Report out of the Breakout Sessions

OSS IDM

Reference implementations valuable
Oracle changed direction, SW free again?

  • Next steps:
  • put together a sw registry with functions and portability
  • form group to talk about Sun/Oracle
  • form group to work on protocol specs
  • look at marketing of Open Source IdM suite
  • look at the services catalog for IAM and see how it maps to needs
  • design/architecture documentation -- look at mechanisms by which the various components interconnect (e.g. via framework)
  • compile best practices to be included in a reference implementation

SPs and App Developers

  • best practices would be valuable to document - how to make your app federation-ready - provisioning is included
  • attribute creation and management
  • coding for SP options, if available
  • representing permissions for access control
  • scaling advice
  • standardized method of getting federation metadata would be useful
  • don't persist anything you can get in an assertion unless you have a justifiable requirement
  • Perhaps an InCommon or MACE working group, or even REFEDS, to work on documenting this...
  • federations having problems in ad hoc environments, how to handle different ARPs?
  • introduction problem, how to get into a collaborative environment
  • Next Steps:
  • Assemble volunteers to help with preparation of best practices documentation, including potentially Educause and OCLC, including both IdPs and SPs
  • Work with international partners, since adoption is becoming so widespread...
  • Scott will likely start by fleshing out the skeleton to kick this off, and reach out to specific people for contributions
  • InCommon should define extensions for things like uApprove

IdM Project/Process Mgmt.

Agile dev being used in some schools, but some of its principals don't work well in the middleware context - e.g. frequent customer review of deliverables

  • No Next Steps identified...

Loosely affiliated populations

more of a groups and LoA issue, based on a user's attributes...is it time to approach the testing boards, to run an IdP for applicants?

LoA

  • no good way to do a risk assessment
  • password entropy tool issues
  • SAML AuthN context - not widely used?
    - will be used to express InCommon Silver Profile
    - RP specific
    - a particular authN event may be associated with more than one profile...
    - Is scope the right thing to look at? What about one domain mapped to more than one IdP?
    • Next Steps:
    • LoA and identity assurance profiles are very different, and thus there needs to be distinction/clarification
    • Assemble list of schools using LoA with e.g. NIH
    • Revisit requirements for Silver, with an eye toward whether they are set too high for higher-ed
    • define what types of services might require higher LoA, and listing them
    • need risk assessment and better entropy tools
    • develop best practices for recredentialing, e.g. auditing challenge/response questions
    • define a subset of groups working on authn context to work with NIH

Grids & non-browser apps

- perhaps X.509 deserves more investigation and debate?

  • Next Steps:
  • support Eduroam (killer app), need national scale infrastructure
  • make progress on DNS to IdP mappings, for DNS-based discovery
  • Follow work in IETF on SASL and federated login
  • encourage work on non-browser clients by creating a wiki space to host student projects...

Kuali Id. Mgmt. (KIM)

  • Next Steps:
  • Revisit defining a standard API for groups
  • get Kuali governance to affirm direction for KIM, e.g. will it be a full IdM suite? Or be portable? Or support another group to make it portable?
  • get Kuali more involved in Educuase IdM CG list, for increased mutual awareness

Social Networking

some schools looking at using internally, other looking at developing external presence, e.g. on FaceBook.
raises privacy issues
InCommon interoperability with common social networks, of interest to majority of the community? If so, better to enable it the right way

Next Steps:

assemble a group to think about working with Google, FaceBook, and Twitter

encourage more attendance at IIW to interact with them

Encourage wider use of OpenSocial, and further development of relevant gadgets

Groups

  • Next Steps:
  • investigate federated external groups in COmanage
  • Google-Grouper connector - help with development?
  • work on sharing GoogleDocs with external users

OpenRegistry

  • No Next Steps identified
  •  

IAM Governance

  • Next Steps:
  • compile best practices, e.g. the way processes ought to work
  • case studies of working governance groups - what they have taken on and how they function
  • enable communication between interested users
  • Look at the PennState documentation

SPML

  • Next Steps:
  • UNC is working on this, and will document on a wiki page and dedicated mailing lists
  • No labels