**MACE Call 23-May-2011**

 

**Attending**

RL "Bob" Morgan, U. Washington (chair)

Ken Klingenstein, Internet2

Von Welch, Indiana U.

Scott Cantor, The Ohio State U.

Josh Howlett, JANET (UK)

Michael Gettes, CMU

Jim Jokl, U. Virginia

Steven Carmody, Brown U.

Nate Klingenstein, Internet2

David Wasley, independent

Neal McBurnett, Internet2

Steve Olshansky, Internet2 (scribe)

 

NEXT CALL: 6-June-2011

Theme: Advance CAMP recap and how this will affect the MACE agenda

 

*Carryover Action Items*

[AI] (All) send seedcorn suggestions to Ken.

[AI] (Ken) will distribute the CRU taxonomy of SPs

[AI] (Ken) will send out a link to relevant GENI IdM information.

[AI] (Keith) will write up the current state of the identifier discussion and apparent consensus, and associated explanatory material, for use by REFEDs.

[AI] (Ken) will coordinate a small working group with Heather to look into access control and IdM layer requirements for shared file services, calendaring, and web-conferencing in a federation-centric context.

[AI] (All) with suggestions for other foundations that the Shib Consortium could eventually be embedded in are encouraged to discuss them on the list.

[AI] (Ken) will convene a small subgroup of MACE to consider the seed corn issues in more depth and report back on a forthcoming call, soon.

[AI] (Ken) will invite Mike Conlin (U. Florida), the VIVO PI, to a forthcoming MACE call.

[AI] (Keith) will maintain an issues list to inform a potential new charter for MACE-DirNG, syncing it with the FedApps charter.

[AI] (RLBob, Scott, and SteveO) will proceed with the process of formalizing the FedApps working group, including setting up a list/wiki/website, and advertise it in the appropriate venues.

[AI] (Ken) will draft a one-pager about what MACE does and what questions it has, for review by MACE, as a discussion guide with Internet2 leadership.

[AI] (Ken) will distribute a draft requirements framework for VO support engagement

[AI] (David) will contact GSA for an update on the approval process for InCommon Silver.

[AI] (ReneeS) will revisit the list of potential new MACE members on the list.

[AI] (Ken) will revise the mission statement based upon feedback received on the call.

[AI] (Ken) will send out info on DHS secure online transactions

[AI] (Ken) will follow up on a MACE/AMSAC call.

[AI] (Ken) will follow up with Kuali/Rice about I2MI collaboration.

[AI] (Ken) will draft a catalyst doc, covering the key items to be addressed in advising VOs how to use our infrastructure.

[AI] (Leif) will contact Ken/Steven/Tom about potential overlaps between the SDCI proposal and projects in the EU.

[AI] (Jens) will speak to an Eduroam rep about communicating with Educause.

[AI] (Ken) will draft and circulate a letter to Rice leadership, requesting input to roadmaps and use cases, and to ensure our projects with Kuali projects are aligned with their high-level strategic direction.

[AI] (Nate) will distribute information to the list about upcoming tactical issues facing MACE

[AI] (All) send Bamboo IAM comments to Tom ASAP for coordination.

[AI] (All) interested in participating in the international collaboration activity contact RL "Bob."

[AI] (RL "Bob") will contact a representative of Kuali Rice about coordinating a call.

[AI] (Ken and Mark) will distribute some information on trust anchors in the context of dynamic network configuration in GENI testbed, as well as for general access control.

[AI] (Ken) will circulate some meeting notes from the last TERENA/ REFEDS meetings.

 

 

**Recent meetings**

 

- TERENA NC/REFEDs

May 16-19, 2011, Prague, Czech Republic

https://tnc2011.terena.org/

 

Ken attended. A collaboration BoF was held, as well as one focused on a generalized infrastructure for IdM.

 

REFEDs meeting was at the beginning, a lot was accomplished, and there is now a good bit of info online.

http://refeds.org/

 

There are a number of items that likely warrant new working groups to coordinate approaches, e.g. ARPs (in metadata?), application classification, and how federations will interoperate on all of this. Also, consistent English translation of attribute names arose as an area in need of attention. The SP distinction between desired and required attributes was discussed, particularly in the EU context. This will likely be one of the first REFEDS working groups.

 

There was an update on PEER as well.

 

NSTIC/OIX, InCommon Silver, and NIH activity in the US also arose.

 

Items bubbling for the future include federated groups...

 

It is likely that REFEDS will be able to support forthcoming working group logistics, and there will be another call for funding at some point. The question of IPR framework for working groups arose, and will be raised.

