*MACE conference call*
July 31, 2000
Bob Morgan (chair)
Ben Chinowsky (scribe)
The meeting opened with a discussion of the procedure for reviewing minutes. It was agreed that as the accuracy of the minutes so far has been very good, there is no need to review them in MACE meetings. Ben will post minutes to the MACE site as they are ready, and any inaccuracies will be resolved via the MACE list.
Next was a discussion of expanding the membership of MACE. It was agreed that it would be good to add one or two new people, and several individuals were mentioned. As the result of confusion created by reference to members of MACE as MACEdonians, it was suggested that members of MACE be referred to instead as MACEochists, and there was general assent. [AI] Ken will circulate the names of candidate MACE members; the MACEochists will rank them by preference and Ken will compile the results.
The discussion then moved on to Shibboleth. Steve is compiling the survey responses. There is a phone call with IBM next week to discuss their participation, and Ken has received mail expressing interest in aligning the DFL approach with the Shibboleth approach. At Catalyst Bob talked to Andy Boots, who articulated a Shibboleth-like approach. Concern was expressed that IBM's promised analysis might just involve IBM identifying the right IBM products for Shibboleth to use. There was agreement that, given the high level of interest in Shibboleth, the need to deliver something is becoming more urgent. Bob suggested that MACE should get IBM to provide descriptions of the tradeoffs involved among various Web authentication solutions.
HEPKI-TAG and HEPKI-PAG are continuing their discussions; the last meeting of each was quite large. The last TAG meeting included Jeff Schiller and discussed dc= naming. TAG will be creating working groups to work on mobility and open-source issues. PAG is collecting certificate policies and RFPs issued by universities for PKI services; Jeff Vaught will be coordinating the cert-policies effort. PAG is also discussing how to handle CREN's requirement that subscribers check revocation lists. It was noted that experimentation needs to be done with using Application Configuration Access Protocol (ACAP) to transport certificates and policy data. The PKI Labs proposals are now out for review; August 25 is the target for a decision. The Snowmass PKI meeting is coming up; HEPKI's focus at Snowmass will be on updating others on its work.
Ken noted that the "penultimate" eduPerson call is planned for this week. The cover letter and FAQ are done. There was a short discussion of the issue of people installing the eduPerson schema but not the objectclass -- are there tools to discover installed objectclasses? Michael suggested that such a tool should be provided in the directory of directories. Ken has been in communication with a standards person at PSEC (Postsecondary Education Council); their XML working group's inaugural meeting is coming up and Mike is attending. They have little technical depth, but they are very interested in eduPerson.
Other directories work underway includes the LDAP recipe and the directory-of-directories project. Michael is hoping to get a revised LDAP recipe out tomorrow. With respect to dir-of-dir, Bob is meeting with Roland in half an hour, and Ken is finishing his 1-1/2-pager on the subject. Ken is still waiting to hear back from the NSF about possible support for dir-of-dir.
Ben is turning the Early Harvest best practices document (http://middleware.internet2.edu/best-practices.html) into an Internet-Draft; the plan is to get this to the IETF by the end of the summer. Ken noted that the EDUCAUSE/SANS campus-security best practices (http://www.sans.org/topten.htm) may become an FYI-RFC also.
Ken knows of four or five universities taking "an academic approach to dealing with the medical center," and asked if a MACE-Med should be created. One participant expressed the opinion that there was a lot of "the blind leading the blind" at the recent SURA medical middleware workshop; it's not clear what the medical middleware effort is trying to achieve. It was noted that Czaba doesn't have many people behind him. Bob said that it's time for things to start happening in this area, and that Ken's work to identify the key people is the right first step. [AI] Ken will write a charter for MACE-Med and produce a list of candidate members. [AI] Bob will contact the head of IT at the University of Washington Medical Center.
There was a discussion of MACE's upcoming inaugural H.323 call. The previously-planned date of August 21 doesn't work due to the Toronto Joint Techs meeting. The $599 Polycoms are now shipping; for low-end video, Microsoft NetMeeting can also be used. Ken suggested that MACE use Open H.323; the code appears to be well-maintained, and they have produced access control code also. MACE agreed to reschedule the inaugural H.323 call for 4:30 PM EDT, September 18. It was noted that H.323 doesn't work well through firewalls. [AI] Renee will resend Bob Dixon's H.323 equipment recommendations.
Ken noted that Internet2 now has a program committee for its October 30 - November 1 member meeting in Atlanta. [AI] Ken will send MACE a list of possible Atlanta middleware sessions, for comment before the list goes to the program committee. Ken suspects that MACE will be encouraged to bring IT architects to the meeting. [AI] Ken will talk to Laurie about Steve's suggestion that MACE get Internet2 to start maintaining a list of IT architects.
Bob reported back from the recent Grid Forum meeting, descrbing it as "fascinating". The Grid Forum participants really want input on directories, identifiers and authorization, and many of their discussions are similar to MACE's. They were happy to have an Internet2-branded person there, due to their university context. The idea of many smaller Grids, rather than just one great big one, is in the air. Bob noted that the Grid Forum's Grid Information Services page provides a good example of how to publish the work of a working group. Bob also noted that at the Catalyst meeting he had learned that Directory Server 5.0 will not support Kerberos.
Finally the group discussed the August 14-16 NASA/Ames Next Generation Networks meeting. Ken is presenting on middleware needs for NGN; the issues seem similar to those for current generation networks. Keith noted that next-generation networks may have more need for authorization services, in order to support QoS. Ken noted that Deutsche Telekom is willing to lend Internet2 an engineer to work on authentication and authorization for QoS. [AI] Ken will make sure to cover DMTF issues in his presentation at the NASA/Ames meeting.
[AI] Ken will circulate the names of candidate MACE members; the MACEochists will rank them by preference and Ken will compile the results.
[AI] Ken will write a charter for MACE-Med and produce a list of candidate members.
[AI] Bob will contact the head of IT at the University of Washington Medical Center.
[AI] Renee will resend Bob Dixon's H.323 equipment recommendations.
[AI] Ken will send MACE a list of possible Atlanta middleware sessions, for comment before the list goes to the program committee.
[AI] Ken will talk to Laurie about Steve's suggestion that MACE get Internet2 to start maintaining a list of IT architects.
[AI] Ken will make sure to cover DMTF issues in his presentation at the NASA/Ames meeting.