How do they relate to the outsourced Cirrus Bridge?
Do we keep both, one, or none?
IdP strategy docs
Review and discuss existing proposals.
Is there other info to collect?
Are we satisfied with the list of alternatives?
Timeline
Present and get feedback on timeline for report drafts.
Tech Exchange
ACAMP discussion topic
Face-to-face meeting after end of Tuesday's ACAMP
Call Notes
Attendees
Mark Scheible, MCNC
Mark Beadles, OARnet
Brandon Saunders, IdM Integration
Dave Alexander, IdM Integration
Shaun Abshire, WiscNet
Chris Liechty, WiscNet
Ben Poliakoff, Reed College
Steven Carmody, Brown University
Dedra Chamberlin, Cirrus Identity
David Walker, Internet2
Janemarie Duh, Lafayette College
CAS
CAS local - native interfacing using CAS protocol; IdP talks to federation via CAS protocol or SAML
Mark Beadles will work on local CAS solution with Brandon backing
CAS gateway - using SAML - difficult but Brandon will look at it
Dedra - Cirrus has an IdP in the Cloud using local CAS authN and native CAS attribute release
Is there overlap with the Cirrus Bridge solution? Yes, but we are OK with some overlap.
Our charter
Mark Scheible raised the point that our charter says that one of our goals is to "Increase the number of participating campuses that operate an IdP service." We decided that our interpretation of that goal, however, is to "Increase the number of participating campuses that have a registered IdP," allowing for outsourced IdPs.
Review of completed strategy docs
SimpleSAMLPHP - Ben - has feature parity with local Shibboleth IdP
Flexible - used by Cirrus Gateway and Hub & Spoke
Outsourced Shibboleth IdP - Mark Beadles - Fischer Identity has this solution. Gateway between the local IdMS and IdP.
Question from Steven: how do the requirements of the local campus change? OARnet has schools doing this. Can we add these use cases to the report?
Appendix listing implementation case study(ies). Mark Beadles will check on use cases
Outsourced Vendor IdP - Cirrus Bridge - Dedra: for campuses that don't want to stand up an IdP or use SimpleSAMLPHP but want to keep credentials local.
One-time integration discussion on attribute release.
Waiting on permission for use case
Upkeep and feeding - add. e.g., modifications that may be needed for certain cases
Steven: support for attribute release? Call out differences in value of this approach depending on which SP. List options. Crazy custom work but theses business apps aren't where campuses would start. Incorporate use case. Therefore, they would be releasing a very small bundle. Steven: "do what is right."
The above point references the maturity of a campus as it moves through the federation. Roadmap or guide of how a campus might progress can be added to the report.
Hub & Spoke - Mark Scheible - used to deploy a federation but here it is used as an IdP strategy
Timeline
For next call, 10/1, finish up with strategy docs. Brainstorm conclusions and recommendations
First draft of report scheduled for 10/15 call
The meeting after that will be held during Identity Week with a second draft due then
One or two calls during November followed by final report