MACE Call 16-February-2009

**MACE Call 16-February-2009**

**Attending**

Ken Klingenstein, Internet2 (stand-in chair)

Renee Shuey, Penn State U.

Diego Lopez, RedIRIS

Steven Carmody, Brown U.

Tom Barton, U. Chicago

Nate Klingenstein, Internet2

Jim Jokl, U. Virginia

Scott Cantor, Ohio State U.

Ann West, Internet2/Educause

David Wasley, independent

Steve Olshansky, Internet2 (scribe)

**New Action Items**

[AI] (All) send suggestions for dinner theater to Ken and Bob.

[AI] (All) discuss the MACE program going forward on the mailing list.

*Carryover Action Item*

[AI] (Ken and Mark) will distribute some information on trust anchors in the context of dynamic network configuration in GENI testbed, as well as for general access control.

[AI] (Ken) will circulate some meeting notes from the recent TERENA/REFEDS meetings.

*Recent Meetings*

- CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle

Tempe, AZ, Feb 4-6, 2009

http://net.educause.edu/camp091

Themes emerging include remote password proofing, InCommon Silver practices as generalizable recommended LoA practices,

National Student Clearinghouse (NSC) did a presentation with Stanford about their pilot, expected to go live soon and into production in about one month. There didn't seem to be a great deal of interest in federation among the registrars, but it is not clear if this is since it is old news to them.

It was noted that the registrars seem to have already grappled with problems I2Mi is looking at, and vice versa, so this kind of exchange is very valuable...

* Upcoming Meetings*

https://spaces.internet2.edu/display/MACECalendar/MACE+Calendar

- JA-SIG Spring 2009 Conference

March 1-4, 2009, Dallas TX

http://www.ja-sig.org/conferences/09spring/

Tom will be attending and doing a preconference presentation.

- IETF

March 22-27, 2009 San Francisco, CA

http://www.ietf.org/meetings/74/

There will be another DKIM activity, and we are hoping to expand the scope of engagement. ISOC has hired an identity and trust outreach person.

- EuroCAMP

May 15-16, 2009, Cork, Ireland

http://www.terena.org/activities/eurocamp/

This is shaping up to be similar in focus to Base Camps, focucing on campus infrastructure, but with an emphasis on federation. Penn State's CIO will be attending.

- IDTrust 2009

Apr 14-16, 2009, Gaithersburg, MD (NIST)

http://middleware.internet2.edu/idtrust/2009/

Attributes and AuthZ is the theme. Attribute aggregation has emerged in this context, as in a growing number of others lately. The program is coming along.

- RSA Conference 2009

April 20-24, 2009, San Francisco, CA

http://www.rsaconference.com/2009/US/Home.aspx

- Spring Internet2 Member Meeting

April 27-29, 2009, Arlington, VA

http://events.internet2.edu/2009/spring-mm/

[AI] (All) send suggestions for dinner theater to Ken and Bob. Russ Housley (head of IESG) will be one of the keynote speakers.

- ITANA Spring Face2Face

April 29-30, 2009, Arlington, VA

http://www.itana.org/2009/01/27/itana-face2face-spring-2009/

- CSG

May 13-15, Indianapolis IN

http://www.stonesoup.org/

- TF-Mobility/EMC2

Next TBD

http://www.terena.org/activities/tf-emc2/

http://www.terena.org/activities/tf-mobility/

Attribute aggregation and extending federation beyond SSO seem to be emerging as topics.

There has been renewed (narrow) interest in Eduroam in the US. More to come on this as it develops. It may be that growing wireless availability is driving this...

- June 2009 CAMP & Advanced CAMP

June 15-19, 2009, location TBD

Program committees for both are getting rolling.

"Building blocks of access management" will be the topic for CAMP.

Advanced CAMP will follow, and "identity summit" (e.g. the integration of identity models between social networking sites and the campus) will be the topic. Working with the open source community us emerging as a sub-theme.

- IIW

May 18-20, 2009. Mountain View, CA

http://iiw.idcommons.net/Iiw8

- TERENA Networking Conference 2009

June 8-11, 2009, Málaga, Spain

http://tnc2009.terena.org/

**Discussion**

- Potential GENI non-engagement

There is a proposal brewing on the subject of identity management. Their current reliance on end-entity certs is somewhat problematic, for reasons that have been discussed in the past in other contexts. Security related to portals is also an issue, as is VOMS.

There is at least one major GENI control plane site using Shibboleth, thus there is some existing familiarity with federation concepts in various islands at least.

There are some existing pockets of federation in some areas of GENI, in various forms, but there doesn't seem yet to be a unifying theme.

Attribute aggregation is also emerging in this context. The lifecycle of attributes will be the topic of an upcoming GSA workshop that will likely cover this as well. Scoping the potential work on attribute aggregation was the topic of some discussion, and it may be on the order of ~6 person-months (presuming developers already familiar with the space).

- Kuali Rice engagement, MACE program

Following the recent link sent to the list pointing to the Rice charter, there have been some recent conversations between MACE members and Kuali Rice leadership. Emerging from this has been (1) a request for the I2MI to clearly define its scope, to enable other groups working in this area to define their scope(d) in a complementary fashion, and (2) there may be an invitation for a MACE member to sit on the Rice technical advisory group.

This leads to the question: what is the MACE program now and going forward? The previous Middleware 1 and Middleware 2 distinctions may still be useful here. Deeper engagement with other communities, e.g. the research community, administrative domain apps, and/or the network layer (e.g. DCN, E2E performance), are possible directions to pursue more aggressively.

There are multiple axes to this issue, including the evolution of computing and networking platforms beyond the web (e.g. hand-held mobile devices, cloud computing). N-Tier apps are also a recurring theme. The IdM space is clearly expanding. ESBs, workflow, and other related issues seem to be growing out of scope for MACE due to resource constraints and the clear need to carefully choose our focus.

R&E community support, including funding, are obviously related issues that factor into this discussion. Similarly, tracking what commercial vendors are doing in this space so as not to duplicate effort is important as well.

Is the Rice methodology useful for us to consider - i.e. contributing FTE developers entitles organizations to voices in the governance structure? The MACE approach is spread more thinly across multiple campuses. MACE's involvement in standards bodies (e.g. IETF and OASIS) is a notable distinction. Perhaps engagement with other groups (e.g. W3C and ITU) would be useful as well?

How should be continue to talk about this? It was suggested that a poll of the MACE community would be useful in informing this discussion going forward. An off-week MACE call would seem to be a useful forum, in this time slot. More to come on this...

[AI] (All) discuss the MACE program going forward on the mailing list.

- US overseas campus issues in privacy and data

There is an upcoming meeting of major campus CIOs seeking a consistent approach to international campuses, including connectivity, cloud computing, and privacy and security for overseas students.

- MACE-paccman advertisement

The working group is now up and running, with Tom Dopirak (CMU) chairing, using the previous Signet call slot. Details at http://middleware.internet2.edu/paccman/