MACE Call 18-Feb-08

*Attending*
Ken Klingenstein, Internet2 (stand-in chair)
Jim Jokl, U. Virginia
Nate Klingenstein, Internet2
Renee Frost, Internet2
Scotty Logan, Stanford
Michael Gettes, MIT
Steve Carmody, Brown U.
Leif Johansson, Stockholm University / SUNET
Tom Barton, U. Chicago
Josh Howlett, JANET (UK)
Neal McBurnett, Internet2
Jens Haeusser, U. British Columbia
Scott Cantor, OSU
David Wasley, independent
Rodney McDuff, U. Queensland (AU)
Steve Olshansky, Internet2 (scribe)

**Action Items**
[AI] (All MACE) if you are interested in serving on the program committee for AdvancedCamp in June, please contact Ann/Ken/Renee ASAP.

**Meeting reports**
- TF-EMC2 report - February 4-5, 2008, Marseilles
Ken attended. They spoke a fair bit about federations. Many federations are looking at the upcoming Shib v2.0 upgrade. Slides are online now.
http://www.terena.org/activities/tf-emc2/meetings/10/

JISC legal gave a briefing about their feasibility of Inter-federation document – available from JISC legal website. They also have a comparison of attributes used by various federations, and a first pass at what an inter-federation agreement might look like. They also plan to identify when user consent is required before identity is released across national boundaries, according to national privacy laws. It appears at the moment that in the US no consent will be required, but state privacy laws may preempt national privacy laws in the US which could make for a complex environment.
http://www.jisclegal.ac.uk/access/

Forthcoming is a first pass at what an inter-federation agreement would look like. Also clarification of what a user-consent agreement would look like for release of attributes across national boundaries. For every country there will need to be a separate consent in place…

US state privacy laws will likely preempt national? This could make for complicated times ahead. eduPersonTargetedID appears to solve a lot of problems, if/when it is implemented…

They were not really looking at other sorts of federations, such as Eduroam. It was noted also that there are a growing number of team-taught online courses in the US that include international students, which are thus in other federations.

- CAMP: Bridging Security and Identity Management
February 13-15, Tempe, AZ
http://www.educause.edu/camp081
CAMP was sold out and very successful. Privacy was more of a prominent theme than security, but there was a good mix of attendees. There was a lot of conversation about federated IAM, and about RBAC. CAMP The audience has come a long way, and was very clueful overall.

Discussion of InCommon Silver produced no objections. There seemed to be consensus of understanding about IAM overall, and interest in how to implement it. Diagnostics and fine-grained access control came up in the context of being denied access to a website is a form of security event, requiring diagnostics.

** Upcoming Meetings**

- Mellon RIT (Research in Technology) meeting will be focused on providing enterprise services, and on providing general reusable and compatible infrastructure for higher-ed.
http://rit.mellon.org/retreat/2008-mellon-rit-sc-retreat/

- EuroCAMP will be in Stockholm, May 7-8. Theme will be similar to the last EuroCAMP in Dubrovnik.
http://www.terena.org/activities/eurocamp/may08/

- Spring Internet2 Member Meeting (I2MM) April 21-23 in Arlington VA
http://events.internet2.edu/2008/spring-mm/

- REFEDS (Research and Education FEDerationS)
The next REFEDS meeting will be May 18 in Bruges Belgium.
http://www.terena.org/activities/refeds/

- Shibboleth CAMP (InstallFest) May 13-14 in Ann Arbor, adjacent to CSG meeting.

- 7th Symposium on Identity and Trust on the Internet (IDtrust 2008)
Mar 4-6, 2008, Gaithersburg, MD
Updated program online. OASIS will be participating, and they will be looking at XACML in addition to the usual PKI topics.
http://middleware.internet2.edu/idtrust/2008/

- AdvancedCAMP will likely take place in June, theme will be Enterprise Service Bus (ESB).
[AI] (All MACE) if you are interested in serving on the program committee for AdvancedCAMP in June, please contact Ann/Ken/Renee ASAP.

**Discussion**
* Updates on I2 Strategic Planning and Middleware
One of the themes emerging from the strategic planning effort underway is the value of persistent community engagement for campus IT architects... ITANA and CAMPs are examples of this, and there may be other ways to support this ongoing.

* UK OpenID study*
JISC wants to explore use cases. OpenID seems to be essentially a US-centric activity at the moment... SOAP v. REST discussions also come into play at some level.

JISC is focused primarily on access management, and OpenID doesn’t provide the level of functionality they require. A core use case, as a driver for adding OpenID support to Shibboleth, hasn’t been seen yet. Perhaps providing services to non-university users would be a driver...
http://www.jisc.ac.uk/fundingopportunities/funding_calls/2007/10/openiditt.aspx

* Microsoft DreamSpark*
This utilizes InCommon to assert eligibility, where available...
https://downloads.channel8.msdn.com/FAQ/UniversityAdministrators.aspx

* Inter-federation workshop *
NSF will support a workshop in June, bringing together many federations to discuss this. Financial dimensions, along with privacy and consistency of agreements, will be topics of discussion. Team-taught courses crossing federation boundaries are also an interesting use case. What is required to trust assertions coming from another federation?

It will be interesting to look at the trust required for current approaches, as we move into the inter-federation context, and not impose more requirements if not needed… Big science international VOs also pose a common use case in this context.

* DKIM/etc. event*
IETF and ISOC held a workshop on trust in the Internet last Fall, which led to ISOC making some investments in bringing trust awareness into some IETF protocols. DKIM will be an initial focus, and a workshop is a likely early step.
http://www.isoc.org/isoc/mission/initiative/trust.shtml

There may be some interest in using the higher-ed email admin list to convene this community.
http://listserv.nd.edu/archives/hied-emailadmin.html

Other topics may include clean-slate efforts, and there is recognition that notwithstanding architectural evolution, many applications currently in use will continue to be used ongoing in some form, and trust will be central to many or most of these.