Scribing Template --Tues., Nov 12, 2013 at 9:45am -- Marina del Rey Room
TOPIC: K-12 federation management, how to simplify the experience. (this topic is overloaded)
SCRIBE: Chris Phillips
# of ATTENDEES: 24
MAIN ISSUES DISCUSSED:
- How Can a local federation (internal to a school be deployed?)
- How can we easily deploy the technology internally
- How does something like COPA compliance influence a deployment.
- How much do we have to build an IDM
Definitions discussion pieces
Accounts do map to a single identity, but there are multiple accounts.
What is(defines/is an experience of) a sub federation:
- delegate trust framework to inCommon, but be sub-ordinate or compliance but have freedom to add non traditional members not traditionally in federations
- technical and policy distinguish boundaries to federation
- different policies and release of information drive the difference (specifically release policies sound like a driver?)
Why is SP/IDP onboarding different?
- internally, default release policy, eppn, uid, isGuest flag, umnEid
- eppn to incommon,
- policy difference on this internal fed is about the policies of the institution
Tools of inCommon POP doc applied to Campus services was a handy tool to assess and use to vet services
John K: CMU pilot of different set of aggregates (sets of entities) that are publishing separately.
These extra elements are subdomained within the CMU space.
Penn state: Friends of Penn state IdP, different
Is there REALLY a Need here??--> multiple identity providers (in inCommon metadata.
From a scope perspective, IdPs scope is usually linked to domains.
Technical capability is there for multiple. Administrative allowing of 1 participant to have multiple scopes is a policy.
Cal State has an example where this has multiple IdPs with multiple scopes within their domain as an example, but experienced pressure from a vendor saying that they are allowed '1 scope'.
Proxy Idp -- what does it mean. Does this mean that an IDP proxy is really a hub and spoke fed --> answers lead to yes. (scribes claim here)
InCommon Interfederation TAC Subgroup (InCommon Interfederation, open to anyone interested)
InCommon-Quilt Federation (Regional, Domestic K-20 Interfederation)
National K-12 Federated Identity and Access Management Task Force (list and monthly calls open to all)
When does it make sense to split out to be another 'federation'? (group response: what is inCommon not able to meet the need on, if nothing, no interior fed needed)
ACTIVITIES GOING FORWARD / NEXT STEPS:
If slides are used in the session, please ask presenters to convert their slides to PDF and email them to firstname.lastname@example.org
How can federation operators help cultivate knowledge about how to do local federations to incubate and operationalize the campus?