured and managed in Signet? Will Signet produce a flat text, simple expression of privilege information that can become an attribute for simple filtering? Or, will the data be a complex expression structured as a full entitlement? A more complex data structure could not be represented as a simple text string, but it could be used in other development tools for a richer provisioning of information. It is possible that the data could represent anything, large or small, as long as it is acknowledged in an HTTP header.

Some use cases for managing web page access have been developed and are being discussed by the Signet WG. The group will continue to develop use cases reflecting possible university applications for Signet both with and without Shibboleth. Use cases will also reflect the use of single site applications and multiple site applications based on group membership. Signet will acknowledge group membership and manage privileges based on group membership. There are varying degrees of complexity for use cases and subsequent Signet functionality. The group decided to develop use cases reflecting the most common applications of Signet and then (at a later time) to develop more complex use cases. The use cases will help develop the product roadmap for Signet in terms of functionality. Financial, accounting and group management issues will be the focus of some early use cases.

The group seeks to develop criteria for recognizing when Signet is processing more than a single privilege. A system can manage group membership through Grouper, and Signet can subsequently manage the privileges for group members. Additionally, Signet will manage privileges extended to individuals who are not members of a group.

Some privileges are flat in structure; for example, a member of a group might be authorized for a specified spending amount. How will Signet be provisioned if the privilege structure exceeds the single flat privilege? How will Signet express the series of privileges? A different structure will be required for more complex multiple limits, roles, groups, academic topics and non-group members with privileges. A long-term goal for Signet is to address eduPerson entitlements along with eduCourse membership.

EduPerson entitlements can be highly structured privileges. If the privileges can be described as discrete variables, then Signet is an effective tool for processing the privileges. Some would prefer not to include the privileges in eduPerson entitlements because that would require parsing of the individuals’ data. And, it may be useful to put privilege documents in a directory or repository. If stored in a directory, then XML and SAML may function well with Signet. The group will discuss registries versus LDAP for Signet soon on an upcoming call. Individuals with experience or thoughts on this subject are encouraged to participate.

The next call is Friday, April 15, 2004 at 11:00PM ET. The call in number will be sent out with an agenda prior to the call.