InCommon Technical Discussions

["Wu, Albert" <>]

+1 on TechEx17.

 

Also: do we have much reach into each campus’ research community? As in, how many IDP operators have close contacts with our respective research community? At least at UCLA, we certainly could/should do better in that area. I know it can be challenging, though it may be helpful to promote some degree of idea sharing between the IDP operators and our respective campus research community as we try to tease out an way to tackle this issue…

 

albert

 

From: <> on behalf of Mark Scheible <>
Date: Friday, March 31, 2017 at 10:18 AM
To: "Farmer, Jacob" <>
Cc: Nick Roy <>, "" <>
Subject: Re: [InC-Technical] Split InCommon into R&S and non-R&S federations?

 

I think the framing of this discussion is that pushing for adoption of R&S hasn't worked, and that maybe there's a different approach needed to assist researchers trying to get to VOs and other Research SPs whose home institutions don't release R&S.  I don't know that splitting the federation is the right approach, but I agree with others on this thread that something more drastic than continuing to push for attribute release needs to be done to improve the situation.

 

I would suggest submitting a proposal for TechEx17 to brainstorm on how best to move forward other than relying on R&S to get us there.  Certainly would be a good ACAMP topic with some of the REFEDS folks being there for input.

 

Mark

 

Mark A. Scheible

Sr. Lead IAM Solutions Architect

MCNC, Research Triangle Park, NC

Office: (919) 248-1997

Cell: (919) 609-8595

Fax: (919) 248-8419

 

On Fri, Mar 31, 2017 at 12:44 PM, Farmer, Jacob <> wrote:

I think the framing of the discussion is really important. Are we really talking about two discrete cohorts? Or a base cohort + a ‘beta’ cohort that is willing to bear extra risk/burden/etc. in order to be able to evolve more quickly?

 

In the priorities, one group is characterized as a collection of institutions that “…just want streamlined access to vendor SPs.” I would argue that is the most critical use case for federated authentication, because it is what justifies the investment in IAM infrastructure. Our institutions desire identity integration Canvas, Google Apps, Box, etc. and are willing to commit resources to that end. It’s from that baseline that we’re able to carve out x% of someone’s time to focus on these other things.

 

Now, that doesn’t mean it’s the only use case – I agree that growing support of R&S is critical and it is a key place to focus energy moving forward. But if we want to grow the IAM resource pool – both human and fiscal – campus IAM is probably where there is the most room for growth.

 

Jacob

 

From: [mailto:] On Behalf Of Nick Roy
Sent: Thursday, March 30, 2017 3:00 PM
To: Mark Scheible <>
Cc:
Subject: Re: [InC-Technical] Split InCommon into R&S and non-R&S federations?

 

+1 to a BoF, but we should frame it as something like,

"Federation of the Willing" or "Solving the Federation Value Proposition Problem for Large Scale Research"

Nick

On 3/30/17 12:35 PM, Mark Scheible wrote:

But "Splitting InCommon" made for a great Subject, didn't it?!!!

 

I think the comments made in this thread have a lot of merit.  I also like Albert's suggestion we carry on the discussion at a "BoF" at Global Summit (possibly an impromptu BoF or Social Gathering).  We're also missing REFEDS input. Should we consider soliciting REFEDS members to join the technical-discuss list?

 

Certain suggestions in this thread could be part of the "Attribute Release 2.0" Working Group Charter.

 

Just some thoughts...

 

Mark

Mark A. Scheible

Sr. Lead IAM Solutions Architect

MCNC, Research Triangle Park, NC

Office: (919) 248-1997

Cell: (919) 609-8595

Fax: (919) 248-8419

 

On Thu, Mar 30, 2017 at 2:12 PM, Nick Roy <> wrote:

Splitting the federation would be a significant step in terms of policy, process, operations, resourcing, priorities, etc.  It is not something that either the TAC or InCommon Operations can make a determination on.  This would be squarely in the realm of Steering/T&I leadership decision making.

Best,

Nick

 

On 3/29/17 8:13 AM, Mark Scheible wrote:

Scott,

 

Thanks for your updates to the Work Plan.  They are inline with what our thoughts have been, but the perspective you provided helps clarify the issues that need to be addressed.  [I've decided to post this to the technical-discuss list to get some conversation flowing.]

 

In particular the following comment:

 

********************

Break InCommon into two effective federations:

 

One federation would be those campuses that want to support a national infrastructure that facilitates collaboration in higher education and research. It would require IdPs to support the R&S entity category. The other federation would be for campuses that just want streamlined access to vendor SPs. Those campuses that want to collaborate could then evolve faster.

********************

 

I'm not sure exactly what it is that you're proposing here (I understand the reasons, but didn't know whether you had a proposal), but perhaps creating a separate aggregate of R&S entities would accomplish what you're suggesting. R&S SPs could then choose to only import the R&S aggregate. (Maybe a very poor suggestion, but I thought I'd throw it out there to start the conversation. Feel free to poke holes in it, or offer other suggestions).

 

Assuming InCommon Ops would agree to a separate aggregate or another solution, I wonder about the pros and cons of separating entities and the impact it might have on further adoption of R&S and attribute release.  It's certainly worth the discussion.

 

Mark

 

Mark A. Scheible

Sr. Lead IAM Solutions Architect

MCNC, Research Triangle Park, NC

Office: (919) 248-1997

Cell: (919) 609-8595

Fax: (919) 248-8419

 

To unsubscribe from this list, send email to with the subject: unsubscribe technical-discuss