MACE Conference Call, June 17, 2002

*MACE Conference Call*
June 17, 2002

*Attendees*

Bob Morgan (chair) - Washington
Von Welch - Chicago/Argonne/NCSA
Scott Cantor - OSU
Ton Verschuren - SURFnet
Neal McBurnett - Internet2
Steven Carmody - Brown
Ken Klingenstein - Colorado/Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*

Most of the discussion concerned items related to Ken's attendance at the recent RedIRIS meeting in Spain.
- Ken has succeeded in starting a discussion about integrating Shibboleth with PAPI (www.rediris.es/app/papi/index.en.html). The two are already quite similar; the PAPI group wants to incorporate elements of Shibboleth such as the attribute authority, and convert PAPI tokens to SAML from their current cleartext format.
- RedIRIS's Diego Lopez has agreed to serve as an additional European liaison to MACE. Ton noted that it seems unlikely that a European version of MACE will emerge any time soon; the plan is instead to continue increasing European participation in the existing MACE, and also have the TERENA technical committee meet more often.
- Ken met with Tony Hey, Director of the e-Science Core Programme for the UK Engineering and Physical Sciences Research Council (EPSRC). Hey thinks that campus integration of Grids is very important, and asked for suggestions about where the UK could provide leadership in this area; Ken conveyed this request to MACE. Bob Morgan suggested support for PERMIS (www.permis.org). Von noted that a new version of the OGSA spec is available on the GGF site. While the OGSA architects don't expect that X.509 will be the only security standard to emerge for grids, that's where OGSA, guided by resource limitations, is currently focusing.

An NMI planning meeting is scheduled for June 19. Possible projects for the second year include 1) an interim web services infrastructure for videoconferencing, and 2) collaboration with Grid developers on accounting, authorization, and the n-tier problem. Ken noted that an accounting WG is starting up in GGF, oriented to user monitoring of remaining resource allocation (as vs. owner monitoring of resource use; this may prove to be a signficant omission). Ken also noted that there is general agreement within NMI that to the extent NMI can make sense of authZ, it should do so. Bob noted that there are a variety of ongoing authZ projects besides SAML; Akenti in particular has generated a lot of interest. Bob would like to see NMI evaluate a variety of ways to approach the problem of authZ. Von noted Globus's work on CAS, but he doesn't know of any authZ work happening in GGF.

Ken also suggested that NMI work on identifier crosswalks. Von noted that several people in the Grid community are working on hierarchical mapfiles built up from group memberships and maintained in LDAP; there is much interest in adding a standard interface so that people can add modules and work on their own schemes. Bob suggested that metadirectories present good opportunities for campus Grid integration work; [AI] Bob will send out a pointer to metadirectories work that bears on Grid integration.

*Action Item*

[AI] Bob will send out a pointer to metadirectories work that bears on Grid integration.