*Action Items*
New
[AI] {Lynn} will update Entity Relationship Diagram to incorporate attribute sets and clarifying relationships.
[AI] {Lynn} will talk with Ken Klingenstein about licensing and copyright agreements for Signet.

Carry Over
[AI] {Group} will via the list begin compiling scenarios to be used as potential use cases.
[AI] {Keith} will summarize naming discussion and make proposals to begin defining privilege, task, function, etc.
[AI] {Steve C. and Minh} will discuss issues on the Shibboleth call.

*Participants*
Lynn McRae, Stanford University (Chair)
Andy Cohen, Stanford University
Shelly Henderson, University of Southern California
Charlotte Lewis, Pennsylvania State University
Rene Shuey, Pennsylvania State University
Steve Carmody, Brown University
Tom Barton, University of Chicago
Blair Christiansen, University of Chicago
David Wasley, University of California Office of the President (UCOP)
David Walker, University of California Office of the President (UCOP)
Torbjörn Wiberg, Umeå University, Sweden
Ann West, EDUCAUSE/Internet2
Steve Olshansky, Internet2

*Administrative*
All communications and work of Internet2 WG’s are subject to the Internet2 Intellectual Property Framework http://members.internet2.edu/intellectualproperty.html, please review this page.

*Discussion*
The group discussed developing a process to license and copyright Signet. Shibboleth is protected by copyright and license agreements. However, the Shibboleth agreements do not extend to Signet. This issue may have been addressed in the agreement between Stanford University and Internet2. Existing agreement language will legally protect programming language derived from current efforts.

Entity Relationship Diagram (ERD): Does the current version of the diagram capture all the appropriate entities? The group discussed the subsystem definition as defining privilege and assignment made to it along with the regular granting of privilege and granting of privilege-proxy. Elements exist in Signet outside of other systems. To begin defining scope organizational hierarchy and subject database are included. One subsystem is Signet. Another use of Signet is as a subsystem for proxy assignments stored and appearing as a regular assignment. Therefore, Signet could be a subsystem that has entitlements, not system specific, but instead enterprise specific. Throughout the system there is a duality of locally owned entitlements by a subsystem versus how we share entitlements across subsystems. The organization’s hierarchy would be input into Signet and would be used by all Signet users. While a hierarchy has some independence, it might be defined once and used in several places. In both cases a two part naming is considered similar to the Stanford Authority System and similar to the naming convention emerging in Grouper establishing domain names and ownership to a subsystem. This defines the possibly of a potentially enterprise wide domain linked to an enterprise wide subsystem.

The current Stanford system places constraints on the types of hierarchies or relations that one can have between roles. The subsystem structure imposes constraint on the nature of the roles and hierarchies. And, there are specific numbers of linked functions, tasks and entitlements. Those layers significantly constrain what can be done in terms of role and hierarchy. How much flexibility and conversely how much structure should Signet provide? From a user interface perspective, the elements being defined present a virtual simplification with respect to roles and individuals granting privileges; and, their assignment within an existing department. The ability to group, name and combine entitlements creates an opportunity for flexibility to leverage pre-developed entitlement sets for three cooperative system levels.

The group again discussed developing a common set of definitions for entitlement, privilege, permission, capability and right.

The next call is Friday, August 6, 2004 at 11:00AM ET.