2010 Action Item Follow-up Call, 30-Mar-2011

Attending

Tom Barton, U. Chicago
Ken Klingenstein, Internet2
Steven Carmody, Brown
Tom Zeller, U. Memphis
Ben Oshrin, Internet2
Ann West, Internet2
Emily Eisbruch, Internet2 (scribe)

HANDY LINKS:

Discussion

Introduction

Review of purpose / goals for this Action Item Follow-Up call:

  • Get updates on the Action Items from 2010 Advance CAMP  https://spaces.at.internet2.edu/display/ACAMPActionItems/Home
  • ACAMP 2011 will again be an unconference, focusing on Identity Management issues confronting the community.
  • It is hoped that another batch of Action Items will emerge from 2011 Advance CAMP.
  • How can we improve the action item and follow-up process coming out of Advance CAMP?

Updates on the Action Item Projects

- Steven's Update

Steven was the lead on two action items: 

"Document and promulgate best practice for syncing Google groups from campus groups"

and

"Document and promulgate best practice for sharing Google docs with federated users"

Concerning syncing Google groups from campus groups:

  • Brown has deployed Grouper integration with Google Groups,
  • Brown leveraged code provided by University of Washington, using a message bus
  • For the most part, the syncing between Grouper and Google Groups works well, and things have settled down
  • A challenge is that things change regularly with Google
  • Google is about to completely change their main directory groups infrastructure (possible mid-April timeframe)
  • Changes will affect tags and properties on groups created in Google

Concerning best practices for sharing Google docs with federated users:

  • This action item is challenging due to many bugs in the Google code
  • There were a huge # of problems at start of semester
  • Using groups to manage permissions to access docs it works pretty well
  • Using a mixed model -- a combination of groups and individuals -- is highly problematic
  • Some people  but not others can see docs , there are different views of what's available
  • Emails alerts sent in unpredictable fashion
  • There is a lawsuit is underway concerning failure to meet ADA requirements http://nhjournal.com/2011/03/15/complaint-google-programs-hard-for-blind-students/
  • This lawsuit is halting some schools in their tracks

Q: What is the deliverable or outcome of Steven's Action Items?

  • For syncing Google groups from campus groups, as the code settles down, Brown can make  the code and documentation about the Brown experience available to other interested campuses.
  • For best practices for sharing Google docs, the instructional technology group at Brown is working on documentation, including best practices. The foundation of this work would be a Brown product, but it would be ideal to have community take ownership.
  • Ann remarked that the Brown experience could potentially make an interesting Advance CAMP presentation. 
  • Where should we post this information so folks know where to find it?
  • Documentation on replicating groups from Grouper to Google could be a contribution to the Grouper wiki. 
  • However, the federated Google docs usability documentation might been be a new category of information. 
  • TomB requests sensible guidance on how to get the word out and make the key information available. The ACAMP action item wiki is not intended to be a permanent home for such detailed information.
  • An  IAM online webinar would be a good idea, however that does not resolve the question of where to post information in the long term for the community's reference.
  • Could users of Google docs and Google groups create a group similar to an InCommon community group? Steven noted that there are many schools starting to do this work now, possibly including Michigan State and University of South Florida, who were at the 2010 ACAMP.
  • It was noted that Google is not in InCommon.
  •  
  • Perhaps an EDUCAUSE IdM Toolkit would be the correct framework for this information.

 ================

Benn's Update

Benn took the lead on two action items:

"Determine Next Steps for Promotion of Open Source IdM Products"

and

 "Define a Standard API for Groups"

These action items have moved under the FIFER (Free IDM Framework for Education & Research) framework. https://wiki.jasig.org/display/FIFER/Home

Benn reported that action item on promoting open source IdM products is moving slowly. People do not seem willing to devote time to this effort.

The Action Item on Defining a Standard API for Groups is moving along well.

  • There are about 6 people involved in these conversations 
  • The plan is to make the API more complex as use cases arise 
  • Kuali may be interested in the group API being developed.

Q: How should we inform the community about this work,  and promote others to consider adoption? 

