Types of environments (about a half dozen), e.g., AD-centric, Java
capable, CAS-centric, etc.
What environment is best for each alternative? What are the pluses
and minuses for each?
Evaluate deployment assessment criteria
Call Notes
Attendees
Mark Scheible, MCNC
David Walker, Internet2
Lucas Rockwell, Cirrus
Scott Koranda, Spherical Cow Group
Tom Scavo, Internet2
Steven Carmody, Brown University
Ben Poliakoff, Reed College
Ian Tegebo, Cirrus Identity
Janemarie Duh, Lafayette College
Review of completed strategy docs
ADFS - Scott Koranda - used as an IdP.
Requires use of third-party tools such as pysfemma, new vocabulary due to the differences in languages between the ADFS environment and that of the federation, and scripting skills such as PowerShell and Python. A point-to-point federation approach is a non-trivial process but on a high level, it can be done.
How could InCommon help make this easier? Suggestions include providing mentors, making information easily available, package the information to help smaller institutions.
Use case is SharePoint
Have separate section on governance in report?
Hub and Spoke (Trusted Third Party) - Mark Scheible - guidance for K-12.Talks to WAYF. Somebody needs to run the hub that has the IdP.
Tom Scavo: Hub and Spoke is a layman's term for an IdP proxy. That is not what this solution is, which is an IdP with multiple scopes in its metadata and a solution for educational/research systems and regional networks.
Include in section for future work of report K-12/community college systems - central coordination and control.
Environments - what implementation environment is best for each alternative? What are the pluses and minuses for each? Some comparative analysis and a written summary with detail. Make sure the comparisons agrees with what we should be doing. Lay out generalizations like Consumer Reports does. "If you don't have skill x, see strategy x." Focus on pros and cons of the environment.
Half a dozen types of environments:
AD-centric
Java capable
CAS-centric (and whether or not there is CAS expertise)
DIY environments vs. prefer to outsource
Outsourced does not care on what technologies the alternative is based.
Sub-issue: to whom will you outsource? What will you use for IdM? CAS, Kerberos.
Google-centric environment
Section in report for summarizing resources required: what is likely to be a showstopper at this point in time? They may not be such later. If a campus has the resources and expertise, we would not recommend anything other than a local IdP. If a solution sucks more resources or effort than a local IdP, it is not recommended.
How important are some of the criteria, e.g., ECP, and user consent? We might say to TAC that someone should investigate and think about doing these other things. InCommon should talk about what should be done in the next few years by them and by campuses. How does IdM as a Service fit in, and TIER and CIFER?
Should we have another grid for the alt strategies and the applicable environments?
The deployment columns for ADFS were filled in during the call. Janemarie will fill them in, as well as the example deployment column, for the rest of the strategies.