MACE Conference Call, December 10, 2007

*MACE Conference Call*
December 10, 2007

*Attendees*

Bob Morgan (chair) - Washington
Leif Johansson - Stockholm/SUNET
Michael Gettes - Internet2
Keith Hazelton - Wisconsin
Tom Barton - Chicago
Ann West - Internet2
Scott Cantor - OSU
Neal McBurnett - Internet2
Nate Klingenstein - Internet2
Steve Olshansky - Internet2
Jim Jokl - Virginia
David Wasley - independent
Ben Chinowsky (scribe) - Internet2

*Discussion*

Bob attended the latest Internet Identity Workshop; he noted that turnout was down slightly from last time.
- There was much discussion of Vendor Relationship Management, the "reciprocal" of Customer Relationship Management. See http://cyber.law.harvard.edu/projectvrm/Main_Page.
- Following some last-minute politicking around IPR, the OpenID 2.0 spec is now blessed.
- There was a good session on SAML dynamic federation. An OASIS profile appears to be the next step; [AI] Leif will send the DSAML list some questions about how to move forward with SAML dynamic federation in OASIS, and cc MACE.

Leif was at IETF 70; his comments are at http://blogs.su.se/leifj/Internet/leifj-m7A7j2FA. Also of note was PEPPERMINT (http://www1.ietf.org/mail-archive/web/peppermint/), which Leif described as an attempt to build a distributed identity management system for telcos -- an unusual project for IETF. Materials from IETF 70 are accumulating at https://datatracker.ietf.org/meeting/70/materials.html.

Tom and Bob were at the EGEE/OSG Middleware Security Group meeting. Tom noted that EGEE and OSG have been working on interoperability of their grid middleware for a few years now, and have done "a pretty nice job of hooking together some disparate parts." Tom also noted that VOMS by itself is not sufficient for any of the use cases under discussion. There are prospects for a federation involving the DoE labs. Presentations are at http://indico.cern.ch/conferenceDisplay.py?confId=20203; Bob noted that the opening discussion of key compromise and the difficulty of revocation was a good summary of the main issues faced by this community.

Tom also attended the 6th TERENA NRENs and Grids Workshop. Michael did a remote presentation on COmanage, and Diego endorsed the COmanage approach in his presentation. Overall, the meeting served to make the grid operators who attended more comfortable with the federated approach. Presentations are at http://www.terena.org/activities/nrens-n-grids/workshop-06/programme.html.

The program for the February 13-15 "Bridging Security and Identity Management" CAMP is now available at http://www.educause.edu/Program/14171.

Bob is on the program committee for the April 27-30 JA-SIG conference in St. Paul, Minnesota. This will be a major gathering for open-source efforts in higher education, and a good opportunity to promote Internet2 middleware. Contact Bob if you are interested in presenting.

Bob noted that LIGO (http://www.ligo.caltech.edu/) is interested in adopting MACE-ware, including COmanage. A January event is being planned for them to demonstrate their needs and discuss them with the appropriate experts.

Finally, the group discussed the nascent Kuali Identity Management effort. Leif expressed grave reservations about the KIM database model (https://test.kuali.org/confluence/display/KULRICE/KIM+Database+Diagram). In his view, a steady stream of change requests will likely make this model expensive to maintain, and make it impossible to maintain a clean set of interfaces. Leif suggested building a SQL-independent information model first, then using SQL to implement distinct versions of that model. Bob acknowledged Leif's concern, but noted that this work is still at the demonstration stage, and that a separate information model may be in the works.

*Action Items*

(new)
[AI] Leif will send the DSAML list some questions about how to move forward with SAML dynamic federation in OASIS, and cc MACE.

(from previous calls)
[AI] Tom will send the Grouper users list a status report on Grouper staffing.
[AI] All who want to help figure out where MACE middleware fits into Kuali, will contact Bob.
[AI] Michael will write MACE a description of his work on the Collaborative Organizations pilot service.
[AI] Bob and Ken will contact Jane Charlton and Josh about the operational and policy aspects of applying Shibboleth to Confluence in the UK.
[AI] Bob will draft recommendations for app developers re AuthN/AuthZ (attributes), and post them to a wiki; Leif will provide references for J2EE text.
[AI] Ken will set up an outreach, education, and support conference call, and notify MACE.
[AI] Bob will talk to Vinay Kumar about possible roles for 9Star in supporting MACE-ware.