 ================

- TomZ's Update

TomZ took the lead on the action item Determine How Federated Provisioning Should Work and Participate in SPML Standards Work to Support It

  • It’s difficult to pin this down and find a proper home for it. Thinking of moving under FIFER.
  • TomZ has been working with Chad re integration of Shib and Grouper for provisioning
  • They are considering creating a provisioning API of some sort 

Q: What would be the objectives for this effort? 

  • Possibly to implement the SAML change draft spec
  • The idea would be to have Shib support it and have LDAPPC consume these messages, using the new SAML approach 
  •  Not sure SPML is much of a player these days, although It’s there and we should support it.

Q:  What about change notification? 

  • There is an OASIS  change notification draft, (SAML V2.0 Change Notify Protocol Version 1.0), being supported by Oracle and Nokia Siemens:  http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml2-notify-protocol/v1.0/csd01/sstc-saml2-notify-protocol-v1.0-csd01.html
  • This draft supports various profiles 
  • We would write the Java code to handle the messages
  • Need to provide "wiring" (a source system plugged into an IdP)
  • This is based on a push model 
  • It’s a push system to tell a target that something has changed 
  • For example, U. Memphis tells Google Groups that something has changed, and then Google calls back and asks what  has changed
  • This is still in the discussion phase, no code is written 
  •  Would like to have a use case for initial implementation of design

Q: Where to put code or documentation that results from this work? 

A: TomZ: need to investigate licensing issues

Suggestion that TomZ discuss this work with Paul Hill.

 ================

Overarching Framework and Possible Gaps

Ken asked a two-part question:

1. Do the various parts fit together into an overarching framework? 

 and

2. Do we see gaps in the work?

Is the concept of federation an anchoring concept throughout the work on these action items? 

  • Steven noted that he is writing a vision document for the Brown the IdM system.  He sees that the IAM Diagram needs some updating, for concepts like social identities and VOs
  • IAM diagram is seen at http://www.internet2.edu/pubs/IAM-infosheet.pdf 
  • The vision of how things fit together has changed somewhat 
  •  But Steven does not see huge gaps, and he believes the overarching vision on that diagram is still valid
  •  The landscape includes research campuses, research labs , VOs , global interfederation, social identities.
  • Prior to 2011 Spring Member Meeting, Steven will be circulating his draft vision document to some set of people, many of whom are on the call. 
  • So Steven's vision document could serve as a trigger for thinking about how to update the diagram.Q: What about VO's? 
  • How much of the IdM work done to date has analogous developments in the research community? The diagram presents an enterprise view, but does it all have resonance for VOs? 
  •  Steven says, yes, VOs are operationally going to exist on some spectrum here. 
  •  Some VOs want to get as much help from central IT as possible, at the home campus for one of the PIs 
  •  Some VOs will want to do all the IdM work on their own 
  •  There will also be hybrids 

Onboarding

  • TomB stated that a possible "gap" area, needing more work is in the area onboarding, though "onboarding" may be an overused term.
  • Don’t want SSNs or Drivers License in the process 
  • But need to know: Is this a person we have a record for, or is this someone new? 
  • U. Chicago is working on this issue

 ================
Reflections on the Action Item Follow-Up Process

How should we change or improve the process of birthing and nurturing work items for the community?

Should we treat some differently than others ?

  • Benn: Don’t discourage people, but try to align ideas w problems someone needs to solve 
  •  Action Items driven by a campus need or a concrete use case fare better
  • Concerning a 2010 action item on which progress was not recorded on the ACAMP Action Item wiki... (  "Determine next steps for integration of social networking tools with campus IdM"), Steven noted that Chris Hubing at Penn State has in fact made substantial progress. http://thundercougarfalconbird.et-test.psu.edu/blog/
  • Ken noted that topics related to social networking tools could be excellent grist for the MACE/Salsa Dinner at 2011 SMM.
  •  
  • Q:  Is there interest in doing the same Action Item process again as an outgrowth of the  2011 ACAMP?
  • Consensus was that yes, this process was lightweight but it got the job done
  • No labels