MACE Conference Call, August 25, 2003

*MACE Conference Call*
August 25, 2003

*Attendees*

Ken Klingenstein (acting chair) - Colorado/Internet2
Bob Morgan (calling en route) - Washington
Ton Verschuren - SURFnet
Michael Gettes - Duke
Brian Gilmore - Edinburgh
Steven Carmody - Brown
Renee Frost - Michigan/Internet2
Keith Hazelton - Wisconsin
Neal McBurnett - Internet2
Steve Olshansky - Internet2
David Wasley - UCOP
Mark Poepping - CMU
Ben Chinowsky (scribe) - Internet2

*Discussion*

The group reviewed the EDIT work plan produced by Keith and Steve O. Ken noted that current NMI funding combines the third year of the first grant and the first year of the second grant, and that the second grant has been deeply cut from what was originally expected. [AI] Ken will ping Alan Robiette about JISC picking up work dropped from NMI due to funding cuts. [AI] All will send Keith use cases and desired features for the architecture for a next generation credential converter (item #3 on the EDIT work plan). [AI] Keith will start listening in on the Shibboleth calls to gather information to start working on what Bob described as "the big big model that doesn't fit on the whiteboard" for AuthZ (items #4 and #5 on the EDIT work plan). Steven noted that several of the items on the workplan raise the extremely complex issue of standarizing definitions of roles; Keith acknowledged that MACE will need to take up this issue, but stressed that most of this work will need to take place on the community-of-interest level. [AI] All will read the EDIT work plan and send any resulting questions or suggestions to the MACE list.

MACE discussed plans for an AuthZ Recipe. There was general agreement that the tools this document would reference would involve a fusion of Stanford's system with the functional specs from SAGE, and that the AuthZ Recipe should be structured as a high-level model for AuthZ and AuthZ support services, illustrated with case studies. It was also agreed that finding case studies worth emulating will be difficult. David suggested that the biggest challenge will not be technology but "how do you get the organization to describe how it really works?" Keith noted that as university IT departments are continually being asked to serve new populations, there is a great need for an AuthZ Recipe to help people understand "how to graft on top of legacy apps without really ugly hacks."

Also noted:
- The I2IM web site is ready to go, and an announcement is imminent. See http://middleware.internet2.edu/i2im/.
- The Fall Internet2 Member Meeting is October 13-16 in Indianapolis; see http://events.internet2.edu/2003/fall-mm/.
- NSF is giving its security programs the label "cybertrust", creating possible confusion given the much narrower meaning of "trust" employed in the Internet2 community.

*Action Items*

[AI] Ken will ping Alan Robiette about JISC picking up work dropped from NMI due to funding cuts.
[AI] All will send Keith use cases and desired features for the architecture for a next generation credential converter (item #3 on the EDIT work plan).
[AI] Keith will start listening in on the Shibboleth calls to gather information to start working on what Bob described as "the big big model that doesn't fit on the whiteboard" for AuthZ (items #4 and #5 on the EDIT work plan).
[AI] All will read the EDIT work plan and send any resulting questions or suggestions to the MACE list.