Versions Compared

Old Version 40

changes.mady.by.user Tom Scavo

Saved on

compared with

New Version 41

changes.mady.by.user Slávek Licehammer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Title

VO Assessment

DescriptionSeveral years ago, the COmanage project put together a questionnaire aimed at helping both the VO and the organizations supporting them understand their IdM needs and business processes.  This proved to be fairly useful, but it needs to be updated and expanded to help a more international audience.  The old assessment is available off the COmanage wiki, hosted by Internet2.
ProposerHeather Flanagan
Resource requirementsMinimal effort, support for a survey, and kittens
+1'sNiels van Dijk (SURFnet  / GEANT SA5 VOpaas), Michal Prochazka, Slavek Licehammer (CESNET)
Title

Focus on VOs

Description

VOs straddle national Feds and we handle them in an ad hoc (at best!) fashion. What practices should the interfed community adopt to support their Fed/Interfed needs? Deliverables might include strawman recommended practices to national Feds and roles & responsibilities that together would define a consistent service presented to VOs. The purpose would be to inform ourselves of what it might actually take to operationalize such a service.

Could build on the VO Assessment activity proposed by Heather above.

ProposerTom Barton
Resource requirementsA few working group members to interview principals from several VOs or other organizations that support them or otherwise are knowledgeable about needs from a VO perspective (eg, Center for Trustworthy Scientific Cyberinfrastructure). A few Fed Ops to mull this over from an operational perspective. Someone to edit a resulting doc.
+1'sRomain Wartel, Michal Prochazka, Scott Koranda, Wendy Petersen (CAF), Niels van Dijk, Heather Flanagan
Title

Attribute authorities and group membership/role information

Description

Attribute authorities become interesting in VO world, where IdPs are not able to satisfy SP needs on additional attributes about the users especially group membership/roles. The main problem is when one SP wants to accept users from different VOs which use different attribute authorities. There is no common standard for representing group name/role in the attribute having VOs identification into account (just group name can lead to collision among different VOs).

Some examples how group names are used by current group mgmt systems:

  • Perun: {vo_name}:{group_name}:{sub_group_name}:...
  • SufConext: urn:collab:group:{group_provider}:{group_name}

Protocols which work with groups and theirs requirements on the group name:

  • VOOT: apart from id (usually UUID) it uses displayName which is a translatable string giving the group a human friendly name. The name is supposed to give a clear meaning for users setting up access control.
  • SCIM: apart from id (usually UUID) it uses displayName: A human readable name for the Group. 
ProposerMichal Prochazka (CESNET)
Resource requirementsSeveral conference calls should be enough for setting up the working group and produce recommendation on nameing schema for groups including VO identification.
+1'sScott Koranda, Wendy Petersen (CAF), Niels van Dijk (SURFnet), Heather Flanagan, Tom Barton, Slavek Licehammer (CESNET)

Group 3: Federation Operator Best Practices

...