MACE conference call, November 6, 2000

*MACE conference call, November 6, 2000*

*Attendees*

Bob Morgan (chair)
Keith Hazelton
Michael Gettes
Neal McBurnett
Jim Jokl
David Wasley
Eric Norman
Ken Klingenstein
Steven Carmody
Ben Chinowsky (scribe)

*Discussion*

On this call MACE reviewed an assortment of current and planned projects. It was agreed that a continued high level of interest in middleware was in evidence at the recently-concluded Fall 2000 Internet2 Member Meeting in Atlanta. Bob noted that the joint EDUCAUSE/Internet2 network security working group is trying to revitalize; this working group will be concerned with firewalls, VPNs, vulnerability analysis, intrusion detection, and incident response. The central issue to be addressed is whether campuses should be encouraged to tighten up security by means of firewalls. Bob recommended Terry Gray's Network Security Credo for an overview of current IT security issues; see http://staff.washington.edu/gray/papers/.

Steven has signed on with Internet2 for three months as Shibboleth project director. The extent of IBM's participation in Shibboleth is still unclear. Bob has become aware of some multi-vendor efforts in the area of Web authentication and authorization, and there was a Burton Group vendor meeting on this recently, but it appears that such efforts are still "awash in NDAs". It has become increasingly apparent that there are close links between the DLF certs work and Shibboleth; Bob is working on a document describing this relationship. Ken noted that Shibboleth has very high priority within Internet2; he suggested that it be positioned both as a crucial stopgap until client certs become widely available, and as a tool that will be useful after that, e.g. for creating HTACCESS files.

With work continuing on eduPerson and the directory of directories for higher education (DoDHE), it has become clear that MACE-Dir needs to start holding regular conference calls; MACE agreed on a biweekly schedule starting Monday, November 13, 4:30pm-5:30pm EST. [AI] Ken will set up the biweekly MACE-Dir conference call. [AI] Ken and Keith will review eduPerson in preparation for the first regularly-scheduled MACE-Dir call. Bob and Michael have had a fruitful and wide-ranging discussion of DoDHE issues with Roland Hedburg; in particular they considered the performance of the tagged index object approach vs. the native LDIF approach. Michael is putting together a DoDHE web page and soliciting suggestions for content. The group discussed how best to further the involvement of Roland Hedburg and Ton Verschuren in MACE-Dir; it was agreed that TERENA would probably be the best arena for this, although SURFnet and Internet2 are also possibilities. [AI] Ken will put Roland and Ton on the MACE-Dir list.

Jim summarized recent work in HEPKI-TAG. TAG's apparent consensus on dc naming fell apart in Atlanta, and TAG needs to take up this issue with Jeff Schiller again. Michael noted the importance of achieving consensus on this issue -- where (as at Georgetown) dc naming is used, it is not possible to bind certs to a directory without such a consensus. [AI] Jim will send MACE a pointer to the latest version of the TAG dc naming recommendation. TAG is also working on a cert profiles recommendation, bridge models, and mobility.

Finally, the group discussed the possibility of MACE working more closely with the Grid on directory issues; the current working title for this prospective project is "MACE-ware Lite". Ian Foster is strongly pro-MACE and thinks that Grid research campuses that are not yet doing directories need to be helped to be made consistent with MACE. Steven observed that there appears to be a disconnect between Foster's interest and many Grid groups' apparent contentment with manual mechanisms; Ken predicted that this will change when the Grid moves beyond its current phase of building isolated pieces of a network to (for instance) building a seismology network with 10,000 remote sensors. Grid cert policy discussions have already led to a recognition that existing identifier practices are not going to be sufficient. [AI] Bob will send notes from his exchange with Steve Engert (a colleague of Steve Tuecke) to MACE.

*Action Items*

[AI] Ken will set up the biweekly MACE-Dir conference call.
[AI] Ken and Keith will review eduPerson in preparation for the first regularly-scheduled MACE-Dir call.
[AI] Ken will put Roland and Ton on the MACE-Dir list.
[AI] Jim will send MACE a pointer to the latest version of the TAG dc naming recommendation.
[AI] Bob will send notes from his exchange with Steve Engert (a colleague of Steve Tuecke) to MACE.