MACE Conference Call, June 2, 2003

*MACE Conference Call*
June 2, 2003

*Attendees*

Bob Morgan (chair) - Washington
Steve Olshansky - Internet2
Renee Frost - Michigan/Internet2
Steve Worona - EDUCAUSE
Steven Carmody - Brown
Jim Jokl - Virginia
Ken Klingenstein - Colorado/Internet2
Neal McBurnett - Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*

Ken briefly reviewed developments at TERENA Networking Conference 2003 in Zagreb. A BoF on federations reached agreement that there needs to be a clear separation between the federating technology (Shibboleth) and the federations themselves (e.g., InCommon) -- Shibboleth needs to be federation-neutral. eduPerson will become the object class for all federations using Shibboleth, but each federation will be able to develop its own variant of eduPerson to accommodate the particulars of its own data. It looks like lots of Europeans will be attending Advanced CAMP, which takes place July 8-11. [AI] All Advanced CAMP presenters will review Ken's proposed agenda (sent to MACE May 7) and make sure they can provide the requested content.

The MACE URN Namespace I-D (http://www.ietf.org/internet-drafts/draft-hazelton-mace-urn-namespace-02.txt) is expected to be published as an RFC soon, and people are starting to make requests for namespace allocations. [AI] Bob and Keith will create the MACE URN registry and decide where to host it. Bob noted that MACE-Dir is having lively discussions around SAML attribute naming. These discussions bear on the question of attribute name evolution -- how to accommodate the reality that names will inevitably be chosen ad hoc, then need to be moved later? The same questions arise with LDAP as well, and there are no clear answers. [AI] Bob will send out more information about MACE URN registry issues, and schedule a conference call on these issues if necessary.

Neal gave an overview of progress toward the relaunch of the CREN CA. Neal has been working with HEPKI-TAG and the PKI Labs on an assortment of CA issues, and with Renee on how to do registration for the CA using Internet2 as the front office. Ken observed that the bulk of the registration work is in vetting at the institutional level. Neal provided relevant links: the CREN combined CP/CPS is at http://www.cren.net/crenca/docs/practices.pdf, other CREN docs are at http://www.cren.net/crenca/docs/, and Neal's overall CA project tracking page is at http://bcn.boulder.co.us/~neal/i2/crencat/. All are invited to contribute to the CA relaunch process. Ken asked everyone to consider what would be a reasonable price for a campus cert (not including Shibboleth participation). Jim called the group's attention to inexpensive certs available at FreeSSL.com; the trust roots for these certs ship with current browsers. He noted that FreeSSL.com's Wildcard certs can't do two levels with one cert, but said that otherwise they're great. At Virginia they use Wildcard certs to sign ID certs; a server certs project there was cancelled when they found out about FreeSSL.com. Bob noted that Washington is continuing with its campus certs. [AI] Ken will send MACE further information on CA-related discussions happening in Internet2.

Finally Steven gave a Shibboleth update. Shibboleth 1.0 had been planned to ship on May 1. This was pushed back to June 1 to incorporate SAML 1.1 and to allow for further in-depth discussion of federations and trust models. The code was finished, but now there is "a very severe bug" involving chained-cert validation, so it looks like it will be another couple of weeks before 1.0 is ready. Steven summed up by saying "we're very close"; [AI] Steven will keep MACE informed on the status of Shibboleth 1.0.

*Action Items*

[AI] All Advanced CAMP presenters will review Ken's proposed agenda (sent to MACE May 7) and make sure they can provide the requested content.
[AI] Bob and Keith will create the MACE URN registry and decide where to host it.
[AI] Bob will send out more information about MACE URN registry issues, and schedule a conference call on these issues if necessary.
[AI] Ken will send MACE further information on CA-related discussions happening in Internet2.
[AI] Steven will keep MACE informed on the status of Shibboleth 1.0.