MACE Conference Call, May 17, 2004

*MACE Conference Call*
May 17, 2004

*Participants*

Bob Morgan -- Washington (chair)
Scott Cantor -- OSU
Steven Carmody -- Brown
Renee Frost -- Michigan/Internet2
Jim Jokl -- Virginia
Diego Lopez -- RedIRIS
Neal McBurnett -- Internet2
Nate Klingenstein -- Internet2 (scribe)

*Discussion*

Recent & Upcoming Meetings

Re the upcoming Shibboleth Workshop CAMP, Bob was concerned about the lack of a speaker on the technical track who can address issues surrounding the integration of Shibboleth with portals. There are a few JISC-funded projects that will be looking at these issues, but there will be a larger audience interested in this integration at the upcoming CAMP. There may have been a lot of changes to uPortal under the Sakai project, but those are likely to be on the back end and not significantly affecting the fundamental technical issues.
The management track has been harder to fill up, but speakers are slowly becoming available. Bob was worried that the Advanced CAMP immediately following is "probably not even as together as that."
There wasn't much to report from the recent CSG other than some fringe discussion relating to calendaring. There is likely to be more focus on the CalDAV proposal under WebDAV due to Chandler interest in that platform.

More Updates

There was a BoF at the Internet2 Spring Member Meeting regarding what a mailing list service ought to perform. This was extremely sparsely attended, but the Shibboleth development team has been in subsequent discussions with the makers of Sympa, an open-source mailing list manager used by Internet2 and others. One of the primary concerns is the handling of different kinds of identifiers as some campuses make an attempt to decouple the primary identifier functionality from an email address. Sympa uses email address as a username.
Lynn McRae of Stanford has agreed to chair the Signet working group, which thrilled Bob because "he's really good at that." The first call will occur during the first week of June, with momentum gathering quickly from there.

Post-Modern PKI

Also known as "revolvable PKI" or "federated PKI", there is a new sense about how to lessen the weight of a PKI deployment while still providing the unique functionalities that only PKI can provide, such as signed email. The primary focus is on providing a policy flexibility that can't be accommodated by standard PKI, by allowing for some sort of federation of campus roots rather than signing them all under a single higher-ed root as standard PKI would suggest. This would then be bootstrapped to a more traditional format as policies and deployments matured.
There were a few brief suggestions, many of which have been attempted before. One was the suggestion that USHER act as a repository of campus root CAs, and make these available to relying parties in a trusted fashion. Jim responded that that had been attempted a while ago, but fizzled out because, in reality, "there aren't many roots."