Tom Barton from Chicago and Michael Gettes from Carnegie Mellon are leading a discussion on Projecting Infrastructure into the Cloud.
Identity Federation & Attribute Release – Federated Access anyone? Release directory info! In InCommon identity providers get into the federation, but not always service providers. – get your SP into the Federation. At CMU they release directory information – For everyone- eduPersonPrincipalName (which for them is an email address), and eduPersonScopedAffiliation. For non-students: givenName, surname, commonName, email. Allows for very quick integration of cloud providers. Will this work for others? Ken notes that projects such as Vivo have lots of data with no access control.
Contracts – we spend lots of time on compliance and security, but not on functionality and defining the relationship. CMU and PSU are requiring their vendors to join InCommon. One comment is that vendors are increasingly resistant to joining InCommon.
There’s a bunch of discussion about things that are beyond identity – how do we deprovision users, how do we communicate limitations, where things are easier or harder in the cloud. Kitty notes that in some contract negotiations with cloud vendors they are requiring targets about load and latency testing from different points in the world.