Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

 

Subject:Re: [TAC-InC] Trust and Identity document stewardship
Date:Wed, 12 Oct 2016 12:42:25 -0600
From:Steve Olshansky <olshansky@isoc.org>
To:tac@incommon.org
CC:Ann West <awest@internet2.edu>, Tom Barton <tbarton@uchicago.edu>, DWI2 <dwalker@internet2.edu>, Emily Eisbruch <emily@internet2.edu>, kjk@internet2.edu

(snipping the cc list)
Granted I am not as plugged in to I2 as I used to be, but for many many years we assiduously avoided calling anything I2 produced a “standard.”
Best and recommended practices, and white papers, absolutely. But never standards.
As you know, that is a very specific term, and implies a great deal of process and structure that I am not aware of I2 having. Or has that changed?
Or are you referring standards produced by I2-related folks working with SDOs, as members of WGs and TCs etc.? If so, I think extra clarity in how it is described to the community would be helpful.
Steve
--
Steve Olshansky
Trust & Identity Program Lead
Internet Society

Further Comments

Subject:Re: [TAC-InC] Trust and Identity document stewardship
Date:Wed, 12 Oct 2016 13:16:53 -0700
From:David Walker <dwalker@internet2.edu>
Reply-To:tac@incommon.org
To:Steve Olshansky <olshansky@isoc.org>, tac@incommon.org
CC:Ann West <awest@internet2.edu>, Tom Barton <tbarton@uchicago.edu>, Emily Eisbruch <emily@internet2.edu>, kjk@internet2.edu

Thanks, Steve.  This is, of course, a move toward more structured process, but I think the main issue here is potential standards' scope.  While T&I would not establish SAML standards, it very well could establish standards for R&S certifications within the scope of InCommon (as it did originally), or propose an R&S standard to REFEDS with an international scope (which it did later).  Either of the latter require knowing when something is officially Trust and Identity, as opposed to one or more people who have a relationship with Trust and Identity.  That's what the process is about.

 

Subject:Re: [TAC-InC] Trust and Identity document stewardship
Date:Wed, 12 Oct 2016 15:26:34 -0500
From:Tom Barton <tbarton@uchicago.edu>
To:Steve Olshansky <olshansky@isoc.org>, tac@incommon.org
CC:Ann West <awest@internet2.edu>, DWI2 <dwalker@internet2.edu>, Emily Eisbruch <emily@internet2.edu>, kjk@internet2.edu

Hi Steve,

As the author of those words -- my bad! You're right of course, that use of the term was loose. Internet2 would not be the last stop for some things becoming standards in the sense you mean, though it is sometimes the first stop, eg, the SAML Interoperability Profile. And other things become "community standards", having similar effect but in a more constrained scope. Eg, eduperson, Bronze, MFA Profile, and Baseline Expectations, to sample a range.

In any case, your question helps to underscore the value of having something like the Document Stewardship stuff in place. We want items like those above to have maximum impact, so we should make it easier to for them to have a more uniformly good quality and be referenceable in a "standard" and persistent way. If someone has an idea about those docs or the approach they embody might help us all produce a better outcome, now's the time to post it on the community review page!

Thanks,
TomB

Subject:Re: [TAC-InC] Trust and Identity document stewardship
Date:Wed, 12 Oct 2016 15:57:02 -0600
From:Steve Olshansky <olshansky@isoc.org>
To:David Walker <dwalker@internet2.edu>
CC:tac@incommon.org, Ann West <awest@internet2.edu>, Tom Barton <tbarton@uchicago.edu>, Emily Eisbruch <emily@internet2.edu>, kjk@internet2.edu
Good to know. Thanks David. If you think this is useful as public feedback feel free to post it and attribute it to me.
FWIW, I/we had many long conversations about certification over the years, including and especially with RLBob. The gist of it was that there be dragons there and thus any move down that road ought to be with caution and with eyes wide open, and also this was before the esteemed Mr. Morabito joined who would of course be part of any conversations about this. Among other things, IANAL but there could potentially be not-insignificant liability issues with “vouching” for something or someone or some org, along the lines of “we did this based on Internet2/InCommon having checked it out and given it their stamp of approval, and something went wrong and we got burned. Let’s sue them all the let the courts sort it out…” Also certification carries the weight of maintenance and re-certification.
My $.02 FWIW.
HTH
Steve 

 

Subject:Re: [TAC-InC] Trust and Identity document stewardship
Date:Wed, 12 Oct 2016 16:02:10 -0600
From:Steve Olshansky <olshansky@isoc.org>
To:Tom Barton <tbarton@uchicago.edu>
CC:tac@incommon.org, Ann West <awest@internet2.edu>, DWI2 <dwalker@internet2.edu>, Emily Eisbruch <emily@internet2.edu>, kjk@internet2.edu
Hi Tom-
Good points all. I don’t disagree at all as to the value of what is happening.
Having up-close-and-personal experience now with 2.5 SDOs (IETF, OASIS, and if you squint hard enough - Kantara sorta kinda maybe moving in that general direction) I am sensitive to the use of the word “standard.”
Having a stable reference platform and process for this stuff is great. I am delighted to see it happening.
Steve 

 

Subject:Re: [TAC-InC] Trust and Identity document stewardship
Date:Wed, 12 Oct 2016 18:05:37 -0400
From:Michael Gettes <mrg30@psu.edu>
To:tac@incommon.org
CC:Tom Barton <tbarton@uchicago.edu>, DWI2 <dwalker@internet2.edu>, Ann West <awest@internet2.edu>, Emily Eisbruch <emily@internet2.edu>, kjk@internet2.edu

Getting this right from the outset is important.  I fully support SteveO's concerns and Tom's clarification.

/mrg

 

Subject:Re: [TAC-InC] Trust and Identity document stewardship
Date:Wed, 12 Oct 2016 16:07:13 -0600
From:Nick Roy <nroy@internet2.edu>
Reply-To:tac@incommon.org
To:tac@incommon.org

From an InCommon perspective, 10 years has taught us that interoperability is an enormous problem, and requiring behavior is probably the last unused trick in the book.  In order to require behavior, we need both standards and certification.  Hopefully those requirements don't get us in hot water.  I'm hoping they will get us out of the situation we are in, <hyperbole> which is that InCommon has become a change management mechanism for bilateral federation between campuses and their ERPs.  </hyperbole>

Nick