Versions Compared

Old Version 25

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

Scribing Template --Thursday, Oct 4, 2012 at 3:30pm Salon 3

TOPIC: Identities in the Cloud: Integrating IAM and Cloud Services

CONVENER: Rob Carter

SCRIBE: Keith Hazelton

# of ATTENDEES: 23

MAIN ISSUES DISCUSSED 

  • Rob Carter at Duke has two looming use cases: Office 365; Cisco WebEx Social and how they integrate with campus IAM
  • Each one says: Set up a special purpose AD that you populate from your "Campus AD" and our cloud IAM integrates via a replication agent
  • Nate: MS didn't invent this model; big part is that there is no widely successful provisioning standard
  • Live@edu has another implementation directly authenticating your users
  • ChrisP: SCIM in the IETF, deals with people and groups; has a schema; publishes out to the cloud
  • KeithH: MS & Cisco maybe thought "AD-based solution would be somethings campuses could implement"
  • maybe we could put a better offer on the table (SCIM) for the next round of Net+ vendors
  • What about cloud vendors that are not in InCommon?
  • Rich Stevens: Guidance for counsel looking over these Net+ contracts
  • Q: Does your institution have a set of requirements to put into these contracts? A: Few to none. See EDUCAUSE/ECAR guidance.
  • Campus GAE contracts: 9 Core services that the contract applied to, but the users show up in the other uncontracted services
  • would have been good to negotiate over analytics
  • SURFnet has a contact w Google for all of HE in Netherlands; Use that as the blanket agreement
  • Net+ works this way: Service vendor signs contract with I2; I2 has contract with campuses
  • It will be easier to approach vendors when there are successes to point to. R&S bundles might be a showcase item
  • Could document our best practice recommendations via an IETF BCP RFC

-
ACTIVITIES GOING FORWARD / NEXT STEPS

  • Document issues that are unique to the cloud
  • Put a consolidated HE requirements/integration model on the table for the next rounds of Net+ vendors
    • NateK's Net+ Guidance Doc for vendors would get more traction if it came from potential customer campuses
    • It doesn't HAVE to be a Net+ doc; If HE developed a consensus doc, it could be brought back into Net+
    • Or get HE institutions to sign on to the Net+ Document
    • Initiate a series of conference calls and mailing list
  • Develop guidance for counsel looking over Net+ contracts (learn from existing contracts)
  • Document our best practice recommendations via an IETF BCP RFC
    Info
    iconfalse
    titleDiscussion-starter email

     
    Good afternoon CAMPers,
     
    The session on IdM integration with cloud services spent some time discussing the NET+ Identity Guidance for Services.
     
    The consensus seemed to be that, with some generalization work and maybe publication in a standards organization, it would be the basis for more consistent integration practices across cloud vendors.
     
    https://spaces.at.internet2.edu/display/NetPlusIDG/NET+Plus+Identity+Guidance+for+Services
     
    We'd like to discuss options for broader review leading to that generalization and publication with the rest of the ACAMP attendees.
     
    Thanks,
    Nate.

If slides are used in the session, please ask presenters to convert their slides to PDF and email them to acamp-info@incommon.org

Thank you!