InCommon Federation Discussions About Online Student Services

[Dean Woodbeck <>]

InC-Student: Notes from 7/24/2009

-------------------
Attending

Andrea Beesing, Cornell University
John Borne, Louisiana State University
Nancy Krogh, University of Idaho
Scotty Logan, Stanford University
Angela Mennitto, Cornell University
RL Bob Morgan, University of Washington
Ken Servis, University of Southern California
Karen Schultz, Penn State University
Ann West, Internet/EDUCAUSE
Dean Woodbeck, Internet2 (scribe)

-------------------
Action Items

Ken Servis will talk with Brendan Bellina about doing a presentation at the 
AACRAO conference next April. 

Ann will seek permission to forward an NSC document concerning staff access 
to the service (and, in fact, she send the document after the phone call). 

Ann will talk with Adriene Franklin from the NSC about joining these phone 
calls.

-------------------
National Student Clearinghouse Pilot

Scotty Logan from Stanford reported that federated access is in production 
with the National Student Clearinghouse and Stanford is releasing two 
attributes to theNSC. Details on the setup are on the wiki: 
https://spaces.internet2.edu/display/InCCollaborate/Stanford+Pilot+Setup

With the new authentication method, staff are no longer able to masquerade as 
students to access the NSC site. Stanford’s student administration system 
allowed authorized staff to do so in the past. Stanford has identified three 
possible solutions, which are detailed on the wiki page. The cleanest would 
be to have NSC accept one or more eduPersonEntitlement values. The downside 
would be that the IdP would not know which Stanford staff accessed which 
student record, unless NSC could provide some sort of log interface.

This is not a show-stopper, but Stanford staff would like such access as they 
try to help students with problems. Ideally, Stanford would like to tie staff 
access into a group management system. There are likely other campuses that 
would run into the same situation.

Stanford students have seen a small difference in how they access information 
at the NSC; mainly, they encounter a confirmation page the first time they 
access the NSC (that is, the first time each day). Scotty said that will be 
turned off in August. There were also some issues early on with NSC getting 
students to the right page, but that was worked out.

Ken Servis reported that USC will switch to Shibboleth authorization with NSC 
next week. His impression is that, once the technical people have the 
requirements from NSC, the implementation is pretty straightforward. Bob 
Morgan agreed, saying that UW has also started working on this process.

Ann West has been talking with Adriene Franklin at NSC, who has worked with 
both USC and the University of Washington, about joining the InC-Student 
calls. Once USC and UW are up and running, NSC plans to announce their 
federated approach through InCommon. 

-------------------
Staff Access – NSC

Ann said that NSC would like to start working with this group on issues 
related to staff access. NSC has defined a set of rules. Ann will ask if she 
can forward the NSC document (and, in fact, did so after the phone call). The 
next goal is to have Adriene join these calls and present what needs to be 
done and how NSC would prefer it be done. We may spin-off a short-term 
technical call to work on some of these issues.

-------------------
Conferences

Ann provided a brief overview of the recently complete AACRAO Tech 
conference, which included an IdM track of five or six sessions. There was 
also a pre-conference seminar that attracted 20 people.

The track sessions covered such topics as the student life cycle, Indiana’s 
new system of knowledge-based questions for transcript ordering, a federated 
ID session with the NSC, and a plenary on security, identity and privacy. 
Overall, attendance at the IdM sessions were good, although IdM was not 
presented as a track in the program (which would be nice to do in the future).

During the conference, questions from Washington & Lee brought up the issue 
of helping smaller schools get up and running with Shibboleth. Bob mentioned 
that this topic receives a lot of discussion among the Shib development team. 
One concrete result is a package designed to work with Active Directory, 
which is what many smaller schools use. The installation has been 
streamlined, reducing the number of options and allowing for a quicker 
process. This was developed in the U.K. Beyond that, a lot of support for 
smaller places has happened recently via state systems or regional activities 
doing training and support (like Shib InstallFests). 

There was a discussion about possible presentations for next year’s AACRAO 
conference, as the program is currently being developed. In the past, there 
have been workshops, sessions, and roundtables for IdM topics. Ann suggested 
that, if we take the point of view of IdM as part of the registrar’s toolkit, 
it may be helpful to have a presentation oriented around case studies. Having 
a registrar and IT person from the same school would also make for a good 
presentation. Likely schools (since they have governance in place) are 
Wisconsin, USC and Cornell. Ken Servis said he would talk with Brendan 
Bellina about a USC presentation. 

Other ideas include a session on the NSC pilot, along with a teaser about the 
benefits of federating.  A way to focus the presentation topics is to think 
about what a registrar, particularly someone just starting out, needs to know 
about identity. Such sessions might include defining the issues, as well as 
roles and processes. 

-------------------
InCommon Silver

We have had discussions, off and on, about the coming Silver identity 
assurance profile. Ann sent information about the profile to Leroy, as a way 
to get feedback from a process point of view, and to take advantage of his 
knowledge of FERPA. This discussion started at CAMP and will be extremely 
valuable in making sure that Silver is aligned with FERPA. This will also 
need to dovetail with recent discussions with the federal government about 
Silver and having InCommon recognized as a government-wide service. 

Stanford has talked with the NSC about using InCommon Silver as part of their 
Meteor addendum, rather than LoA 2. There may be some confusion at NSC about 
Bronze and Silver – feedback is that NSC believes the Bronze standard to be 
too low, while the Silver standard is perceived as too high, in relation to 
LoA 2. This will require some follow-up to clarify.

Next Call –Friday, August 7, at 3:00 pm (EDT)