Scribing Template --Tues., Nov 12, 2013 at 9:45am -- Marina del Rey Room

TOPIC:   K-12 federation management, how to simplify the experience. (this topic is overloaded)

CONVENER

SCRIBE: Chris Phillips

# of ATTENDEES: 24

MAIN ISSUES DISCUSSED:

- How Can a local federation (internal to a school be deployed?)

- How can we easily deploy the technology internally

- How does something like COPA compliance influence a deployment.

- How much do we have to build an IDM 

Definitions discussion pieces

Accounts do map to a single identity, but there are multiple accounts.

What is(defines/is an experience of) a sub federation:  

- delegate trust framework  to inCommon, but be sub-ordinate or compliance but have freedom to add non traditional members not traditionally in federations

- technical and policy distinguish boundaries to federation

- different policies and release of information drive the difference (specifically release policies sound like a driver?)

Why is SP/IDP onboarding different?

- internally, default release policy, eppn, uid, isGuest flag, umnEid 

- eppn to incommon,

- policy difference on this internal fed is about the policies of the institution 

Annecdotal comments:

Tools of inCommon POP doc applied to Campus services was a handy tool to assess and use to vet services

inCommon 

Discussion points:

John K: CMU pilot of different set of aggregates (sets of entities) that are publishing separately. 

These extra elements are subdomained within the CMU space.  

Penn state:  Friends of Penn state IdP, different 

Is there REALLY a Need here??-->  multiple identity providers (in inCommon metadata.

From a scope perspective, IdPs scope is usually linked to domains.  

Technical capability is there for multiple. Administrative allowing of 1 participant to have multiple scopes is a policy. 

Cal State has an example where this has multiple IdPs with multiple scopes within their domain as an example, but experienced pressure from a vendor saying that they are allowed '1 scope'.

Proxy Idp -- what does it mean. Does this mean that an IDP proxy is really a hub and spoke fed --> answers lead to yes. (scribes claim here)

InCommon Interfederation TAC Subgroup (InCommon Interfederation, open to anyone interested)

InCommon-Quilt Federation (Regional, Domestic K-20 Interfederation)

National K-12 Federated Identity and Access Management Task Force (list and monthly calls open to all)

Questions

When does it make sense to split out to be another 'federation'? (group response: what is inCommon not able to meet the need on, if nothing, no interior fed needed)

ACTIVITIES GOING FORWARD / NEXT STEPS:

If slides are used in the session, please ask presenters to convert their slides to PDF and email them to acamp-info@incommon.org

How can federation operators help cultivate knowledge about how to do local federations to incubate and operationalize the campus?

  • No labels