MACE Conference Call, January 13, 2002

*MACE Conference Call*
January 13, 2003

*Attendees*

Bob Morgan (chair) - Washington
Renee Frost - Michigan/Internet2
Ton Verschuren - SURFnet
Keith Hazelton - Wisconsin
Steve Worona - EDUCAUSE
Neal McBurnett - Internet2
Steve Olshansky - Internet2
Brian Gilmore - Edinburgh
Steven Carmody - Brown
Ken Klingenstein - Colorado/Internet2
Mark Poepping - CMU
Jim Jokl - Virginia
Paul Hill - MIT
Michael Gettes - Georgetown
Ben Chinowsky (scribe) - Internet2

*Discussion*

Internet2 has posted a call for proposals for sessions at the Internet2 Spring Member Meeting: http://events.internet2.edu/2003/spring-mm/callforproposals.html. Proposals are due January 31; the meeting is April 9-11. There was general agreement that there need to be more presentations from "other-than-usual suspects". In particular there was strong interest in getting speakers from the campuses to share their middleware success stories -- Shibboleth and directories success stories in particular. [AI] All will send Renee suggestions for Member Meeting sessions. [AI] Ken and Renee will find people to present success stories at the Spring Internet2 Member Meeting.

The group discussed the future of NMI. March 1 is the deadline for resubmitting the 2002-2003 proposal for 2003-2004. Ken noted that funding for NMI is in place through August 2004. Alan Blatecky (who leaves NSF on April 1) suggests that the proposal for 2003-2004 build in a rampdown, with the next proposal starting immediately in September 2004, rather than trying to further extend the current project. Internet2, EDUCAUSE, and SURA will be resubmitting their joint integration proposal. Ken stressed the importance of positioning MACE in relation to non-Internet2 middleware, and of making authorization more of a focus than it has been so far.

Ken asked the group for thoughts on what's right and what's wrong with NMI. There was general agreement that clearer specification of the NMI integration architecture is needed to guide the "random acts of middleware" side of the project. Jim Farmer is putting together a consortium to take over the CREN CA, which suggests the possibility of a separate integrator proposal for PKI. Ken said that it looks as though submitting two integrator proposals would be fine with NSF, but he's not sure what that would leave for the campuses. Steven C. suggested that NMI use OpenXACML to integrate with existing access control stuff like Apache, wrapping XACML with the appropriate web forms to enable delegation of access. Bob noted that Internet2 has registered openxacml.org. [AI] Steven C. will write up his thoughts on how NMI should approach identity management. The group will discuss these issues further later this week at CSG; [AI] Ken will send the list a short summary of MACE's discussions of the future of NMI.

Bob reported on MACE's plans to participate in Mitch Kapor's Chandler project (see www.osafoundation.org). There have been two recent meetings with the Chandler team; the nature of MACE's participation is not yet completely clear, though it will probably involve both helping develop code and offering advice on how to make Chandler meet the needs of higher education. A rough prototype of Chandler is expected by March, and a full architecture and project plan are expected by May.

The group discussed CAs for Shibboleth use. Some Shibboleth participant campuses want to use credentials signed by their campus CAs, but the Shibboleth project as yet has no means of gathering up and using such credentials. It appears that this will need to be addressed sooner rather than later. Currently the bar for cert acceptance is set pretty low; e.g., certs from Eric's Bossie CA are accepted. [AI] Michael will ask David Wasley for his thoughts on using the projected Higher Ed CA in Shibboleth. Steven C. noted that there is interest in using Shibboleth for secure exchange of transcripts, an application quite different from its use with digital libraries.

Finally Bob noted that there has been discussion within the Apache project about doing a sign-on project incorporating parts of Shibboleth and WebISO. It looks like the first step will be acceptance of OpenSAML as an Apache project; it appears that Internet2 is happy to have OpenSAML find a home within Apache.

*Action Items*

[AI] All will send Renee suggestions for Member Meeting sessions.
[AI] Ken and Renee will find people to present success stories at the Spring Internet2 Member Meeting.
[AI] Steven C. will write up his thoughts on how NMI should approach identity management.
[AI] Ken will send the list a short summary of MACE's discussions of the future of NMI.
[AI] Michael will ask David Wasley for his thoughts on using the projected Higher Ed CA in Shibboleth.