comanage-dev - [comanage-dev] Draft Minutes: COmanage-dev Call 4-Mar-2011
Subject: COmanage Developers List
List archive
- From: Emily Eisbruch <>
- To: CoMaNaGe-DeV <>
- Subject: [comanage-dev] Draft Minutes: COmanage-dev Call 4-Mar-2011
- Date: Mon, 14 Mar 2011 11:56:49 -0400
COmanage-dev Call 4-Mar-2011 Attending Heather Flanagan, Internet2 (chair) New Action Items [AI] (Keith) will make sure that the COmanage glossary covers roles and groups accurately. https://spaces.internet2.edu/display/COmanage/Glossary [AI] (Ken) will provide a link to the French listing regarding applicaitons and sets/bundles of attributes. Carry Over Action Items [AI] (Keith) will add to the COmanage wiki use case library the case of bridging identity using social identity credentials. [AI] (Keith) will ask Roland and Leif to clarify how social identity assertions will be handled in their system. [AI] (Benn) will update the COmanage roadmap based on recent discussions with COs. [AI] (Benn and Keith) will talk about Bamboo's requirements for person registry. [AI] (Ken) will contact David Groep about VOMS GUMS. [AI] (Steven) will develop a one-page write-up on attribute aggregation. [AI] (Heather) will ask U. Chicago people to contribute an academic (intra-institutional) use case to the COmanage use case library. DISCUSSION Groups and Roles in CO Context Comments included:
[AI] (Keith) will make sure that the COmanage glossary covers roles and groups accurately. Status Update (Benn)
Q: Keith: Does COmanage Gears currently rely on some implementation of registry and/or Grouper? A: Benn: There are no external dependencies except for framework ( php ). On the roadmap: insert the FIFER group API and connect that API with Grouper https://wiki.jasig.org/display/FIFER/Group+API+Data+Structures+and+Operations Social Identity
StevenC stated that there are three categories of use cases driving the social identity discussion: 1. Institutional applications where the owners want to accept social identities. An example is CMU using social identities for access to student bills. Parents won’t have SAML identity, so parents will be able to use social identity to view the student bills. 2. VOs who want to use social identity because SAML has not fully taken off in the U.S. People want more people accessing their site. Examples include VOs funded by NSF and smaller, more ad hoc collaborations. 3. People who are experimenting, sort of playing with social identity. Jim raised the example of DISQUS, used by newspapers and online blogs... where a user can access the discussion using their social ID. The user can then go on after using their twitter identity to set up an account and can add things that don't exist in their twitter account. http://disqus.com/ Push Vs Pull Issue Raised on International Collab Call of 3-March-2011
Leif was talking about applications that can dynamically generate a query during processing. A kind of late binding, not something that happens at logon time. No applications do that today. What we do see now in attribute aggregation is this scenario (Steven has a working demo for GENI that does this):
Steven noted that in case of GENI work, we might spit out x509 certificates into GENI space from COmanage, so there will be a single root for the commands coming into the apps from COmanage. But is having COmanage as a broker going to simplify the trust process for the application? Steven: GENI and the grid are two of the spaces that are wedded to x509. They fit into the federated framework where SAML2 metadata provides the trust. There is heavy reliance on PKI. There are use casees these days where people want a more dynamic situation, where it could be possible to instantly stand up some service and people would learn about it and trust it. A lot of apps these days, people can find ways to wrap SAML and its metadata - based trust fabric around it. Q: What about CI logon? A: CI logon works for the grid because there is a well-defined trust infrastructure on either side for mapping. There is login w SAML identity. It leverages SAML2 metadata to establish trust. CI logon has two CAs operated in proper fashion. CI Logon may be used in other spaces, such as OOI. Talking with GENI too. Attribute Bundles JimL: The CIC IAM group is discussing attribute bundles, and will possibly promote that to rest of InCommon. There is also talk about this within VIVO http://www.ctsi.ufl.edu/2010/05/01/vivo-enabling-national-networking-of-scientists/ Ken: The French are working on categorization of applications and developing sets (bundles) of attributes. The idea is that there are natural categories of applications where it makes sense to recommend a particular attribute bundle [AI] Ken will provide a link to the French listing regarding applicaitons and sets/bundles of attributes Keith noted that U-Wisc has an attribute bundle project. Steven: InCommon operations hopes by April to allow SPs to add requested attribute elements to their federation metadata. Next COmanage-dev Call: 18-March-2011 Emily Eisbruch, Technology Transfer Analyst Internet2 office: +1-734-352-4996 | mobile +1-734-730-5749 Visit our website: www.internet2.edu Follow us on Twitter: www.twitter.com/internet2 Become a Fan on Facebook: www.internet2.edu/facebook |
- [comanage-dev] Draft Minutes: COmanage-dev Call 4-Mar-2011, Emily Eisbruch, 03/14/2011
Archive powered by MHonArc 2.6.16.