COmanage Developers List

[Tom Barton <>]

I wish I could participate "live" more often, but for the moment I can
at least add a related note from the CIC IdM f2f that wrapped up while
you had this call.

The focus of that meeting was on how campus IdM can help VOs, and
bridging, ie, maintaining a participant's connection to a VO across a
transition from one campus to another, was a leading concern expressed
by the VO attendees (LIGO, CTSA, CTSI, HubZero, Bamboo). This led to
discussion of why some campuses aren't able to let departing members
continue to use their campus credential for an extended period of time,
which in turn largely boiled down to their not yet having divorced
authorization from authentication enough to mitigate the risks of
continuing to let ex-members authenticate. So good campus access
management practice can reduce VO management problems, a conclusion that
caught everyone's attention.

Although we did not decide to make achievement of "good campus access
management practice" a near-term priority for all CIC schools, it was a
close runner-up and we did decide to study it further to more narrowly
scope a goal that CIC CIOs could set for us all.

Glad to see that the state diagrams haven't been entirely forgotten! And
foundational to good access management practice since it provides the
triggers to remove the authorizations that matter, freeing us to let
collaborators continue to collaborate using the same tools even when
some of their members transition away.

Tom

On 2/28/2011 6:58 AM, Emily Eisbruch wrote:
> Q: For Bamboo, would coming in/authenticating via a social network
> identity be just an intial way to "board" and would the user then get
> added to the more official native identity store? Or would there be the
> option long-term for a user to authenticate using her/his social
> identity credentials?
> 
> A: (Keith) It may be desirable to maintain ability to enter via social
> identity. One use case is that a user changes their professional home
> base, for example moves from one university to another and needs a
> "bridging identity" while between institutions.
> 
> This relates to a much-discussed question of whether there be a
> permanent non-institutional identity attached to a person's
> institutional identity.
> 
> [AI] (Keith) will add to the COmanage wiki use case library the case of
> bridging identity using social identity
> credentials.[https://spaces.internet2.edu/display/COmanage/Use+Case+Library|display/COmanage/Use+Case+Library||||||||||||\||]
> 
> Ken noted:
> 
>     * that state diagrams that TomB created a while back showed the
>       importance of triggers. Triggers can be different in the VO world.
>       It's important to document the adaptation of the enterprise to the VO