InCommon Library Services

[Dean Woodbeck <>]

Draft Minutes
InC-Library Collaboration, Phase 2
June 12, 2009

**Attending**

Steve Carmody, Brown University (chair)
Lynn Garrison, Penn State University
Thomas Howell, Northwestern University
Andy Ingham, University of North Carolina
Dave Kennedy, Duke University
John Kiser, University of Pennsylvania
Kent Percival, University of Guelph
Mark Scheible, North Carolina State University
Heather Townes White, University of Saskatchewan
Foster Zhang, Johns Hopkins University
Dean Woodbeck, Internet2 (scribe)

***************
Vendor Subgroup Report

The vendor subgroup is collecting information from vendors to create a 
registry and get a sense of how they provide seamless solutions, as well as 
to look at the commonalities and differences of their solutions. The goal is 
to come up with recommended practices. The subgroup plans to invite some 
vendors to the weekly discussions to get their perspective on what it takes 
to implement seamless access. The subgroup is initially targeting vendors 
that are already InCommon members and/or are Shib-enabled. 

***************
Use Case Subgroup Report

The use case subgroup has organized the use cases provided by InC-Library 
participants, focusing on those that are vendor-specific. The group initially 
sorted the use cases by vendor and developed a lit of detailed categories. 
Since then, however, it was decided to develop more general categories for 
the use cases. 

Part of this strategy is the recognition that some institutions will be more 
advanced in their uses, having already implemented EZProxy and using multiple 
applications; while others will be looking for how-to, basic uses cases. 
There will be three categories: basic use cases, vendor-specific use cases, 
and site-specific use cases. The subgroup will also develop a template to 
provide more consistency in describing use cases. 

The subgroup has discussed other specific situations (library walk-ins, for 
example), and the idea that moving beyond location-based authentication is 
critical with the growth in wireless and remote access demands.

Next steps are to reorganize the wiki into the new use case categories and 
create the use case template.

***************
Feedback on Subgroup Approach

The general feeling is the subgroup approach is working well, allowing 
concrete work and results. As a result, the next four weeks will again be 
devoted to subgroup calls (although one of those dates falls on July 3, when 
the subgroups will likely not meet). The large group will reconvene again on 
July 17.

There was also interest expressed in developing a body of instructions on 
doing the basics in the library space. The information probably exists, but 
is scattered and not well organized. 

***************
Google Wave/OpenID

There was a discussion about the new Google Wave, billed as a new open-source 
communication and collaboration tool that seems to adhere to the OpenID 
standard. Should we be looking at this as a specialized use case?

Steve Carmody said that there are documents about Google Wave in circulation 
and some people involved with the Internet2 Middleware Initiative are keeping 
up on the process and progress. There is, for example, a significant mention 
about support for federated access, but I2 is trying to discover what that 
really means. There are active conversations underway with people at Google 
and we hope to have a better sense of the various protocols and framework in 
next month or so. 

Kent mentioned he has had discussions with people at Canadian libraries who 
are  interested in using OpenID as an alternative authentication process. 
Understanding where OpenID fits with the Shib environment would be a useful 
discussion in the library community. If, for example, walk-in patrons have an 
OpenID, should they be able to access resources? That goes to supporting 
OpenID in the Shib environment, as well.

Steve said the Shibboleth project has hired someone to add openID support to 
the Shib code base. He said that discussions with the U.S. government has 
shifted to talking about certified vs. non-certified identities. There is 
less concern about the protocol used to assert an identity; more important is 
the level of assurance that can be associated with an identity. By January 
2010, we expect a version of Shib will allow an IdP to use openID protocols 
to assert a certified identity. There are also explorations of sites 
configuring their Shib IdP to allow a user to authenticate with an openID 
value that is linked to an existing identity within the IdP. 

Kent said that this ties back to the use cases concerning walk-in traffic. We 
might encourage people outside of the university community to get an openID 
to access campus resources that might be available. This raises a question 
about what an SP might accept, in terms of assurances attached to those IDs. 

This might be a good use case for the subgroup to add, waiting, however, 
until they have addressed the uses cases identified thus far.

***************
Next Meetings – The subgroups will meet June 19, June 26, July 3(?) and July 
10. The full InC-Library group will meet July 17.