Note: Approved Charter is on the MACE-paccman website.

Charter:  MACE Privilege and Access Management Working Group (MACE-paccman)

MACE and the Internet2 Middleware Initiative focus on Identity and Access Management (IAM) infrastructure to support the needs of the global higher education and research communities and their partners.  This charter defines a working group devoted to the access management portion of the space.

As a topic access management includes a wide range of concepts, terminology, and services.  As a discipline access management is concerned with providing efficient and effective means for organizations and individuals to control access to computer-based resources to ensure that resources are used in ways that comply with policy or otherwise meet organizational and individual goals.  Common terms in access management include:  authorization, roles, privileges, permissions, policy, groups, and attributes.  Access management is generally dependent on core identity management (users, accounts, identity assurance, etc) and is closely related to other organizational and IT functions such as audit, risk assessment, application design, security, and physical access control.

Access management practice today is very diverse and less mature than other aspects of identity management.  Institutional infrastructure services, such as group and privilege management, even when they exist on a campus, are often not used by many applications.  Access management methods are rarely shared between institutions or across application areas.  Yet as more organizational and personal functions move online and the Internet environment grows more risky, the pressure to make access management more comprehensive, cost-effective, responsive, and policy-compliant increases.  Organizations of all kinds are launching access management initiatives and looking for common solutions, as shown by recent surveys.

The MACE-paccman Working Group provides a venue for tackling these issues.  Outcomes from the group may include:

  • Frameworks to help IT executives and architects understand the importance and utility of access management, its relationships to other IT services and structures, and roadmaps for successful deployments.
  • Documentation of common requirements, concepts, and terminology.
  • Documentation of capabilities and features of leading-edge products and implementations.
  • Documentation of "lessons learned" from access management software projects such as Internet2's Signet.
  • Proposals for new software development, new architectures, and new standards.
  • Smaller contributions such as recipes, techniques, tips, position papers, demos, proofs-of-concept, etc of practical value to the community.
  • Conferences, workshops, webinars, and other events to build community and promote understanding and engagement.

The Working Group is guided by these principles:

  • Its work is done in the context of the MACE/Internet2 Middleware/IAM program.  In particular coordination with the Grouper project is essential.
  • Outreach to and collaboration with important HE-oriented software projects and organizations such as Kuali, Sakai, JA-SIG, and the Open Grid Forum is important.
  • Attention is given to commercial product capabilities and deployments as well as open-/community-source.
  • Work represents the interests of the whole HE community, not just one segment (e.g. research institutions).
  • Substantial projects, such as new software development, are done as independent projects, not as part of this WG.
  • Consideration is given to business and policy issues as well as technical development.

The Working Group will operate under the terms of the Internet2 Intellectual Property Framework.

The Working Group will meet via conference calls, and will interact via mailing list and collaboration space, and any other vehicles deemed useful and open.

The Working Group will operate indefinitely.  Approximately yearly assessments will be done to determine whether changes in structure or scope are necessary, and to confirm the continued utility of the group.

  • No labels