Signet Call 1-Aug-2008

****Signet Call, 1-Aug-2008****

***Attending***

Mike Olive, Stanford (chair)
Dave Donnelly, Stanford
Rob Carter, Duke
Michael Gettes, MIT
Tom Barton, U. Chicago
Chris Hyzer, U. Penn
Ann West, Educause/Internet2
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)

*New Action Items*

[AI] {Rob and Ann} will coordinate on privilege management survey candidates.

[AI] {SteveO} will put the privilege management survey into Survey Monkey (edits to the survey will still be possible).

[AI] {Dave} will write up the differences between hooks in Signet and Grouper.

[AI] {Dave and Chris} will coordinate on hook development directions.

*Carryover Action Items*

[AI] {Dave} will write up his understanding of what Chris is asking for in the area of notifications and will add this to the requirements as something that has been deferred.
[AI] {MikeO} will send a note out to the list with some context about auditing issues and requesting folks to talk with their respective auditors for their perspectives, and report/discuss via the list.
[AI] {MikeO} will develop an initial strawman set of test cases to float to the list for feedback. Mike will also contact U. Washington for information on their authority manager (ASTRA),for additional data points about how other systems approach these issues.

***Discussion***

*Privilege Management Assessment Tool*

Rob reported that he recently updated the privilege management survey draft on the wiki.
https://wiki.internet2.edu/confluence/pages/viewpage.action?pageId=24366

1. Incorporating Jim Ripa’s suggestions (https://mail.internet2.edu/wws/arc/signet-dev/2008-07/msg00016.html) Jim is on vacation until Aug 8. The plan is to ask him to review the revised survey after that, to be sure his concerns were appropriately addressed.

2. Rewording the paragraph on incorporating multiple perspectives into survey responses. (This is the paragraph in the survey right above the words “cut here.”)

Two-Phase Process for Administering the Survey

The plan is still to conduct two phases in administering the survey.

1. Give the survey to about 8 initial institutions, perhaps over the phone, using a “high-touch” approach to get feedback on the survey itself.

2. Use the feedback received to improve the survey if indicated. Then provide the survey to a wider group of institutions.

MichaelG suggested that it’s important to let respondents see the entire survey if they want before embarking on answering it. The decision was to have the survey in SurveyMonkey, but to include on the welcome page a link to a PDF version of the survey that can be downloaded and reviewed in full.

[AI] {SteveO} will put the privilege management survey into Survey Monkey (edits to the survey will still be possible).

*Identifying Respondents*

For the initial group of about 8 schools to be surveyed, suggestions were to choose from either:

1. Schools that participated in the invitation-only privilege management forum at MIT a few months ago. (These were schools that have already started work in this space.)

2. Schools that participated in the Access Management Survey done by Ann, TomB and Keith Hazelton.

Rob noted the benefits of including a diverse group in the first 8 schools to be surveyed, not just schools that already have significant experience with privilege management.

There was discussion of using the Educause IdM group as a source for some of the survey participants. Ann noted that once the colleges to be included are identified, she can use social networking to identify the appopriate contacts.

Rob will talk with Klara to get her ideas of which schools she’d like to have respond to the survey.

[AI] {Rob and Ann} will coordinate on privilege management survey candidates.

The goal is to start administering the first round of surveys prior to the next Signet call.

*Signet Hooks Implementation*

Dave is in the process of doing development for hooks and plug-ins into Signet. He has reviewed what was done in this area in Grouper. Dave plans to use the original design decided on for Signet months ago. This will be a simpler implementation of hooks and plug-ins than is found in Grouper. Requirements for Signet are simpler, without the need for long-running transactions.

One difference is that Grouper has a pre-hook, a post-hook, and a post-commit hook, while Signet needs only a pre-hook and a post-commit hook.

Chris mentioned – and Dave agreed - that the configuration aspects could be kept fairly uniform between the implementations of hooks and plug-ins in Grouper and Signet.

[AI] {Dave} will write up and post on the wiki the differences between hooks in Signet and Grouper.

[AI] {Dave and Chris} will coordinate on hook development directions.

The next call is scheduled for Friday, 15-Aug-08 at 11am EDT.