**Attending**
Mike Olive, Stanford (chair)
Dave Donnelly, Stanford
Rob Carter, Duke
Klara Jelinkova, Duke
Michael Gettes, MIT
Jim Repa, MIT
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)
**New Action Items**
[AI] {Klara} will post on the wiki an updated version of the privilege management survey within about one week.
**Carryover Action Items**
[AI] {Dave} will write up his understanding of what Chris is asking for in the area of notifications and will add this to the requirements as something that has been deferred.
[AI] {MikeO} will send a note out to the list with some context about auditing issues and requesting folks to talk with their respective auditors for their perspectives, and report/discuss via the list.
[AI] {MikeO} will develop an initial strawman set of test cases to float to the list for feedback. Mike will also contact U. Washington for information on their authority manager (ASTRA), for additional data points about how other systems approach these issues.
**Discussion**
**Privilege Management Survey**
Klara thanked everyone who contributed to developing the privilege management assessment tool. She and Rob received much valuable input concerning the survey and its audiences.
**Review of how the Privilege Management Survey Developed**
The starting point was a monolithic privilege management survey. Over time it was refined and got split into three sections:
1. Info about the organization (demographics)
2. General Privilege Management Facilities and Requirements Questionnaire (includes opportunities for free-form answers).
3. Specific Functional/Technical Requirements questions - might make this part optional so functional (non-technical) folks can skip it.
MichaelG mentioned his experience suggests that if people see a survey as being useful to respond to, they are willing to answer even a long survey.
The goal is now – if possible - to get opinions from multiple people per site/campus, people from different departments, different organizations.
The survey has been recast with the hopes of getting input from six or more kinds of constituents.
1. Central IT or Identity Management Office
2. Central business systems
3. Services and systems supporting instruction and research
4. Virtual Organizations, or VOs
5. Smaller business systems managed within individual departments or schools/colleges
6. IT Security or Audit Office
**Getting Multiple Points of View**
What is the best approach to getting multiple points of view from a campus? The current planned approach is to ask the contact person to think about whether input from others is needed to get full representation. So we ask the contact person to think about the various questions on the survey, and then to get in touch with the necessary people and answer from these points of view.
For divergent views, a single institution could submit multiple copies or provide one survey with an amalgam of opinions. TomB noted that it should be specified clearly on the survey instructions how divergent answers should it be handled.
**Handling Open-Ended Questions**
For handling of open-ended, qualitative answers, SteveO mentioned that SurveyMonkey has many flexible features, such as allowing the survey to jump to a new question based on a previous answer. SurveyMonkey also allows for paragraphs of textual responses and has great reporting tools.
**Additional Changes to the Survey**
It was decided to consider adding more detailed questions about how privilege management fits in the infrastructure. There is currently a question on whether or not privilege management tools need to provide APIs to support dynamic privilege enforcement by participating applications, and this may be expanded upon.
Rob noted that it’s necessary to move the survey forward in order to have an interim report by the Internet2 Fall Member Meeting in October.
It was agreed that Jim Repa’s input (not yet incorporated into the survey) concerning centralization/decentralization of privilege management was extremely helpful and important.
(https://mail.internet2.edu/wws/arc/signet-dev/2008-07/msg00016.html)
**Getting the Survey Out**
Klara stated that she and Rob will incorporate Jim’s input and suggestions from the call. They will then put a new version of the survey on the wiki for the working group's review. The goal is to get the survey out to the first campuses after the next Signet conference call.
That the plan is to get further feedback on the survey from the first group of respondents (those who were at the MIT meeting on Privilege Management). After refining the survey based on that feedback, the survey will be sent to people on the EDUCAUSE identity mgmt group or CSG.
Michael suggested to explicitly state at the start of survey that functional people should be included, in order to encourage them to be involved.
[AI] {Klara} will post on the wiki an updated version of the privilege management survey within about one week.
**Signet 1.3 Release**
Signet 1.3 release is out on the Signet website. Everyone is encouraged to pound away and use it. Feedback will be greatly appreciated.
The next call is scheduled for Friday, 1-Aug-08 at 11am EDT.