Signet Working Group conference call June 9, 2006

Signet Working Group conference call
June 9, 2006

*Attendees*
Lynn McRae, Stanford U. (chair)
Dave Donnelly, Stanford U.
Gary Brown, U. Bristol
Joy Veronneau, Cornell U.
Tom Parker, Cornell U.
Bill Turner, Cornell U.
R.L. "Bob" Morgan, U. Washington
Andrea Beasing, Cornell U.
Nate Klingenstein, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

Carry Over *Action Items*
[AI] Contact {Lynn} if you identify additional functional requirements for your local project. (28-Apr)
[AI] {Bob} will send .htaccess local syntax to the group via the list.
[AI] {Tom} will send a few brief Signet case studies to the group via the list. [AI] {Group} will develop use cases for Signet.
[AI] {Jennifer} will solicit on site feedback from UC Davis about the UI demo/mock up.
[AI] {Minh} will develop a list of requirements for how Signet will interface with LDAP and Grouper.
[AI] {Tom, Jennifer, and Gary} will discuss the modularity of Signet's UI and the internationalization of code for Grouper and Signet. There will be a separate call for this item.
[AI] {Lynn} will write up a person and function summary to express the relationship of privileges to roles and to determine what gets expressed in the eduPerson entitlement space.

*Discussion*
{Lynn and Keith Hazelton} presented at the JA-Signet uPortal conference last week. Many attendees were fairly new to Identity Management concepts dealing with repositories or SSO. They discussed ways of how uPortal might be deployed in situations with Signet.

{Dave} discussed build / distribution progress to date in terms of features and issues (cf. email 9-Jun.) The are two main build tasks for production and development. Production refers to javadocs and deployment files, while development refers to the daily building and testing. He will continue to clean up additional files unnecessary for Tomcat deployment, etc. He is also working on standalone utilities. This work is being done with the goal to have Ant build as part of the distribution. Things are nearing a next-release stage of Signet; feedback is welcome.

{Joy} expressed that Cornell would need at least three build files to point to different directories. Using an Ant target deployed to Tomcat, they could do a single deploy – only changing the properties file in the database. {Gary} suggested creating a default signet.build.properties file as a system property.

{Lynn} discussed the status of subject properties work – currently, no one is working on it, and this may be a candidate topic for a MACE call. Discussion will continue on subject sources and its integration with Signet code.

Another subject of discussion focused on the dynamics of caching subject data. Within Signet, where should data about grantors and grantees be kept? Which attributes of interest would be recorded and why? – source type and subject ID. Would it be a local repository? There are some concerns over the privacy and amount of data sitting in these tables. Is there sufficient auditing value to do so? Other questions address how long this data should be kept, and furthermore, how it is updated in a practical manner. Ideally, when one calls out to the source, they would be returned the current values, and only in a source failure would the returned information be a remembered value – essentially cached data.

Lastly, the Group discussed the operational topic of rules and how they are evaluated. There should be enough flexibility to maintain support of different site strategies for handling this. How should lifecycle over time be supported? How should pre-requisites be handled? When are rules run to make sure the data is current? Beyond a manual transaction, how quickly could the data be refreshed, if a situation required immediate action?

{Bill} commented that Cornell is interested in a rapid query, where values are role-based, as opposed to calendar-based. Scale presents an issue when a query returns assignments with a specified condition. Additionally, computing resources may prove to be insufficient within the desired timeframe.

The next Signet WG conference call will be on Friday, June 23, 2006 at 11am EDT.