MACE Conference Call, January 27, 2003

*MACE Conference Call*
January 27, 2003

*Attendees*

Bob Morgan (chair) - Washington
Steve Olshansky - Internet2
Renee Frost - Michigan/Internet2
Keith Hazelton - Wisconsin
Neal McBurnett - Internet2
Ton Verschuren - SURFnet
Jim Jokl - Virginia
Michael Gettes - Georgetown
Brian Gilmore - Edinburgh
Steven Carmody - Brown
Scott Cantor - OSU
David Wasley - UCOP
Ben Chinowsky (scribe) - Internet2

*Discussion*

This call was devoted to brainstorming areas of work for NMI. Ken noted that there is strong interest in NSF in having NMI address NSF's own needs for operational middleware services. [AI] Renee will organize a call this Friday for MACE to further discuss what should go into upcoming NMI proposals. [AI] Ken will discuss EDUCAUSE's NMI participation with Mark this week in New Orleans.

Suggested areas of work included:

ISO work happening at Stanford. [AI] Ken will send a note to Sandy asking how MACE should follow up with the ISO work happening at Stanford. [AI] Keith and Bob will organize a call with Roland about the ISO work happening at Stanford.

Credential conversion. Bob noted that KX.509 is the model here; [AI] Ken will contact Bill Doster to find out what he wants included in upcoming NMI proposals.

OpenSSL. [AI] Michael will talk to NIST about OpenSSL FIPS compliance, and in particular about how to create a version of OpenSSL that can cross-certify with the Feds. Bob suggested that giving OpenSSL the ability to create paths might be a higher priority; there is some interest in working on this at Dartmouth and Wisconsin.

Directories. Ken suggested that any remaining work in this area go under the 2003-2004 proposal (a resubmission of the 2002-2003 proposal) rather than the entirely new proposal which is to begin in September 2004. Ken noted that AAMC is interested in offering their identifiers for use, and NSF is interested in directories work related to leveraging multiple identities. Emerging issues around HIPAA appear to have more to do with business process rules than with levels of security, leading to a focus on RBAC and enterprise-level PKI rather than strong identity and global PKI.

Community CAs. Ken noted that the National Student Clearinghouse Exchange is about to put in a bid for the CREN CA. Ken suggested that Internet2 could make good use of the CREN CA in making InCommon the basis of a much larger trust infrastructure; he noted that there's strong interest at NSF in bringing multiple areas under a single trust model, and that InCommon could cover much of what's needed here.

Shibboleth and OGSA. [AI] Keith will bring David into his discussions with John McGee about Shibboleth/OGSA interoperation.

Authentication and authorization for access to the network itself, as with wireless. Bob noted that there's a lot of work related to this happening both in IETF and on the campuses. Ton suggested accepting separate architectures for network and application sign-on in the short term, but working to converge them over time. Network access control is emerging as particularly important for campus bandwidth management.

*Action Items*

[AI] Renee will organize a call this Friday for MACE to further discuss what should go into upcoming NMI proposals.
[AI] Ken will discuss EDUCAUSE's NMI participation with Mark this week in New Orleans.
[AI] Ken will send a note to Sandy asking how MACE should follow up with the ISO work happening at Stanford.
[AI] Keith and Bob will organize a call with Roland about the ISO work happening at Stanford.
[AI] Ken will contact Bill Doster to find out what he wants included in upcoming NMI proposals.
[AI] Michael will talk to NIST about OpenSSL FIPS compliance, and in particular about how to create a version of OpenSSL that can cross-certify with the Feds.
[AI] Keith will bring David into his discussions with John McGee about Shibboleth/OGSA interoperation.