COmanage Developers List

[Steve Olshansky <>]

fyi

Begin forwarded message:

> From: Steve Olshansky 
> <>
> Date: January 6, 2011 9:05:05 AM MST
> To: 
> 
> Subject: [collab-intl] Notes: International Collab Call 6-Jan-2011
> 
> International Collab Call 6-Jan-2011
> 
> 
> 
> **Attending**
> 
> Heather Flanagan, Internet2
> 
> Niels van Dijk, SURFnet
> 
> Ken Klingenstein, Internet2
> 
> Steven Carmody, Brown U.
> 
> Benn Oshrin, Internet2
> 
> Steve Olshansky, Internet2 (scribe)
> 
> 
> 
> ** Next meeting **
> 
> 3-Feb-2010 (may be rescheduled due to conflict with the COmanage-iPlant 
> meeting)
> 
> 
> 
> **New Action Items**
> 
> [AI] (Niels) will send the BambooUK rep's contact info to Ken.
> 
> 
> 
> **Carryover Action Items**
> 
> [AI] (Heather) will invite Olivier Salaün (CRU) and Kaz Yamaji (National 
> Institute of Informatics, Japan) to join the list and calls.
> 
> [AI] (Ken) will send mail to Niels and TomZ to connect them on provisioning.
> 
> [AI] (Ken) will follow up with Internet2 tech staff about configuring the 
> Internet2 IdP to access the SURFnet wiki.
> 
> 
> 
> **Discussion**
> 
> * Update on new players or activities in this space
> 
> Recent discussion about interdomain federated access to GoogleApps are 
> interesting. It has appeared in the past that GoogleApps domains are tied 
> to a specific IdP, so this could be an interesting thing to explore. 
> Discovery of course will play a significant role.
> 
> 
> 
> Use cases for interoperation between OpenID and SAML-based federation are 
> being assembled by Steven and Keith Hazelton (U. Wisconsin - Madison, 
> MACE-Dir working group co-chair).
> 
> https://groups.google.com/group/shibboleth-users/browse_thread/thread/714fded884469397#
> 
> 
> 
> Niels noted that they have an OpenID to SAML gateway, but not the reverse.
> 
> 
> 
> * Status of various efforts
> 
>  ** COIN
> 
> SURFConext has launched, and OpenConext (the open source version) will 
> follow in a few months. The Apache Foundation has invited them to 
> participate in the creation of a new portal, based on their OpenSocial 
> work. Other participants would be JISC and Indiana U., as well as some 
> commercial companies.
> 
http://www.surfnet.nl/en/Thema/coin/Pages/Default.aspx

> 
> 
> Gartner has done an assessment of their platform, and Niels will share the 
> report with the list when it is public. It was a fairly positive review.
> 
> 
> 
> The continue to work with app vendors, and now have a significant number of 
> institutions and VO-like collaborations within the Netherlands interested 
> in doing pilots.
> 
> 
> 
> They expect a good level of funding for this work in the coming year, so 
> that bodes well for future development.
> 
> 
> 
> JISC CETIS (Centre for Educational Technology and Interoperability 
> Standards) is engaged in evaluating this work as well.
> 
> http://jisc.cetis.ac.uk/
> 
> 
> 
> Q: Will you be deploying apps centrally, or leaving that to the campuses?
> 
> A: Both. They have 5-6 central apps, including BigBlueButton, FileSender, 
> and Foodle, along with some commercial apps. They do not yet have 
> international IdPs enabled, but that is forthcoming.
> 
> 
> 
> It was observed that InCommon had its first SP refuse to join, due to the 
> fees, and would prefer to wait for interfederation. SURFfederatie has 
> recently begun charging certain SPs a modest fee, to cover its 
> administrative costs. Apparently many federations charge SPs to join, 
> although some do not.
> 
> 
> 
> BambooUK contacted them to see if they could use the COIN platform. 
> Discussions are proceeding with them...
> 
> 
> 
> [AI] (Niels) will send the BambooUK rep's contact info to Ken.
> 
> 
> 
>  ** COmanage
> 
> LIGO
> 
> The recent meeting led to some flow diagrams for the enrollment process, 
> and in fact some clarification of this process on their part in the course 
> of working with us. In particular, when a participant moves from one 
> affiliation to another, is an area of interest. It is unclear how extensive 
> their initial efforts will be with COmanage. The notes and flow diagrams 
> are in the wiki:
> 
> https://spaces.internet2.edu/display/COmanage/LIGO+Use+Cases
> 
> 
> 
> They do not have much visibility into the VIRGO systems (black box to LIGO) 
> and thus their initial focus will be domestic.
> 
> 
> 
> iPlant
> 
> We will be meeting with them in the near future, and ScottK from LIGO will 
> participate as well for cross-pollination.
> 
> 
> 
> Capturing VO business process functionalities as they relate to registries 
> is a key focus currently. The distinction between service registries and 
> person registries is emerging as significant, as person registries requires 
> significantly more functionality. In COIN, they capture users upon first 
> entry, and some of their key attributes (FirstName, LastName, e-mail, and a 
> unique identifier), and enable user-consent functionality.
> 
> 
> 
> Benn noted that COmanage is developing a system that is really an IdM 
> system, with a distinction being how it handles new users.
> 
> 
> 
> Q: How do affiliate institutions figure into this VO model? E.g. can users 
> use "outside" credentials?
> 
> A: This will vary by VO, as they apparently operate differently in this 
> regard. Some are effectively the IdP for all of their users, while others 
> will accept users from "foreign" IdPs.
> 
> 
> 
> In our discussions with VOs to date, they are more interested in refining 
> their business processes than in user-facing apps, which is somewhat of a 
> surprise.
> 
> 
> 
> Steven noted the recent emergence of OpenIAM, also resold and supported by 
> vendors (e.g. AegisUSA). Is there an open source person registry that might 
> have useful capabilities for our purposes as well?
> 
> http://openiam.org/
> 
> http://openiam.com/
> 
> 
>