MACE Conference Call, February 24, 2003

*MACE Conference Call*
February 24, 2003

*Attendees*

Keith Hazelton (acting chair) - Wisconsin
Neal McBurnett - Internet2
Steve Worona - EDUCAUSE
Ton Verschuren - SURFnet
Ken Klingenstein - Colorado/Internet2
Scott Cantor - OSU
David Wasley - UCOP
Mark Poepping - CMU
Diego Lopez - RedIRIS
Michael Gettes - Georgetown
Steve Olshansky - Internet2
Steven Carmody - Brown
Ben Chinowsky (scribe) - Internet2

*Discussion*

Ken opened the discussion with an update on the continued-development and operational-trust-services NMI proposals. Both are going well; [AI] Ken will send drafts of the NMI proposals to the MACE list later this week.

The group considered and rejected the idea of adding an open-source CA project to the continued-development proposal. At the same time, there was strong agreement on the importance of this work; MACE will look for support for this work elsewhere. There was general agreement that securing FIPS 140 certification for OpenSSL and/or OpenCA is a high priority here.

In drafting the operational-trust-services proposal, Ken is working to get alignment between InCommon certs, community CA certs, and bulk cert purchases. Ken would like to see a single service both issuing institutional certs and anchoring InCommon. A better understanding is needed of how this service would have to operate in order to ensure that certs offer the needed levels of assurance. [AI] Sometime in the next three weeks, Ken will convene a call to discuss early implementation questions for InCommon.

The group discussed several upcoming meetings:
- At the Spring Internet2 Member Meeting, the traditional MACE dinner will be merged into a larger meeting on authorization with Roland Hedburg. The goal is to get as far as possible in elaborating a roadmap and architecture for the target side. This meeting will take place Wednesday, April 9, and will probably go late. [AI] Ken will ping Michael about recruiting panelists for the Member Meeting, Rich Guida in particular. [AI] Keith will organize a MACE-Dir-TAB call to plan for sessions at the Member Meeting. Blackboard wants to do a demo; although there is no demo room at this meeting, Ken thinks Blackboard's demo could be incorporated into a Shibboleth demo that will be set up at lunch. [AI] By the end of the week, Ken will send Michael details on Blackboard's options for doing a demo at the Member Meeting.
- Ken noted that IPR claims on OGSA by IBM and Microsoft are likely to be a major issue at the March 16-21 IETF meeting in San Francisco. Scott noted the similarity between the OGSA IPR situation and the SAML IPR situation: RSA owns part of SAML; while they are willing to offer RAND license terms, they can always change their mind later, and for this reason Apache has become reluctant to take on OpenSAML. Developers are also leery of using OpenSAML because anything they build would also be subject to this uncertainty. Ken suggested having representation from MACE at the IETF meeting, but no one on the call is currently planning to attend.
- TERENA meets May 19-22 in Zagreb; TCA will meet May 18. LSD has disbanded. Ken wants at least one technical authorization/Shibboleth person in Zagreb; no one has committed to this yet.
- It's looking likely that the WebISO technical workshop will be held immediately before Advanced CAMP in July; [AI] Ken will send MACE dates for Advanced CAMP and the WebISO workshop(s) as soon as they are set.
- Michael asked Ken if he could speak at JA-SIG in June; [AI] Michael will send Ken details on the June JA-SIG meeting.
- GGF7 is March 4-7 in Tokyo; GGF8 will be in Seattle in June.
- The program committee for the Second Annual PKI Research Workshop meets this Friday. [AI] All will send Neal suggestions for panelists at the 2nd Annual PKI Research Workshop.

The group closed the one remaining issue from the recent Shibboleth attributes discussion: eduPersonAffiliation will be renamed to eduPersonScopedAffiliation and used as previously planned. Scott noted that eduPersonPrimaryAffiliation has been pulled from the code, as no one was using it. Steven C. noted that responses are starting to come in from the pilot campuses on the issues of how to deal with entitlements and how to refer to "walk-ins". Scott suggested that using MACE URNs might cause interoperability problems in future versions of Shibboleth; [AI] Bob Morgan and Keith will contact Patrik Faltstrom about MACE URNs and Shibboleth.

Finally, Neal noted that discussions of the future of the CREN CA and how it relates to the future of Internet2 PKI in general are still ongoing. [AI] Bob Morgan will put a PKI update near the top of the agenda for the next MACE call.

*Action Items*

[AI] Ken will send drafts of the NMI proposals to the MACE list later this week.
[AI] Sometime in the next three weeks, Ken will convene a call to discuss early implementation questions for InCommon.
[AI] Ken will ping Michael about recruiting panelists for the Member Meeting, Rich Guida in particular.
[AI] Keith will organize a MACE-Dir-TAB call to plan for sessions at the Member Meeting.
[AI] By the end of the week, Ken will send Michael details on Blackboard's options for doing a demo at the Member Meeting.
[AI] Ken will send MACE dates for Advanced CAMP and the WebISO workshop(s) as soon as they are set.
[AI] Michael will send Ken details on the June JA-SIG meeting.
[AI] All will send Neal suggestions for panelists at the 2nd Annual PKI Research Workshop.
[AI] Bob Morgan and Keith will contact Patrik Faltstrom about MACE URNs and Shibboleth.
[AI] Bob Morgan will put a PKI update near the top of the agenda for the next MACE call.