Attendees:

Arnie Miles

Jeff Alderson

Grace (MusicCas)

Remington (MusicCas)

Nate

Michael Morris

Tim McGraw

Ann West

Agenda:

Discuss Actions Items

Begin preparations for IdP Installs

Minimum Set of Data Elements

Discussion:

Agenda item for next call:

Discussion of the requirements for data aggregation. What do these flows actually need to do? Policy enforcement points. Give participants as much flexibility as possible.

Discuss the implications of a stateless IdP and decide if they are acceptable or not. 

Discuss the different profiles that are available to us.

Action items reviewed and edited. See the action items page.

Architecture discussion led by Jeff Alderson:

Draft arch diagram

Need an idea of resources (VM's, etc) needed to get started

Nate:

How many VM's is not necessarily the initial question. Start with how many log-in requests and concurrent sessions do we need to handle? That will inform the number of VM's we need. Part of our purpose is to figure out. Start with one VM in an environment where the VM can be cloned.

Q: How does load balancing happening? 

A: No typical way. IdP clustering. Round robin. DNS round robin. Active. Deployment on highly virtualized infrastructure.  

Q: Are we using standards for the IdP? Off-the-shelf? 

A: Preference for Shibboleth. Interest in Tivoli. We do have access to the Shib team. SAML2.0. 

Q: Reference architecture?

A: No, because shib has had to be agnostic. Most common is Shib with an LDAP directory. OpenLDAP is the most common. MS AD. Pretty much whatever you want. Jeff will likely use Shib with MS AD for their environment. 

What are we missing?

What profiles are we going to support. SIngle logout? 

Action Items:

Action item: Nate will publish information about profiles to the wiki.

Action item for Jeff: First draft of Reference Architecture diagram and stated list of testing assumptions. Spec sheet, list tech we propose to use. Try to use different arch at Hobsons and ConnectEDU. Design testing documents.