The following are the NOTES from Tuesday, August 9th, leveraging the agenda framework.

Day 1: Tuesday, August 9

Time Slot

Description

8:30 - 8:45

Board shuttle at Sheraton

9:00 - 9:30

  • Intro
  • Roll-Call
  • Meet & Greet
    • Tom Barton - UChicago/I2
    • Eric Westfall - Indiana/Kuali
    • Benn Oshrin - Internet2/UC Berkeley/Jasig/etc
    • RL "Bob" Morgan - UW/Internet2
    • Chris Hyzer - Penn/Internet2
    • Renee Shuey - PSU
    • Scott Gibson - Maryland/Kuali
    • Norm Wright - USC/Kuali
    • Aaron Neal - Indiana/Kuali
    • Jacob Farmer - Indiana
    • Rob Carter - Duke
    • Keith Hazelton - UWisc/Internet2
    • Jimmy Vuccolo - PSU
    • Hampton Sublett - UC Davis
    • Tom Zeller - Unicon/Internert2
  • Discuss note taking procedures and how we will document our work!
    • Hampton will take high level notes and technical experts will augment as needed.
  • Review Agenda

9:30 - 11:30

  • Review of use case-derived requirements, groupings, and gaps from pre-workshop activities
    • Eric
      • Reconciliation of Duplicative Identities - There is a need for sophisticated matching tools that are able to continuously throughout a user's lifecycle be checking/reconciling as more information is gathered about the individual*** Need a manual reconciliation process for difficult edge cases
      • Need to be able to link identities when a user has two identities
      • Need to store historical information and transactions/changes
    • Renee
      • Walking through PSU Use Cases
        • IAM needs to maintain "relationship" between individuals (and proxies).  It's important to know whether an individual is an parent, guardian, or other of a student.
    • Rob
      • Rob lead the discussion that resulted in the documentation of the "chunks" listed below"
    • Keith
      •  Walked through the provisioning lifecycle, leveraging roles/privileges/affiliations
      • Discussed the notion of "Cross walks" (or mapping of credentials) that captures/stores the critical information that connects to individuals to multiple applications/services
    • Hampton (Requirements)
      • Hampton eferred to others for the sake of time (requirements provided are likely 99% if not 100% of what others have experienced if not documented)
  • Allot time for discussion/questions/musings by the group as we go
    • NOTES:
      • Group agreed that we're going to focus on the full IAM suite of services (Identity and Access Management, including everything associated with authentication and authorization)
      • Bob: Need to create a credible project plan to build such a suite (including approximated timeline)
      • Tom: Need to identify potential resources/practical outcome = what are we going to pitch 
      • Prioritization could likely be dependent on whether or not organizations will throw resources at it.
      • Chunks
        • Authentication (WebSSO, Kerberos, including Federation)
        • Registries
        • Person Profile Mgmt
        • Data Presentation (Directories)
        • Provisioning/Ops
        • Access Mgmt
        • Access Certification
          • Potential Gap/Opportunity to expand on a solution in the Open Source space
        • Policy Mgmt

11:30 - 12:00

Discussion, additional use case-derived requirements from other members of the group

  • See Notes in section above

12:00 - 1:00

Lunch

1:00 - 2:30

  • Discussion on "boxes" and "logical groupings" coming out of pre-workshop activity #2
    • Rob
    • Keith
      • 51 page requirements document for Group and Affiliation Management Service (GAMS) on Group, Role, Privilege Mgmt.
      • Access Mgmt system need to be able to generate a list of who has access to what
      • Users always want to know "why don't I have access to this," and the system should help the helpdesk answer that question
    • Jacob
    • Bob
  • Discuss what the baseline for addressing the Gaps should be (KIM?, KIM+shib+CAS+Grouper?, etc.)
    • Renee: There is no apples to apples comparison between vended solutions or in open source because they all have gaps.
    • Renee: Need a Service Catalog and a means by which people can request services...currently not provided
    • OpenRegistry appears to address many of the current gaps the group has identified this morning.  Rutgers is continuing forward with the project but the group didn't have an current update (designed to handle the complexities associated with enterprise populations associated with higher education)
    • CO-manage is a product from Internet2 currently focused on Virtual Organization (currently the largest population using it is 1000)
    • A lot of schools are doing their own thing (PSU, UCDavis, among others)
  • Brainstorm on desired target architecture based on the baseline and the boxes.
    • Need to package the various open source IAM suite so there is a single location for an interested school, seeking a solution, to go
    • The suite needs to be modular to fit in amongst Universities that already have a portion of the solutions and only need a specific module or two.
    • We need to not limit ourselves to solutions that are just built by higher education, but to good, sustainable, open source projects that have been built that can be used by Higher Ed.
    • SCOPE - IN vs. OUT
  • How to keep it loosely coupled and open, but pluggable with OSS reference implementations?

2:30 - 5:00

  • Brainstorming on first draft of plan to address pieces of the gap
  • Where do the priorities lie? What is most important?
  • Which are more feasible?
  • Brainstorm on a "roadmap to OS IDM" from where we are today with the decided upon baseline (or baselines)

5:15

Shuttle leaves for Sheraton

  • No labels