MACE Call 12-March-2012

**MACE Call 12-March-2012**

**Attending**
RL "Bob" Morgan, U. Washington (chair)
Scott Cantor, The Ohio State U.
Jim Jokl, U. Virginia
Keith Hazelton, U. Wisconsin - Madison
Steven Carmody, Brown U.
David Wasley, independent
Chris Phillips, CANARIE
Nick Roy, U. Iowa
Jens Haeusser, independent
Von Welch, Indiana U.
Joe St Sauver, InCommon/Internet2/U. Oregon
Ann West, Internet2
Nate Klingenstein, Internet2
Steve Olshansky, Internet2 (scribe)

NEXT CALL: 26-March-2012

**New Action Items**
[AI] (All) interested in working on a whitepaper on LTI and the delegation challenge discuss on the list, or contact Keith.
[AI] (All) with themes to suggest for future calls, discuss on the list or contact Bob.

**Discussion**
- Topic: IMS++
See the last theme call announcement for background on this. Since then there has been some discussion, and Keith Hazelton and friends met with Chuck Severance. I'm putting Keith on the spot to report on that meetup and what the next steps are.

Reference links:
http://www.imsglobal.org/toolsinteroperability2.cfm
http://www.imsglobal.org/lti/
http://vimeo.com/14100773
http://www.imsglobal.org/lis/
http://www.imsglobal.org/lis.html

IMS has expressed serious interest in working with MACE on this.

Chttps://spaces.internet2.edu/display/imsmacecollab/2012_02_29+Madison+Conversations

(Lower part of the diagram) Can Bamboo roll out a similar solution based upon an ECP-like scenario? There might be alternatives in the near term, e.g. using CILogon.

It was observed that the "backend services" in the diagram could really be any SPs.

High level architecture question - should there be centralized infrastructure controlling access at all? Or should users be able to go directly to various services?

How would these scenarios be different using something like OpenSocial v. portals?

Since some institutions use their LMSs as SoRs, are they up to the identity-related demands potentially placed on them in a federated context?

A whitepaper on LTI and the delegation challenge might be a useful thing to develop.
[AI] (All) interested in working on a whitepaper on LTI and the delegation challenge discuss on the list, or contact Keith.

This conversation will continue on the wiki space:
https://spaces.internet2.edu/display/imsmacecollab/Home

IMS will be writing up their take on this discussion 29-Feb, as will UW-Madison, and then reconvene...

- Topic 2: Certificate Authority alternatives
See: https://spaces.internet2.edu/display/~rlmorgan@washington.edu/Certificate+System+Alternatives

(a) is there a role for HE and NRENs in supporting a new-generation distributed key-trust infra such as Convergence?

Given recent high-profile CA compromises, browser updates (i.e. root CAs trusted) seem to be the mechanism of choice rather than cert revocation.

Should efforts be undertaken to make cert usage more visible and understandable to end users?

DNS-based Authentication of Named Entities (DANE) is potentially interesting, but faces deployment challenges:
https://datatracker.ietf.org/wg/dane/charter/

What is Microsoft doing in IE? If they are sticking with CAs that severely limits the viability of other options...

Some CAs are now offering "premium" cert services, e.g. Adobe.
http://www.adobe.com/misc/pki/cds_cp.html

For those interested who are using Firefox:
https://addons.mozilla.org/en-US/firefox/addon/certificate-watch/

The use of notaries as in Convergence is a potentially interesting approach, but faces deployment challenges as do other alternatives to the traditional CA model.
http://convergence.io/index.html

It was noted that aside from well-known CA issues, there are also significant issues in the wild with SSL use (e.g. using out of date versions with known vulnerabilities).

Would alternatives like Convergence help with non-web services like SMTPS, and mobile devices trusting sketchy CAs?

(b) are there lessons in these proposals that might apply to scaling up metadata infra supporting federation (SAML or otherwise)? So maybe we'll get to those questions, or at least lay the groundwork for them.

- Topic 3: Topics for future theme calls?
[AI] (All) with themes to suggest for future calls, discuss on the list or contact Bob.