MACE Conference Call, January 26, 2004

*MACE Conference Call*
January 26, 2004

*Attendees*

Bob Morgan (chair) - Washington
Ton Verschuren - SURFnet
Diego Lopez - RedIRIS
Steven Carmody - Brown
Renee Frost - Michigan/Internet2
Scott Cantor - OSU
Tom Barton - Chicago
Neal McBurnett - Internet2
David Wasley - UCOP
Ken Klingenstein - Colorado/Internet2
Keith Hazelton - Wisconsin
Michael Gettes - Duke
Ben Chinowsky (scribe) - Internet2

*Discussion*

Bob opened the discussion with the announcement of a new MACE area of activity: Authority, or AuthR, which has to do with representing things that people can do and assigning those abilities to other entities such as groups. This work will focus on generalizing the work of the Stanford Authority Project (http://www.stanford.edu/group/itss-ccs/project/authority/). The MACE-AuthR group plans to start small and broaden its scope and membership over time as appropriate. The initial deliverable will be an Authority Recipe, modeled on the LDAP Recipe but more focused on business processes, and including an appendix with case studies. There are also plans for early-adopters activity along the same lines as the Early Adopters project that helped launch Internet2 Middleware. Later deliverables will include tools and APIs for the deployment of Stanford-like authority systems on other campuses; a road map for this phase is in preparation. Defining roles will be out of scope (a starting assumption will be that your campus is already organized so that roles make sense), as will group management, at least at first. David suggested that the term "privilege management" has generated more buzz than "authority", and Bob agreed that this terminology might be preferable.

JISC has released a call for proposals "in core middleware, with a specific focus on inter-institutional authorisation and related topics." Proposals are due March 3; see http://www.jisc.ac.uk/index.cfm?name=c01_04.

Tom and David reviewed a small meeting on the role of the IT architect held right before the last CSG; the majority of the six people present were MACE members. The idea here is to provide information to organizations that are considering adding an IT architect. A half-day followup meeting is planned ahead of the Spring Internet2 Member Meeting, and the reporting-out process is scheduled to begin in May or June.

Upcoming events:
- The Mellon Foundation is organizing a February meeting of PIs from the wide range of IT projects they've funded, aiming for increased awareness of the interdependencies among these projects.
- A federations user group is meeting in late February in conjunction with RSA Conference 2004; David is planning to attend.
- Planning for the Spring Internet2 Member Meeting is well underway. [AI] Ken will find out if there's room for all of the many middleware sessions that have been requested for the I2MM.
- Papers and proposals for the April 12-14 PKI R&D Workshop (PKI04; http://middleware.internet2.edu/pki04/) are due January 30. [AI] All will send Neal their suggestions for a keynote speaker for PKI04.

The group reviewed recent developments in the federations space. InCommon now has a web page: http://incommon.internet2.edu. Ken is recruiting a group to act as a certifying authority for InCommon, establishing that minimal standards of trustworthiness are met; this will be the world's first federation CA. Michael noted that InCommon has many similarities to a bridge CA, and presents similar problems. The InCommon executive committee has asked Ken for more information on other trust fabrics. [AI] All who have leads on nascent trust mechanisms in higher education will send them to Ken. The group noted several related efforts and discussions:
- Diego noted that the TERENA Academic CA Repository (TACAR) is "looking for a way to make PKI happen without being complicated by politics and money." See http://www.terena.nl/tech/task-forces/tf-aace/tacar/.
- Various groups have been discussing uses for federations other than protecting web content, e.g. federated instant messaging. SALSA (http://security.internet2.edu/salsa.html) has been brainstorming on federated network security, revisiting the TERENA mobility work. (TERENA is making plans to continue its mobility work under GN2; see http://www.terena.nl/tech/task-forces/tf-ngn/presentations/tf-ngn13/20040122_JR_GN2_JRA5.pdf.) Diego has heard some discussion of federations for video distribution. Ken observed that "multicast is a technology in search of a killer app," and that many think that VoD along the lines of ResearchChannel (http://www.researchchannel.org), together with audio-on-demand, could be that killer app; security is needed for this to happen, and federations are a promising approach. In particular, Ken noted that content from SCOLA (http://www.scola.org) is attractive to many universities. Ton noted that GN2 is considering a collaboration with the Internet2 Measurement WG to use federated security to protect measurement data. Finally, Bob noted that he's seen proposals for spam control that use "things that look a lot like federated network security."

Grid developments:
- Ken noted that there's a group in the Federal Government trying to set up a multicampus grid that "is not ad hoc in how it's established"; expect more detailed discussion of this on upcoming MACE and HEPKI-TAG calls.
- Larry Ellison is setting up a new grid standards organization; its focus will be on enterprise rather than interdomain grids.

MACE working groups news:
- Bob noted that Jill Gemmill has drafted a charter for the MACE-Mail working group. [AI] Ken and Michael will talk to Jill Gemmill about plans for the MACE-Mail and MACE-WebDAV working groups. Ton noted that the upcoming TERENA meeting will include a Sympa presentation on federations.
- MACE-Dir has been focused on the Grouper architecture; Tom is working on a roadmap to the initial release, incorporating recent agreement that implementation of some features will need to be delayed until after that release.
- [AI] Bob will put discussing the launch of a new MACE-Dir subgroup for internationalPerson on the agenda for the next MACE call.

Bob noted that there's been a lot of standards activity lately in the Shibboleth/Liberty/SAML/WSS space. In particular, there's lots of work being done on SAML 2.0, which looks like it will be "quite a serious reinvention," incorporating lessons learned from SAML 1.0 as well as stuff from Liberty. Bob expects that these changes will help SAML cover more of the WebISO space. Also, WSS 1.0 has just been approved by its OASIS committee; the next step is approval by OASIS as a whole.

Finally, there was a short discussion of the prospects for secure e-voting. The US Government's Secure Electronic Registration and Voting Experiment (SERVE; http://www.serveusa.gov) has been emphatically panned by four of the ten experts recruited to review it; see http://www.servesecurityreport.org. A recent discussion on the MACE list revealed a consensus on the reviewers' central objection: that due to the specific necessities of secure e-voting ("the high stakes, the inability to recover from failures, and [the need for assurance with anonymity]"), not only the specific technologies developed for SERVE, but any technologies for secure Internet voting, will be inadequate unless fundamental changes are made to the architectures of the Internet and personal computers. On the other hand, universities are increasingly making use of e-voting for their own elections; David noted that the UC-wide academic senate is interested in looking into this, and suggested writing up a description of the middleware infrastructure it would require. Michael pointed out the danger of a slippery slope here, as such work could convey the message that e-voting more generally is a good thing.

*Action Items*

[AI] Ken will find out if there's room for all of the many middleware sessions that have been requested for the I2MM.
[AI] All will send Neal their suggestions for a keynote speaker for PKI04.
[AI] All who have leads on nascent trust mechanisms in higher education will send them to Ken.
[AI] Ken and Michael will talk to Jill Gemmill about plans for the MACE-Mail and MACE-WebDAV working groups.
[AI] Bob will put discussing the launch of a new MACE-Dir subgroup for internationalPerson on the agenda for the next MACE call.