Subject RE: VO challenges - article
From "Jones, Mark B" <Mark.B.Jones@xxxxxxxxxxx>
Date Tue, 27 Oct 2015 17:27:52 +0000

> >[Mark] I'm still not understanding what you think campuses should be doing 
> >in
> >support of VOs.  I suspect that a concrete example would help.
> I think campuses should be managing data for applications about their users 
> in
> their own IDM systems, with different degrees of control, access, ownership,
> etc. That's as concrete as I can be because where I work we don't (and 
> won't)
> do that, so I don't have much exposure to the practicalities of it. I just 
> think if
> we don't do that, we won't do much of anything else in the medium term
> either.
[Mark] I think it is only reasonable for campuses to manage data for which 
they are reasonably authoritative.  And if the campus is the authoritative 
source then it makes no sense for an external entity to control or own the 
data.  If applications see value in campus data and the campus is willing to 
release it, that's great.  But such data will be of limited use for 
authorization purposes.  For example:  in my opinion it makes no sense for a 
campus to maintain attributes that say I am an 'admin' for 
external-application-x, and have 'write privileges' to external-application-y. 
But if external-application-z is interested in my campus affiliation, then it 
should ask the 'authority' for that data, just don't expect the value of my 
affiliation to be set according to any needs other than the needs of the 

Attachment: smime.p7s
Description: S/MIME cryptographic signature