MACE Conference Call, October 20, 2003

*MACE Conference Call*
October 20, 2003

*Attendees*

Bob Morgan (chair) - Washington
Tom Barton - Chicago
Ton Verschuren - SURFnet
Steve Worona - EDUCAUSE
Renee Frost - Michigan/Internet2
Neal McBurnett - Internet2
Scott Cantor - OSU
Keith Hazelton - Wisconsin
Steven Carmody - Brown
David Wasley - UCOP
Mark Poepping - CMU
Ken Klingenstein - Colorado/Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*

Scott and Ken were just at Digital ID World Conference 2003 (http://conference.digitalidworld.com/2003/). Scott described the conference as very politically sensitive, with many sessions focused on Liberty, WS-*, and conflicts between the two. IBM and Microsoft heavily promoted their commitment to enable royalty-free implementations of WS-Security. [AI] Ken will send MACE a note on developments at Digital ID World. Ken reported that a demonstration of the Shibboleth attribute-release user interface was very well received. On the other hand, there seems to be a common perception that Shibboleth is just about privacy and is intended only for the higher-education market. Suggestions for improving this situation included making efforts to recruit specific individuals from target communities, such as libraries; more user-interface demonstrations; and organizing briefings for key individuals in organizations such as Burton. Ken noted that the InsideID conference (http://www.insideid.com/), coming up December 8-10, will be of similar size and scope to Digital ID World.

The Australian government has funded the Meta Access Management System (MAMS) project; see http://www.dest.gov.au/Ministers/Media/McGauran/2003/10/mcg002221003.asp. Bob would like to recruit a MACE liaison from Australia; there are several prospects.

The group discussed the Abstract Framework recently released by IMS; see sections 4.1, 4.2, 4.3 and 4.6 of http://www.imsglobal.org/af/afv1p0/imsafascv1p0.html#1502422. The document draws on OKI's work, but shows no MACE influence. Scott observed that it's not clear what the scope or influence of the Framework is intended to be, though it seems clear that "IMS is really going back to its original vision: a set of interface definitions."

Bob observed that to date the LionShare project (http://p2p.libraries.psu.edu/) has mostly focused on high-level stuff like metadata and repository access. LionShare uses the gnutella protocol, the security implications of which are poorly understood. Bob described figuring out "what we infrastructure types would think is appropriate for security here" as "a fairly urgent activity for us." A related consideration is what's going on with OSAF/Chandler; they're in the process of defining their security protocol, which might end up being something that LionShare could use. Steven noted that the LionShare proposal includes plans to add Shibboleth support to gnutella and to use LionShare to initiate searches into the Canadian eduSource learning object repositories (http://www.edusource.ca/english/home_eng.html).

Ken observed that, with collaborators in other countries building on the work of Internet2 middleware, branding is becoming a pressing issue for MACE: "now that world domination is at hand, what do we call it?" How to globally coordinate this work, what to call it, how to determine if contributions are compliant? Ken expects this to be a major topic at the NMI review coming up this Thursday. Ken noted that there is a broad consensus that the biggest issue is integration, especially ensuring that all the pieces have a similar look and feel and use compatible methods of authZ.

Ken is setting up a MACE-like group, called NetSec, to work on secure and authenticated inter-institutional network access. The first item on NetSec's agenda is to get some US participation in TERENA's network security project (see http://www.surfnet.nl/innovatie/wlan/ and http://www.terena.nl/tech/index_mobility.html.) Ton noted that TERENA's work is built on RADIUS; trust is currently implemented with shared secrets, but there are plans to move to PKI using IPsec.

*Action Item*

[AI] Ken will send MACE a note on developments at Digital ID World.