Arlene Allen, UCSB |
Karl Heins, UCSB |
Brian Roode, UCI |
David reports that the wireless subgroup posted its recommendation for feedback. The group started with a design to integrate the campus wireless portals with Shibboleth. There are several issues with the approach. Specifically, authenticating through Shibboleth requires a user to have access to the Internet. In order to make this happen, each captive portal would need to know the IP addresses of all possible IDP's and allow users through prior to authenticating.
The group eventually settled on a recommendation to join eduRoam-US. Members on the call raised several concerns:
John Ober reports that the Task Force has submitted its report to the campus libraries. It appears that the libraries will accept and endorse all the recommendations in the report. John expects that decision to arrive on 9/16 and will distribute the final report to UC Trust members as soon as it becomes official.
A likely next step will be to conduct a proof of concept deployement with HathiTrust. UCLA and UCSD already support the attributes required for the POC, and the respective libraries will likely soon contact the campus IDM offices.
Beyond, the Task Force recommends approaching content vendors and e-journal vendors. Many are already Shibboleth-enabled due to mandates from UK federation.
There was a brief discussion regarding challenges working with Innovative Interfaces, who has been reluctant to integrate its solutions with Shibboleth. More to come on this.
Representatives from several campuses met with eAcademy via a conference call in early August. The eAcademy call was to discuss possible methods for the campus to transmit a user's MCCA Work at Home eligibility to eAcademy. eAcademy is generally willing to accomodate a variety of interfaces. The suggested mechanisms were documented here.
Albert's observation is that overall, transmitting entitlement data is a preferred mechanism over a separate feed. However, there are concerns regarding the campus' ability to calculate eligibility based on available data. The general consensus seems to be that the responsibility of determining eligibility should not lie with the IDM offices. The question is, who is responsible on each campus?
Another question is whether this needs to be a UC Trust implementation, or whether it can be left to campuses to tackle individually with eAcademy.
Regardless, the general issue of asserting service eligibility is coming up in a variety of projects. The group will tackle this topic in greater detail during the upcoming face-to-face meeting.
UPDATE: follow up email notes from Arlene:
"On the eacademy topic, my preference would be to have IdP's stay out of the mechanism used to register and track entitlements. It seems like our role would be to have a standardized methodology / nomenclature for reporting the status of someone's entitlement, whether it be edupersonentitlement or other. Our Software Central / Depot / what-have-you's are already in this business in varying degrees. I would not want them to see it as IAM usurping some of their functionality. I'm taking it as a given that the business case has already been made for why one would want more automation of these types of entitlement."
The group agreed tentatively to schedule a face-to-face meeting at Berkeley in early December.
The group was running out of time on the call. David gave a quick update: The User Provisioning Project's report will be presented to ITLC at its September meeting. David asks everyone to read the ?User Provisioning documents (skip down to the Documents section), touch base with his/her CIO and ITAG representatives, and provide any feedback via the UC Trust mailing list.
Discussion topic for the October call: InCommon Silver certification and the UC User Provisioning Project.