In Chicago we met near the Loop,In Chicago we met near the Loop,

To share the security scoop …To share the security scoop …

Techies search for the clues,Techies search for the clues,

While the rest of us schmoozeWhile the rest of us schmooze

And that’s why they call it Stone And that’s why they call it Stone Soup!Soup!

Gavin Eadie, CSG Poet Laureate

Who’s Who in the DirectoryWho’s Who in the Directory

State of the join-t with DirectoriesState of the join-t with Directories Penn State (20 min)Penn State (20 min) Minnesota (20 min)Minnesota (20 min) Cornell (20 min)Cornell (20 min) Georgetown (20 min)Georgetown (20 min) Wisconsin (20 min)Wisconsin (20 min) Cornell (15 min)Cornell (15 min) Threads and Common Solutions (panel?)Threads and Common Solutions (panel?)

NSF Middleware Initiative R1NSF Middleware Initiative R1

If you haven’t heard yet, 5/7/2002If you haven’t heard yet, 5/7/2002 http://www.nsf-middleware.orghttp://www.nsf-middleware.org Various components, not listed hereVarious components, not listed here Directory specificDirectory specific

Groups Practices (RPR)Groups Practices (RPR) Metadirectories Practices (RPR)Metadirectories Practices (RPR) eduPerson 1.5 (RPR) and eduOrg 1.0 (EXP)eduPerson 1.5 (RPR) and eduOrg 1.0 (EXP) LDAP-Recipe 2.0 (RPR)LDAP-Recipe 2.0 (RPR) commObject 1.0 (RPR)commObject 1.0 (RPR)

Suggested IssuesSuggested Issues

Service ProvisioningService Provisioning Classes of Service Classes of Service policy, attribute mgmt, state transitions, timing, policy, attribute mgmt, state transitions, timing,

deferrals, dependenciesdeferrals, dependencies Central Mgmt vs. Delegated AdminCentral Mgmt vs. Delegated Admin Auto vs. Self selection of service (eligibility issues)Auto vs. Self selection of service (eligibility issues) License mgmtLicense mgmt

Groups: directory enabled appsGroups: directory enabled apps Unix Services, File systems, etc…Unix Services, File systems, etc…

Directory as a source of data, maybe not dir enabled.Directory as a source of data, maybe not dir enabled.

Who has directory policy?Who has directory policy? What would a directory policy say?What would a directory policy say?

Who is not doing ent-dir/Kerb/win2k Who is not doing ent-dir/Kerb/win2k integration?integration?

Who is not doing Internet2 core Who is not doing Internet2 core middleware? Person registry, yada yada?middleware? Person registry, yada yada?

How do you handle derivatives (spouses, How do you handle derivatives (spouses, visitors, special folk, not in core systems)?visitors, special folk, not in core systems)?

Real-time identity mgmt anyone?Real-time identity mgmt anyone?

I see dead people (logically and real)I see dead people (logically and real) How is ID mgmt done? Person registryHow is ID mgmt done? Person registry What apps are dir enabled?What apps are dir enabled? When and how for enterprise identity When and how for enterprise identity

mgmt infrastructure?mgmt infrastructure? Going beyond people?Going beyond people? GRID integration anyone?GRID integration anyone? Are Directories part of the I in PKI?Are Directories part of the I in PKI?

Noted Issues from discussionNoted Issues from discussion

Levels of visibility (prvt, cmnty, wrld)Levels of visibility (prvt, cmnty, wrld) Why Paper Directories still?Why Paper Directories still?

Departmental Listings and Job TitlesDepartmental Listings and Job Titles Emergency informationEmergency information

Harvesting (difficult problems, policy)Harvesting (difficult problems, policy) Opt-in (managed data) vs. Opt-outOpt-in (managed data) vs. Opt-out

Note: diff between visibility and accessNote: diff between visibility and access Dead people: important problem spaceDead people: important problem space Attribute usage (firewalling, good app practices)Attribute usage (firewalling, good app practices) Is ID mgmt properly positioned with clout?Is ID mgmt properly positioned with clout? Library integration and population mgmtLibrary integration and population mgmt

Common ThreadsCommon Threads

Person Registry unites core business systems, Person Registry unites core business systems, implements identity mgmt functions and implements identity mgmt functions and “publishes” data“publishes” data

Homegrown and “buy and build” solutions for Homegrown and “buy and build” solutions for Person Registry and ID integration/mgmt.Person Registry and ID integration/mgmt.

Identity mgmt implies marketing and PRIdentity mgmt implies marketing and PR LDAP AuthN and attr repository for appsLDAP AuthN and attr repository for apps

Not just for white pages anymoreNot just for white pages anymore Not much policyNot much policy