InCommon Pilot Call
March 13, 2014
PARTICIPANTS: Ann West (InCommon/Internet2), Bernie A’cs Jim Peterson, Jason Radford, (IllniCloud) George Laskaris, Jordan (Nebraska) (NJEDge.net) Mike Danahy (Nebraska), Mark Johnson, (MCNC),
scribe: Jennifer Griffin, The Quilt
InCommon/Quilt Federation wiki space:https://spaces.at.internet2.edu/display/InCQuiltFed/Home
TASKS:
MEETING NOTES: (Call Recorded)
Policy Reminder
http://www.internet2.edu/membership/ip.html
1) Roll call, agenda bash
2)Status Updates from Current Pilots
a) IlliniCloud – On-Site Affiliate session was held last week. Muti-tenancy immersion in the portal is looking good. Multi tenancy within the centralized IdP proxy scenario is taking shape and is being coupled with the notion of tenancy so when they say they are creating a tenant, they are getting logical entity in both environments that are one-in-the-same and connected.
b) Nebraska – Finished statewide meeting and working on IdManagement in different spots. Still discussing a proxy implementation as recommended by Paul Katz. The LOR was an isse in getting authentication going to be beta testing SAML and referring to Safari Montage. They are willing to work on new LDAP product. The portal is also of interest.
i) IlliniCloud is interested in the proxy and LifeRay. It would be beneficial to have a more indepth conversation off-line
c) MCNC – Still working with Moodle rooms – there is a single IdP with multiple endpoints for each customers. Hoping they will consider a separate instance for the pilot because they exposes other organizations end points to their users. Working on getting meta data. George will reach out to Mark off line about what NJEDge is doing with Moodle rooms
3)Onboarding potential new pilots (George)
a) Interest from KINBER, MOREnet and WiscNet. There is a potential in Colorado
i) MOREnet has institutions that are interested. Chip will be filling out readiness assessment
ii) KINBER has filled out the readiness assessment and has scheduled a call.
iii) WiscNet is focusing on DNS MetaData Investigation at the moment so will revisit the Pilot when that is complete
iv) George will make another callout to the Quilt list.
4)Exploration of K12 Schema Issues / Use Case Development (MarkS)https://spaces.at.internet2.edu/display/macedir/Exploration+of+K-12+schema+issues
a) There haven’t been responses to the request coming out of the Hazelton presentation. In order to discuss and explore the needs and attribute requirements are so this agenda item could be brought to the Internet2 Directory working group that supports and maintains EduPerson, there needs to be use cases. Look at your own pilots and see what attributes that would be required to grant access (numeric identifier, specific entitlement, registered license)
b) Discovery use case is a real-world use case – is MCNC working with someone at Discovery to explore the scope of attributes?
i) MCNC lists the attributes are being provided. They have been working with a technical person and will send the contact information along
ii) IlliniCloud is also exploring working with Discovery
c) Nebraska has a few use cases
d) If a vendor is willing to do SAML as and identifier, then those would be ideal examples. The more attributes that are needed to be provided, the better from a K-12 perspective.
e) Where doesn’t the EduPerson address the ability to communicate what is needed to be communicated. Shore-term answer can be constructed in the abstract using entitlements to communicate anything to the service Provider. This Shifts responsibility and liability to a degree on how to communicate those agreements in advance and allow that to be abstract and reasonably mapped to the back-end for a K-12 environment. This has a lot to do with how a school district manages its cohort of constituents. The back end is even more abstract because each school district may have their own method or vocabulary to define these. The onus is facilitating some communication mechanism for establishing mapping and reasonable conduit hat can be expected for application service providers to be able to map this out in an abstract way with uniform mechanics.
i) Even the simplest tools must have rich level of detail. If the application you are trying access that has a lot of internal information about the user, it will require a file upload to populate the data. From a SAML perspective, you need to make sure when someone logs-in the attributes are sufficient enough to uniquely identify the individual and provide information the application need to run properly. First name last name, email, primary secondary student – this was addressed in the UK where students would be accessing vendor applications in most instances all they needed was an entitlement that said they were a licensed user.
ii) This is a real-world case faced with all K-12. PII data elements are being stored. There is a concept of being able to provide other identifiers. The ideal case is to look into the environment that doesn’t exploit the transportation of so much data but provides the mechanism to retrieve the data.
iii) It is important to provide a rich context around an individual. It cannot be burdensome to the K-12 staff. What is the future goals of a unique identifier. Being able to express this in a less PII orientated fashion is a goal
iv) The attributes provided – key point of the use case is that the service provider can consume the attributes. The other side is whoever is maintaining the data on the school side, the data must exist in that place.
5)Business Models Work Update
a) Progress is still being made. There was a TAC Interfederated group call about best practices and building IdPs by Tom Scavo. This was rich information and there should be a call after the Global Summit.
6)Sessions of special interest at 2014 Internet2 Global Summit:
a) Program session on "Federation and Cloud Services for the K12 Community"
Tuesday, April 8 at 1:15pm - 2:30pm
i) IlliniCloud and Nebraska will be on the panel.
b) BOF on "Quilt InCommon Pilots: Identity Federation for K12 and Community Colleges"
Thursday, April 10 at 7:30am-8:30am
7)Next call: Quilt All-Pilot Thurs. 10-Apr-2014 at 4PM ET
END OF CALL