REFEDS IOLR WG, Un-Affiliated IdPs
Meeting notes:
NCSA - NSF supercomputing center for 30 years
1000s of researchers have NCSA accounts
MFA. OAuth for Globus.
NCSA IAM now supporting collaborative projects
recently opened up account creation process - anyone can self-register
registered NCSA IdP - talking with GENI about using it
will support Sirtfi - held up on letter from InCommon Executive contact
other IoLRs:
XSEDE
IoLR coming soon
formerly TeraGrid (2001), follow-on to NSF PACI program
CILogon 2.0
IoLR coming soon
VO-specific IoLRs - VO-specific attributes - compare with eduTEAMS
paying InCommon for the privilege of operating an IoLR?
Make IoLR registration free in InCommon?
listing SPs that need IoLRs
124 R&S SPs in eduGAIN, wikis
Australian Access Federation Virtual Home service -
Neils: CERN, Dariah, Elixer, Umbrella, EUdat, EGI, LIGO
eduTEAMS identity hub
Thomas - VHO in SWITCHaai - not anyone can self-register
small set of SPs need this service?
SP list should also include which criteria are required - e.g., see FIM4R doc
IoLR list on wiki with checkmarks for meeting requirements
Keith's rough notes from the call, :
Un-Aff.; Idp NCSA, then sometime this year portal.xsede.org; CILogon 2.0 will be the LastResort of LastResort for CoManage will have a branded one for VO-Specific attributes, like Niels with eduTeams; In xsede, there will be geographical redundancy; all 3 will be operated by NCSA.
Outside support is a model for all three, esp for higher levels of service
NCSA, XSEDE have to do IAM for themselves; core infra is supported by NCSA, XSEDE as core infrastructure; eduId IdP service providers; a couple examples of virt home services from AU and Switch; a question: Would InC be interested in following a similar model?
Tom: InC has a lot on plate already; Not likely to support yet another service; perhaps something to put on their roadmap;
JimB: Willing to standby and interested in having discussions about how this could be an InC-supported service.
Open to supplementation of core services; If InC didn't charge for registering this with InCommon.
svc will be open to all; NCSA, XSESDE, assumtion is that our core user community will be the majority of user population; If there are millions of; we are focused on the research community so terms of use could mention R&S
Dedra: How do we support services for all sorts of people; JB: Incremental costs should be low;
OAuth for globus xfers for some years; XSEDE has Globus Auth IAM infra supports production/consumption of OIDC; profiles for delegated assertions, restricted delegation; OIDC scopes with diff parts of the API.
Dedra: Next agenda item:
Building list of R&S SPs that might need
Majority of existing R&S SPs (>100 in eduGain, esp. a few wikis); Peter Schober, Niels provided a list, Tomas, eduID, virtual home service; put list on the wiki
Which SPs are using which IdPs;
LIGO has their own; CILogin uses Google, but wants to use UnitedId once they support SIRTFI.
ORCID as tool for x-linking;
Tom: GENI is a fine example of Res. infra that would like to get out of the IAM biz; Sponsors don't understand the detail of IAM infrastructure; Down in the weeds, so it ain't broke. A GENI researcher is likely to participate in other research VOs. Like the idea of having a list of these things;
Dedra: List of SPs, what are the really essential requirements;
List of req from initial WG; what if we had an SP list of requirements; Using one
JB: Impressed wth ORCID's sustainability; linking to persistent nameIds; lots of intereste are aligned;
IdP's need to be strongly privacy preservation; at odds with their public mission; cred mgmt, and LoA; not part of core mission; Refeds group on Orcid;
Might translate into a new IdP: Have ability to assert ePOrcid w ePPN; Established in the official way;
__________________________________
REFEDS IOLR WG, Un-Affiliated IdPs
Agenda and Notes, Monday, Oct. 3
- Review Notes for the IoLR WG Update at REFEDS, Sunday, Sept. 25, TechEx 2016
- Begin to draft a form for IdPs to self-assess against the Un-Affiliated IdP list of requirements
- Read and plan responses to Nicole Harris's REFEDS 2017 email
- NOTE: Jim Basney, Creator of the CI Logon service, will join us on our Oct. 17 call
Keith] create Google doc
Dedra, Keith] list of reqs in a table
Tom] Reach out to JimB and ScottK for longer list of research SPs
I think I missed this today because the GMT time given was incorrect (I was an hour late) - I think it would help if future meetings only had one time and timezone listed - Pete B
Pete: I now cut and paste the meeting time information straight from timeanddate.com. Sorry for the confusion. The World Clock Meeting Planner - Details
These are the corresponding times for your meeting:
Location Local time Time zone UTC offset
Madison (USA - Wisconsin) Mon. Oct. 17, 2016 at 9:00:00 AM CDT UTC-5 hours
London (UK - England) Mon. Oct. 17, 2016 at 3:00:00 PM BST UTC+1 hour
Stockholm (Sweden) Mon. Oct. 17, 2016 at 4:00:00 PM CEST UTC+2 hours
Corresponding UTC (GMT) Mon. Oct. 17, 2016 at 14:00:00