DRAFT - Meeting Notes - 2010-09-16 Conference call - DRAFT
Attendees
Arlene Allen, UCSB |
Karl Heins, UCSB |
Brian Roode, UCI |
Notes
Federated Wireless Access Update
David reports that the wireless subgroup posted its recommendation for feedback. The group started with a design to integrate the campus wireless portals with Shibboleth. There are several issues with the approach. Specifically, authenticating through Shibboleth requires a user to have access to the Internet. In order to make this happen, each captive portal would need to know the IP addresses of all possible IDP's and allow users through prior to authenticating.
The group eventually settled on a recommendation to join eduRoam-US. Members on the call raised several concerns:
- eduRoam implements 802.11x. Not all UC campuses are ready to support 802.11x on their wireless networks. Only UCLA, UCD, and UCSD have committed to deploy 802.11x support.Some do not foresee 802.11x support on their campuses even in the long run.
- Members of the call discussed eduRoam's relationship to InCommon. Today, eduRoam is a relatively loosely organized. It is more a technical implementation than a governing body. In particular, eduRoam has a more mature adoption in Europe than the US. There are talks of eduRoam becoming more integrated with InCommon. Nothing concrete there yet.
- A question came up regarding how the sub group reached the decision to recommend joining eduRoam-US. Although the history is documented in the Wireless group's meeting notes, Some felt the report should expand on the decision making process. David and Dedra will take the feedback to the wireless subgroup to refine the report.
UC Library Shibboleth Task Force Update
John Ober reports that the Task Force has submitted its report to the campus libraries. It appears that the libraries will accept and endorse all the recommendations in the report. John expects that decision to arrive on 9/16 and will distribute the final report to UC Trust members as soon as it becomes official.
A likely next step for the project will be to
eAcademy update
Microsoft responded to UCLA's inquiry. It wants the campuses to assert who is eligible (instead of eAcadamy's suggestion that the individual can self certify license entitlement).
This means campuses will need to track and assert an individual's eligibility to participate in the Work At Home license. The assertion will likely be made through IDP Attribute Responses(perhaps a value in eduPersonEntitlement).
Albert will schedule a follow up call between eAcademy and interested UC campuses representatives in the next 2 weeks.
ITAG's User Provisioning/Middleware Project
The project is looking to create a definition/description for a bus-orientated service to enable cross-campus user provisioning. Existing use cases include user provisioning needs in LMS, Connexxus, (and UC Ready?)
A working group, consist of 5 people from ITAG already exists. David is looking for additional UC Trust volunteers. Interested party please contact David.
Agenda Items
InCommon Silver Update
- News from InCommon TAC - InCommon is working with federal agencies to review
whethere InCommon Silver can be considered equivlaent to NIST LOA2 - Several campuses have reviewed the requirements, some are concerned about the ability to meet the requirements:
- UCLA will need to make substantial procedural and technical changes to its credentialing process - it's already planned and will be underway in 2010.
- Berkeley (and several other campuses) continued to be concerned with the clause requiring the IDM system to store SB1386 sensitive ID numbers. It isn't clear as to whether the ID numbers need
to be stored. If so, does it have to be stored electronically? Will paper records count? What is the retention requirement?
- David will follow up with InCommon TAC to reiterate UC's concern regarding the collection/storage of ID numbers.
Library's Use for Shibboleth
- The library side is working to contact each campus's IDP to respond to the questionnaire.
- UC Trust WG will put up a page on wiki to collect responses from campus IDP reps.
- The Library side is forming a technical group.
Discussion of SAML2 usage (not Shib)
Several campuses are running (or will soon be running) IDP 2.
A few campuses supports/will support SAML 2 through IDP 2.
Reminder: Internet2's Shibboleth 1.3 support ends on June 30, 2010.
There are some well known SAML 2 SP's (Google), though it's not yet widely requested.
InCommon's WAFY does not yet fully work with SAML2. Is this a priority to pursue
with InCommon
- Do we want a UCTrust specific discovery service?
Face-to-face meeting
The chairs will schedule a face-to-face meeting in September. Please send agenda suggestions to Dedra and/or David. Current agenda ideas include:
- Provisioning
- InCommon Silver
We may possibly combine the meeting with a face-to-face Sun IDM SIG meeting.
The group had agreed to move to a bi-monthly call schedule, but decided to continue the call monthly until the September face-to-face meeting. The group will determine future meeting schedules at the face-to-face meeting.