***Attending***
Mike Olive, Stanford (chair)
Steven Carmody, Brown University
Rob Carter, Duke
Klara Jelinkova, Duke
Shilen Patel, Duke
Dave Donnelly, Stanford
***New Action Items***
[AI] {Klara} will post on the wiki a revised version of the proposed privilege management survey.
This version will request that the survey be answered by several individuals
(or from several perspectives) within the institutions being surveyed.
The goal is to collect data on privilege management requirements from the perspective of:
1. central business systems
2. services and systems supporting instruction and research
3. VOs
4. smaller business systems managed or run within a dept.
[AI] {Dave and SteveO} will prepare and make available Signet 1.3.0 RC2
**Carryover Action Items**
[AI] {Dave} will write up his understanding of what Chris is asking for in the area of
notifications and will add this to the requirements as something that has been deferred.
[AI] {MikeO} will send a note out to the list with some context about auditing issues
and requesting folks to talk with their respective auditors for their perspectives, and report/discuss via the list.
[AI] {MikeO} will develop an initial strawman set of test cases to float to the list for feedback.
Mike will also contact U. Washington for information on their authority manager (ASTRA),
for additional data points about how other systems approach these issues.
****Discussion** **
***Assessment Tool for Signet***
The group discussed the first draft of the Privilege Management assessment survey being developed by Klara and Rob.
https://mail.internet2.edu/wws/arc/signet-dev/2008-06/msg00021.html
Klara stressed that this is a very preliminary first draft.
Once the Signet WG has provided input, the plan is to send
the survey to a pilot group of 8 schools,
to get their feedback, and then send it to a broader audience.
The survey contains both quantitative and qualitative questions.
SteveC suggested that there are varied privilege management needs and perspectives worth capturing within an institution.
There was a discussion of privilege management requirements, including the relationship between group management and privilege management. Some privilege management can probably be done automatically as part of group management (e.g. students get certain permissions, TAs and instructors get certain other permissions, etc.). It was suggested that Signet could be used to codify the rules and apply them globally.
Klara mentioned that there was an interesting discussion at a recent Itana meeting about extraction of rules from applications.
SteveC noted that for auditing and logging purposes, it can be important to easily track which individuals (not just which groups) have certain privileges. Having two logs -- one of privilege rules and one of groups -- can be a barrier to answering questions that auditors and security people care about.
[AI] {Klara} will post on the wiki a revised version of the proposed privilege management survey. This version will request that the survey should be answered by several individuals (or from several perspectives) within the institutions being surveyed.
The goal is to collect data on privilege management requirements from the perspective of 1. central business systems, 2. services and systems supporting instruction and research, 3. VOs, and 4. smaller business systems managed or run within a department.
***Signet 1.3.0 RC2 release***
Dave reported that all JIRA issues have been fixed. MikeO will retest and verify and mark JIRA items as closed.
[AI] {Dave and SteveO} will prepare and make available Signet 1.3.0 RC2.
Since the next Signet call would fall on the US Independence Day holiday, the next call is scheduled for Friday, 18-July-08 at 11am EDT.