UC Identity Management Conference Call
- 8/11/2004 - Notes
Participants
- Mike Baptista, UCOP
- Bob Brandriff, UCOP
- Jacqueline Craig, UCOP
- Bruce James, UCOP
- Gabe Lawrence, UCSD
- Jason Lin, UCI
- David Walker, UCOP
- Jerry Wilcox, UCOP
Attribute Naming
David Walker will register a urn:mace:universityofcalifornia.edu
namespace for URNs that are used throughout UC system-wide. The
URNs for this project will be created under urn:mace:universityofcalifornia.edu:ucidentity.
The one attribute we've defined (UCnetID) will be urn:mace:universityofcalifornia.edu:ucidentity:attributes:ucnetid.
As discussed previously, it is expected that each campus will create a urn:mace:<campus>.edu
namespace for its local URNs.
Gabe Lawrence suggested that we mention the source of attributes in the
registry. We will do that.
For now, we will keep the registry for this namespace within our
project web pages (http://www.ucop.edu/irc/itlc/ucfedauth/URNs/),
but it will need to move elsewhere as other uses are made of the
namespace.
Test Records
Bruce and Jerry will create test records during the next week.
Once this is done and modifications are made to UCFY and the origins for urn:mace:universityofcalifornia.edu,
we should have something that functions.
Minimum Standards
We're creeping up on having a coherent set of standards for technology
and business processes, but right now we have a number of building
blocks; one of those is "Responsibilities
for Federated Authentication" (draft). Everyone agreed with
the general structure, but there is an issue yet to resolve:
- Service Providers and Identity Managers are expected to keep
audit logs. What should be in them, and how long should they be
retained? We'll make this a topic of a future meeting.
Logout URL
Kalpa is on vacation right now, so we don't yet have a read on the
feasibility of allowing the "logout URL" to be passed as a Shibboleth
attribute, in addition to passing it in UCFY's invoking URL. If
this is determined to be feasible, it may be a while before it's
implemented, however, due to other assignments. Assuming it is
feasible, we will need to define another attribute (urn:mace:universityofcalifornia.edu:ucidentity:attributes:logouturl,
I suppose).
Federation Naming
A couple more suggestions were made for the name of our federation,
UCanTrust (Gabe) and InUCWeTrust (Jerry). We'll leave this issue
open for a while.
David
Walker - 8/11/2004