Subject Re: VO challenges - article
From Nick Roy <nroy@xxxxxxxxxxxxx>
Date Tue, 27 Oct 2015 17:59:21 +0000

Amen brother Anderson.

I've seen this at play, personally.  IT's job is to advocate for and support IT-related things that make a researcher's life easier, without them having to know what it is or ask for it.  The sincerest complement I as an IAM practitioner could have from a researcher is 'everything just worked, and what is it you do again?'


On 10/27/15, 11:30 AM, "Warren Anderson" <wganderson12@xxxxxxxxx> wrote:

>On Oct 27, 2015, at 12:06 , Jones, Mark B <Mark.B.Jones@xxxxxxxxxxx> wrote:
>  On 10/27/15, 11:45 AM, "Nick Roy" <nroy@xxxxxxxxxxxxx> wrote:
>>> The problem is that the reward is something that (primarily faculty and
>>> graduate students) get if their institution takes the (perceived, 
>>> incorrectly I
>>> think) 'risk.'  The perceived 'risk,' in the US, in the case of R&S, seems 
>>> to be
>>> based on some combination of fear and extreme risk aversion on the part of 
>>> IT
>>> departments and possibly registrars, although I suspect many IT departments
>>> never get as far as having a conversation with the registrars.
>> [Mark] I don't think 'perceived risk' is the issue here.  There are no users 
>> here asking for this and so it is not on anyone's to-do list.  I think it 
>> would be an easy sell if it were a priority for someone not in IT.
>In my experience, most researchers in research VOs don’t know what federated identity is or what it would buy them, so it’s not surprising that they’re not asking. If the VO has a computing person (or, fates forbid, a computing group), someone in the VO might know about identity federation and  want to enable it for their collaboration. Would having someone from NIH contact you and say “can you support R&S entity category for us so we can enable research for people on your campus” be enough to get it done? Because, if so, I might be able to arrange that.
>In any case, I can assure you from personal experience that it is not the case that all IdP operators simply need to be asked and will then start supporting research VOs, even with R&S attributes. There are some large research campuses that we (LIGO) have been asking on many levels, including having on-campus researchers ask on our behalf, and still have not gotten R&S support. The reasoning we’re given supports Nick’s assertions - there is a perceived risk that someone somewhere on campus can’t sign off on. Whether that is the only or most pressing reason it is not done I can’t know. 
>+================[ WARREN G. ANDERSON ]====================+
>| PO Box 413, Dept. of Physics, Milwaukee, WI 53201, USA   |
>|   CANADA: (403) 617 6720          USA: (414) 212 5446    |