Skip to Content.
Sympa Menu

assurance - RE: [Assurance] Assurance InterOp: Update and Next Steps

Subject: Assurance

List archive

RE: [Assurance] Assurance InterOp: Update and Next Steps


Chronological Thread 
  • From: "Roy, Nicholas S" <>
  • To: "" <>
  • Subject: RE: [Assurance] Assurance InterOp: Update and Next Steps
  • Date: Tue, 11 Oct 2011 14:34:52 +0000
  • Accept-language: en-US

I just thought of a different use case. I'm not certain that I know where it
would be used, but it seems plausible. It's kind of similar to the "prefers
Silver" case, but I could see there being a need for differentiation.

The use case is: Elevation of LoA. What if a service allows everyone to log
in at the baseline level of assurance (0/Aluminum?) and then someone needs to
do something that requires elevated privileges and elevated LoA. For
instance, you allow a researcher to log in to most stuff using InCommon
"Aluminum", but then they have a need to make changes to some Grouper groups.
This might only be a problem if the collaborative org handles authZ for
several apps inside a container that uses a federation gateway protected by
an SP.

Nick

-----Original Message-----
From:


[mailto:]
On Behalf Of Ann West
Sent: Monday, October 10, 2011 9:21 AM
To:

Subject: [Assurance] Assurance InterOp: Update and Next Steps

Good morning everyone,

This note is a follow up on the interop testing effort we started in mid
September.

As a reminder, we (thanks to Virginia Tech and the CILogon folks) have tested
and documented use case 0
(https://spaces.internet2.edu/display/InCAssurance/SP+Assurance+Policy+Use+Cases).
During the Internet2 Member Meeting last week, Terry Fleury from CILogon
also tested having the SP pull the entityid qualifier out of test metatdata
to verify entityid certification. All good things!

Next Steps
In lieu of having a call this week (which was the original plan), we talked
in the InCommon Technical Advisory Committee meeting last week about the
following next steps:

- Ann will work with the SPs intending to offer Silver services in 2012 to
determine their initial functional use cases. (See documented examples at the
above URL.) As a reminder, the identified services are: NIH ERA (grant
submission), CILogon (Open Science Grid access), selected LIGO services (such
as updating access groupers in their Grouper instance), and National Student
Clearinghouse/Meteor access (financial aid).

- Next, the TAC will review the SP's use cases to determine what's needed for
the technical support.

- After that, we'll loop 'round with the community for further testing.

So far, the use case we've already tested (UC0) will work for the SPs I've
contacted, but stay tuned for additional flows and testing updates.

Many thanks for your help. If you have suggestions, alternatives, ideas, etc.
please don't hesitate to let me know.

Best,
Ann

--
Ann West
Assistant Director,
Assurance and Community
Internet2/InCommon/Michigan Tech


office: +1.906.487.1726




Archive powered by MHonArc 2.6.16.

Top of Page