| Time | Item | Who | Notes |
|---|
| 15min | DJRA1.4A Recommendations on expressing Group membership | Davide Vaghetti Nicolas Liampotis | - Proposed content:
- Nicolas Liampotis suggests to link this topic to the eduPersonScopedEntitlement discussion/proposal.
- Relevant links:
- ALSO check requirements and current implementations:
|
| 10min | DJRA1.4B Guidelines on attribute aggregation | Davide Vaghetti | |
| 20min | DJRA1.4C Guidelines on Token Translation Services | Davide Vaghetti | - Proposed content:
TTS as a gateway: i.e. a Proxy a the Federation level (CILogon model) TTS at the end service, (almost) seamless for the user, and certainly seamless for the Federation
- Mischa Salle points out that actually CILogon is not a gateway, since it does not join two different administrative entities. It is more a technological bridge. So maybe it is more clear if we split the possible use of TTS in more use cases.
|
| 10min | DJRA1.4D Recommendations for authorisation delegation | Davide Vaghetti | - Delegation = "act on behalf of the user"
- Proposed content:
- Mischa Salle propose ECP for the SAML world
|
| 10min | DJRA1.4E Best practices for managing authorisation | Davide Vaghetti | We all agree that "Groups vs Entitlements" in the end is not such an issue. Nicolas Liampotis proposes the following main topics: - distributed authorisation
- delegation of management of authorisation attributes in a VO
|
| 20min | DJRA1.4F Guidelines on non web access | Davide Vaghetti | Proposed content: - Concentrate on some, or maybe ONE, specific use case: SSH seems to be the most relevant one (see also FeduShare project: https://sites.google.com/site/fedushare/)
- Marcus Hardt proposes to wider the scope of the "non web access" deliverable to comprehend REST API use cases
- We all agree that REST API is an important matter, we will see if it does fit in DJRA1.4F, or if it is better to split the deliverables in two parts;
- Michal Jankowski and others point out that in non web access use cases where there is provisioning of local accounts, (federated) de-provisioning should be taken into account;
|
