You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »

Social Identities in R & E


DATE and TIME: Friday 27 May, 2011, 9:00 - 10:00 am

CONVENER: Steven Carmody, Michael Gettes

SCRIBE: Keith Hazelton

# of ATTENDEES: 26

MAIN ISSUES DISCUSSED

Steven Carmody demo of Penn State Social Identity Support

Chris Hubing has developed a means to use ones Google account (and other social identity providers) to authenticate to selected PSU web resources. Steve offers a demonstration with commentary. The term we are using for this type of service

Michael Gettes demo of CMU "Tartan ConnectID"

When Tartan ConnectID goes production in early June, CMU students will be able to grant their parent (or guardian) access to their CMU invoices. The parents will be able to authenticate to this CMU service using their (existing) social identity provider of choice. The IdP that  handles Tartan ConnectID is a registered InCommon IdP.  Michael offers a demonstration with commentary.

JensH: Have you thought about transitioning social identities to full standard campus identities?  When you switch from using social account to a properly vetted institutional identity what do you carry along

KeithH: The Bamboo account linking scenarios

MRG: This makes me very nervous...

MichaelP: Let's say they migrate from a google account to an institutional one, is their google account info switched off?

Michael Gettes: No.

JimB: Social identity to SAML.  Do we think a SAML to social gateway would be useful?

MichaelGettes: Aaaagghhh

GergHavercamp: Right now our users do anything they want.  My position at LBL as IdM guy is "Go ahead, it's probably better than setting up your own username/password service. We do lots with Google, so we're comfortable with social identities, but we are pushing OAuth for not only authorization but also authentication.

RolandH: Is the Shibboleth Protocol documented anywhere?  Really it's a profile of SAML. Across the pond we call these things SAML2 services, here you seem to talk "Shibboleth"

JensH: I've been trying to train my developers to say "SAML implementation", not "Shibboleth implementation".

Michael Gettes: When I talk to vendors I start with "Shibboleth" because many of their "SAML" implementations are incomplete and/or incorrect.

SUMMARY FROM REPORT OUT TO THE LARGER GROUP : Informed user consent about attribute release, i.e. what exactly is the user agreeing to when checking [OK] when logging in from their Google etc. account is something that needs more work...

Naming: OpenID or OAuth is not something that most users will associate with their accounts...

There are a variety of implementations in the wild, and sharing experiences will be useful...

ACTIVITIES GOING FORWARD / NEXT STEPS

Steve Olshansky Migrate SocialIdent wiki space to get out from under the "OpenID" label.

REQUESTS

Add to Social Ident wiki: tech matrix? standards matrix? links? Genrain.com for R&E? "Interviews w Roland"?

 
RESOURCES

Social and Organizational Identities Discussion Space (Internet2 wiki)
 
-
-
-
If slides are used in the session, please ask presenters to convert their slides to PDF and email them to SteveO@internet2.edu
 
Thank you! |

  • No labels