 

The next meeting is 14-Sep in Helsinki. New venues were proposed to make the meetings more accessible.

 

TERENA

Josh reported on the Moonshot infrastructure meeting that was held. Expanding the range of supported use cases is a goal. There is not much online about this, just yet.

 

It was noted that EduID is dead as a brand, due e.g. to better discovery practices available.

 

There were presentations on Edugain, including on the subject of consent and policies.

 

Concerns were raised about the InCommon Silver Profile moving forward without international participation, even though driving use cases are few. Thus InCommon will be working with REFEDS to float the identity assurance issues for feedback.

 

NISO has a report forthcoming on WebSSO, and a URL will be distributed.

 

Q: What is next for Edugain?

A: GEANT3 will conclude in (likely) 4 years, and federation is as important to them as the network, as an enabler for big science. Edugain will likely continue at least for 4 more years, and probably beyond.

 

Q: The EU privacy regulations are likely years away from finalization, and thus how can we reconcile them with our pressing needs?

A: Assumptions will need to be rethought about how we deal with privacy and data protection. This is really most relevant between RPs and issuers. A more comprehensive legal umbrella is clearly needed, with the concomitant new policies...

 

- IIW

May 3-5, 2011, Mountain View, CA

http://iiw.idcommons.net/

 

RL "Bob" attended. OAUTH 2 is ubiquitous, and its finalization is anxiously awaited - e.g. for mobile apps and cloud services. Google was very active, and is introducing Google Identity Toolkit which is Javascript to be dropped into apps to provide a useful login process.

https://sites.google.com/site/gitooldocs/

 

User-selectable 2-factor authn seems to be a somewhat hard sell to Google users (due apparently to the (minor) extra work involved, which unfortunately leads to great effort expended resetting hacked passwords.

 

NSTIC was also discussed extensively, and the 3 levels may not be the right answer in a complex ecosystem.

 

- Kantara

May 16-18, 2011

Berlin, Germany

http://kantarainitiative.org/confluence/display/GI/Kantara+Initiative+Conferences

 

 

 

**Upcoming Meetings**

https://spaces.internet2.edu/display/MACECalendar/MACE+Calendar

 

- Jasig/ACAMP 2011

May 25-27, 2011 in Westminster, CO

https://spaces.internet2.edu/display/ACAMPIdSummit2011/Home

 

ACAMP will be adjacent to the JASIG conference in Denver, and will be similar to past ACAMPs. This will be at the end of May, unlike in past years and branded InCommon. There will be an InC-Silver session.

 

Registration is about on par with previous years.

 

- InCommon CAMP

June 21-23, 2011, Cincinnati OH

https://spaces.internet2.edu/display/CAMPJune2011/Home

 

 

- W3C Workshop on Identity in the Browser

May 24-25, 2011, Mountain View, CA

http://www.w3.org/2011/identity-ws/

 

MACE representation at this is uncertain, if it takes place, given the overlap with ACAMP.

 

 

**Discussion**

 

- Moonshot ++

There were conversations on this at the recent TERENA meeting, and how it would integrate with identity federation infrastructure going forward. RADIUS-IDP integration and ARPs were discussed, as well as how to work with both federations and the REDIUS community about things like including RADIUS endpoints in metadata.

 

Josh noted that it is still early to consider Moonshot as something that needs to be high on the radar of identity federations. Likely little or nothing will need to be changed, since federations are largely technology agnostic so long as the expected attributes are provided and policies adhered to. Closer alignment between federations and Eduroam is likely forthcoming, and some (relatively little) work will be required to achieve this.

 

A major question is: would deployment of Moonshot in eScience imply a big push to build out REDIUS/Eduroam infrastructure in the US?

 

The question arose of transport alternatives to RADIUS. While RADIUS is core to the Moonshot architecture. the RADIUS infrastructure architecture does not need to mirror the EU version. E.g. a RadSec infrastructure would work.

 

Q: Given the rise of OAUTH2, will there be an OAUTH-centric way to integrate with Moonshot?

A: Given the fairly general nature of the work done to date, the use of SAML within apps and fat clients is not a problem, and this work can be reused as needed.

 

Q: What is the right discussion forum for continuing these conversations?

A: The Moonshot-announce list will be used for now, and TERENA will likely setup new mailing lists as the need arises.

 

- NSTIC, OIX, LEGO

NSTIC continues to rev up. The first round of meetings are coming up soon, and RL "Bob" will be attending. OIX is roughly aligned, and will be participating (and on behalf of InCommon).

 

TF-EMC2 will be holding videoconferences June 29-30 that might touch on some of this, and some of these issues may be discussed on their mailing list as well.