*Action Items*
New
No new action items.
Carry Over
[AI] {Jennifer} will follow up with SteveO about the UI mock-ups on the WG’s
website to ensure that the mock-ups posted to the site are current.
[AI] {Group} will develop use cases for Signet.
[AI] {Lynn} will contact the development group in Australia about their UI development
efforts.
[AI] {Tom} will work on coming to agreement on the subject interface.
[AI] {Group} will respond to Minh’s subject API proposal.
[AI] {Minh} will research at Stanford to see if Sakai has enterprise integration
aspects that might also apply to Signet and Shibboleth.
[AI] {Tom} will arrange and send a conference call/agenda to WG for enterprise
integration within Internet2 UI contexts for Signet.
[AI] {Lynn and Minh} will provide the written summary of the conditions and
requirements for privacy and security.
[AI] {Jennifer} will solicit on site feedback from UC Davis about the UI demo/mock
up.
[AI] {Lynn} will send out a revised development roadmap.
[AI] {Minh} will develop a list of requirements for how Signet will interface
with LDAP and Grouper.
[AI] {Tom, Jennifer and Gary Brown (Bristol)} will discuss the modularity of
Signet’s UI and the internationalization of code for Grouper and Signet.
[AI] {Group} will via the list begin compiling scenarios to be used as potential
use cases.
[AI] {Keith} will summarize the naming discussion and make proposals to begin
defining privilege, task, function, etc.
[AI] {Lynn} will write up a person and function summary to express the relationship
of privileges to roles and to determine what gets expressed in the eduPerson
entitlement space.
*Participants*
Lynn McRae, Stanford (chair)
Minh Nguyen, Stanford
Andy Cohen, Stanford
Mark Jones, University of Texas Health Science Center at Houston (UTHSC-H)
Gary Brown, University of Bristol
Butch Labrecque, Cornell University
Joy Veronneau, Cornell University
Shelley Henderson, University of Southern California
Brendan Bellina, University of Southern California
Tom Barton, University of Chicago
Blair Christensen, University of Chicago
Keith Hazelton, University of Wisconsin - Madison
Bob Morgan, University of Washington
Terrie Clark, Internet2 (scribe)
Mike McGill, Internet2
Steve Olshansky, Internet2
*Discussion*
Signet version 0.3 is now available. This release includes a revoke privilege
function, limit-values capability for creating and revoking assignments, a person-search
using DHTML for most current browsers, page headers and footers using Apache
Tiles, and a SubjectFileLoader utility.
The binary distribution can be downloaded from: http://middleware.internet2.edu/signet/releases/. Source code can be found at: http://anoncvs.internet2.edu/cgi-bin/viewcvs.cgi/?cvsroot=I2MI. And, the demo can be found at: http://signet-demo.stanford.edu.
Work on the subject API has resulted in an implementation for a simple unstructured search by identifier. Efforts are underway to apply the subject API to both Grouper and Signet with hopes that individuals familiar with Grouper and/or Signet will provide feedback to the Signet WG about the subject API. Institutions installing the first version of the subject API will require significant programming to apply it to a local data source. The subject API is an implementation independent of Signet. It uses an adaptor class as a subset of the subject API in hopes of providing a flexible adaptor class. Development for a similar implementation utilizing LDAP will begin soon.
The group decided to refer to Signet’s database of privileges as a privilege registry.
The Signet privilege document has been sent to the group via the list. The
PC data oriented document’s root element is privileges. Signet attributes
are defined as sub-elements. The group seeks guidance for name space declarations.
How will an XML document schema function in Signet? A subject reference will
have its own name space and prefix definition. Where do we put XSB schema in
Internet2 developments? It has been decided to use URNs for URI for name spaces.
How is this managed with an XML schema? TheInternet2/MACE URN registry refers
to supporting documentation. See
http://middleware.internet2.edu/urn-mace/
Could this be used to reference XSB within a URN? It was decided to seek answers
to these questions on a subsequent WG call.
Within the document a privilege is a combination of a person, a resource and a qualifier. The document also has permission conditions (for example, duration of position) although what is described as a permission condition could be renamed as a permission qualifier. The dual nature of scope is defined as the ability to make assignments and a transaction limit. So, there are two roles for scope. One for Signet’s own subsystem and another for an outside application’s subsystem. Subsequently, there would be two privilege assignments. One would be “granting authority” and another would be “acting authority.” Refining the definition of scope will be a topic for discussion for an upcoming WG call.
A resource can have access to a function with greater authority that what is assigned to it as a limit. There is a resource for dollar amount and people, both using sub-tree labeling. Target applications might present a resource qualified by scope. XML has two positions for attributes, an attribute designator and an attribute value. The WG will further discuss mapping of XML data.
The next call is Friday, May 13, 2005 at 11:00PM ET. The call in number will
be sent out with an agenda prior to the call.