name | institution | role | |
---|---|---|---|
Steve Thorpe | MCNC | sys prog analyst | thorpeatmcnc.org |
Tim Poe | MCNC | sr. collaborative technologist | tpoeatmcnc.org |
Paul Riddle | UMBC | sr middleware architect | paulratumbc.edu |
Michael Pelikan | PSU | information designer | mpp10atpsu.edu |
Bradley Schwoerer | UW-Madison | middleware technologist | schwoerbatdoit.wisc.edu |
Mark Scheible | NC State | iam architect | mark_scheibleatncsu.edu |
Eric Buchholt | LA Tech | iam architect | eric.buchholtatoit.sola.edu |
Doug Atwater | VA Tech | identity management | Dough.Atwateratvt.edu |
Jason Zylks | TAMU | infrastructure services | jzylksattamu.edu |
Karsten Huneycutt | UNC-Chapel Hill | idm developer | kphatunc.edu |
Leo Howell | NCSU | it audit manager | leo_howellatncsu.edu |
Steven Hopper | UNC-GA | it director | hoppersatnorthcarolina.edu |
Liz Wendland | Duke | developer | lizatduke.edu |
Dustin Slater | U Texas-Austin | idm team member | dslaterataustin.utextas.edu |
Rob Carter | Duke | idm architect | robatduke.edu |
Mark McCahill | Duke | collaborative system architect | mccahillatduke.edu |
meeting notes:
UW Madison - Federation used is to avoid credentialing everyone
why do we credential people?
...
other reasons to credential:
- to establish affiliations
- to contextualize the affiliation - and an individual may have multiple affiliations/roles
examples: professor, councilor in a summer camp, collaborator in an cross institutional research project
how does level of assurance intersect with contextualized affiliation and roles?
- should level of assurance time out?
Penn state is building a collection of registries on a fairly granular level
How do you handle multiple affiliations?
- emeritus faculty or less loosely affiliated than prospective students
- systems of record may not have places to hold loosely affiliated people
- how do you differentiate people with almost identical data (and not much of it)?
Dustin (UT Austin)
- anyone can get a credential
- never de-active netIDs
- future, current, former affiliation slots are use to manage multiple affiliations
...
what sort of identity proofing do we do for loose affiliation?
- use case: parents using student portal system
- parent is a "person of interest" in Peoplesoft with a birthdate
- claim a student by naming student and student's birthday
UT remote identity proofing
- notarized signature and photo sent it or copy of passport sent in
should community document the identity vs. authorization issue?
trust issue in federations
- what does "member" mean to an institution?
- can level of assurance be tied to attributes?
some sites are using protect network identities
- concerns about connecting these IDs to institutional IDs