UC Identity Management Conference Call - 7/28/2004 - Notes

Participants

(Very Preliminary) Test Version of UCFY

A very early test version of UCFY is available, as described in electronic mail from Mitesh.  The PIN you will need to access "John Wayne's" test information is "4002".

This test uses InQueue's "Example State University" origin.  Our next step will be to use our campus origins, which will require creation of test records to be loaded into UCFY/YBO and the campus origins.  Bruce will work with Jerry to get that done within the next week.

Prompting for PINs

Discussions continue with regard to the appropriate time and frequency to prompt for UCFY/YBO PINs, once a campus has authenticated the user.  The primary issue is one of organizational responsibility and liability if something goes wrong.

It is still agreed that the campuses will enforce a 20-minute timeout on login information when invoking UCFY/YBO.  Albert pointed out that this may cause some difficulties as more Shibboleth-authenticated applications are added, but we will defer that issue for now.  We expect the next version of Shibboleth to deal with this problem.

Logout URL

Currently, we are passing an optional "logoutURL" parameter in the URL that invokes UCFY/YBO.  Albert has asked if this could also be an optional Shibboleth attribute, with the parameter in the invoking URL taking precedence over the Shibboleth attribute.  We (Bob?) will ask Kalpa and Mitesh to analyze how difficult this would be to implement.  As with the login timeout issue, we expect the next version of Shibboleth to deal with this issue.

Attribute Names

Gabe distributed a quick proposal for attribute naming during the call.  It was discussed briefly, and Gabe will distribute a revision.  Basically, each campus will apply for a portion of the "urn:mace" name space, and we will get one additional portion for UC system-wide attributes.

David Walker - 7/28/2004