MACE conference call, October 23, 2000

*MACE conference call, October 23, 2000*

*Attendees*

Bob Morgan (chair)
Paul Hill
Michael Gettes
Neal McBurnett
Ken Klingenstein
Keith Hazelton
David Wasley
Steven Carmody
Ben Chinowsky (scribe)

*Discussion*

Bob opened the discussion with an update on the Shibboleth project. The project is finally picking up speed; Bob has explained Shibboleth to a gathering of non-vendors at the Network Applications Consortium meeting, and found broad interest and no naysayers. The vendors at NAC all seemed to agree that they need to agree on a standard for Web single sign-on, making Shibboleth a "pump-priming" opportunity. Bob noted that Boeing is now authenticating to third parties for benefits. Ken asked the group for opinions on making public keys available via DNS SRV records. Bob noted that a purist would say it's necessary to use secure DNS for this purpose; the hack is taking server certs that have been given to institutions and using them to generate real public-key certs. Paul noted his concern that Shibboleth address the situation of universities that don't have single sign-on in place. If a department is running a server, do we trust them? No consensus was reached on this issue.

Keith provided an eduPerson update. The first cut of a version in an NIHPerson-like format is done, and the eduPerson group has agreed to try adding "member" and "affiliate" values to the eduPersonPrimaryAffilation attribute. [AI] Ken will send Keith his slides outlining eduPerson. Ken noted that the eduPerson group needs to have the Association of Institutional Researchers and Registrars address issues around FERPA and attributes. David noted two issues in particular: the need to have a placeholder for an attribute that would give the student's decision with respect to exercising their FERPA rights, and whether the registrars have fields they would find useful that are not yet in eduPerson.

Ken updated the group on the status of the dir-of-dir project. Sun discussed the proposal last Thursday; Ken hasn't heard back yet, but in any case he has received approval from Internet2 to buy "whatever it takes" to move forward with this project. Internet2 believes that middleware is engaging the membership and that the progress we can make with dir-of-dir will be well worth the investment. It was noted that Roland Hedburg and several other key international middleware figures would be in Atlanta, and Ken suggested a arranging a meeting with them.

Finally the group discussed PKI work. The HEPKI-TAG cert profiles committee has finished its conference calls; from the notes from these calls Ken has produced a list of similarities and differences among the cert profiles. This exercise has raised issues about keeping higher education coordinated. Michael has discussed such issues with Rich Guida, and it's starting to look like there may be multiple BCAs in higher education. Guida thinks this is workable, though not the best way to launch a PKI; Michael has greater misgivings. It was noted that the Grid Forum meeting was disappointing; there was no clear leadership in the area of PKI. In general, the Grid Forum people seem content with allowing people to do as they wish and manually configuring trust relations; the Grid Forum list contributors who are interested in scaling beyond this were not at the meeting. In Ken's opinion, the Grid people are not confident that HEPKI is really building an infrastructure that can support them. Steven recommended the Grid's Steve Tuecke as a source of information on proxy certs and an enthusiastic partisan of PKI. [AI] Keith will have Todd Tannenbaum email Steve Tuecke. [AI] Steven will write up his notes from his discussions with Steve Tuecke and send them to MACE.

*Action Items*

[AI] Ken will send Keith his slides outlining eduPerson.
[AI] Keith will have Todd Tannenbaum email Steve Tuecke.
[AI] Steven will write up his notes from his discussions with Steve Tuecke and send them to MACE.