MACE Conference Call, February 10, 2003

*MACE Conference Call*
February 10, 2003

*Attendees*

Bob Morgan (chair) - Washington
Steve Worona - EDUCAUSE
Steven Carmody - Brown
Michael Gettes - Georgetown
Renee Frost - Michigan/Internet2
Neal McBurnett - Internet2
David Wasley - UCOP
Ken Klingenstein - Colorado/Internet2
Scott Cantor - OSU
Steve Olshansky - Internet2
Jim Jokl - Virginia
Ben Chinowsky (scribe) - Internet2

*Discussion*

Bob noted that he'll be on vacation in two weeks; [AI] Ken will find a substitute chair for the next MACE call.

The group discussed recent and upcoming meetings. See http://events.internet2.edu for current schedules.
- Last week's Base CAMP meeting went very well; there were 120 attendees, compared to 30 at the previous one. Ken noted the high technical level of the discussions throughout, and in particular the growing understanding of the connections between Shibboleth and PKI. Keith noted that many new contacts had been made with possible new collaborators.
- Currently the WebISO workshop is scheduled to precede the next Advanced CAMP in July; Renee suggested splitting this workshop into an awareness-building part and a more technical part, and moving the former to immediately after the next Base CAMP in June. There was strong interest in doing some kind of WebISO awareness-building sooner rather than later; [AI] Ken and Renee will draft options for what workshops to hold in conjunction with the next Base and Advanced CAMPs. [AI] All will give some thought to what should be on the agenda for the upcoming Advanced CAMP.
- [AI] Ken and Renee will draft a schedule for the middleware sessions at the Spring Internet2 Member Meeting.
- Lots of papers have been submitted for the 2nd Annual PKI Research Workshop, but the panels still need to be filled out. [AI] All will send Neal suggestions for panelists at the 2nd Annual PKI Research Workshop. Michael suggested including someone involved with eAuthentication (see http://www.cio.gov/eauthentication/).

Ken is in the process of refining the two NMI proposals due March 7. One emerging focus is support for virtual organizations. Ken noted that there are many groups of 30-50 scientists working on shared problems but spread out across many campuses; SPARC (see http://middleware.internet2.edu/internet2-and-sparc.html) is one example. Bob suggested that providing support for interactions with large organizations like scholarly societies is likely to prove at least as important as supporting virtual organizations.

Keith and Michael have been working with EDUCAUSE on an "organic trust farming" grant proposal for HEBCA. While agreement has been reached that this has to involve more than just a bridge, how much more is still an open question. Issues to consider here include: what's most important to getting PKI deployed on the campuses, what's most likely to get funded, and what's most likely to get accomplished in the time available. David stressed the importance, here as elsewhere in the PKI space, of articulating the business case for campuses to get involved with this technology.

David noted that a major objection to single sign on is that applications may need to have assurance at a particular point in time for a particular transaction, so there may be a need to reauthenticate for that transaction -- "who's in the office two hours after authentication?" There was general agreement that SSO systems need to provide mechanisms to require reauthentication where appropriate. David also stressed that when pushing SSO it's important to be clear that stronger authentication (e.g. via a second USB dongle) will be needed for some applications, and that workable delegation mechanisms are necessary to avoid sharing of credentials.

Earlier today Steven C. sent MACE an update on Shibboleth attribute issues; [AI] All will read Steven's mail on Shibboleth attribute issues and send comments to the list. Bob and Steven have had good discussions with JSTOR recently; they're very interested in Shibboleth and will be providing scenarios to inform the discussion of attributes. JSTOR had no major objections to the current timeline, which has Shibboleth deployed on 20-30 campuses by fall; Steven is working on getting other vendors committed to that schedule. [AI] Steven will look for information on how many requests JSTOR gets for changes to their IP-address-based access control table, and more generally how they're balancing the hassles involved in continuing to do things this way with the hassles involved in deploying Shibboleth. The OCLC deployment is mostly working as of last Friday; here as with JSTOR, usage of Shibboleth will likely take off quickly once it's deployed on the campuses. The next release of Shibboleth, scheduled to go out March 1, will not interoperate with previous releases; Steven is hopeful that this will be the only time this will happen.

*Action Items*

[AI] Ken will find a substitute chair for the next MACE call.
[AI] Ken and Renee will draft options for what workshops to hold in conjunction with the next Base and Advanced CAMPs.
[AI] All will give some thought to what should be on the agenda for the upcoming Advanced CAMP.
[AI] Ken and Renee will draft a schedule for the middleware sessions at the Spring Internet2 Member Meeting.
[AI] All will send Neal suggestions for panelists at the 2nd Annual PKI Research Workshop.
[AI] All will read Steven's mail on Shibboleth attribute issues and send comments to the list.
[AI] Steven will look for information on how many requests JSTOR gets for changes to their IP-address-based access control table, and more generally how they're balancing the hassles involved in continuing to do things this way with the hassles involved in deploying Shibboleth.