MACE Conference Call, October 6, 2003

*MACE Conference Call*
October 6, 2003

*Attendees*

Bob Morgan (chair) - Washington
Diego Lopez - RedIRIS
Scott Cantor - OSU
Brian Gilmore - Edinburgh
Ton Verschuren - SURFnet
Renee Frost - Michigan/Internet2
Michael Gettes - Duke
Jim Jokl - Virginia
Keith Hazelton - Wisconsin
Neal McBurnett - Internet2
David Wasley - UCOP
Ken Klingenstein - Colorado/Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*

Ton opened the call by announcing that he was calling in from the Netherlands for free using SIP and Windows Messenger. Ton reported that the voice quality he was hearing is better than he gets with commercial service; he sounded good to the rest of the group as well. [For more on SIP, see http://www.iptel.org/sip/ and http://voip.internet2.edu/SIP.edu/.]

Keith has just returned from two weeks of promoting middleware in China and Japan. While middleware is not well developed in either country, there is considerable interest in both. In particular, CERNET (China Education and Research Network; http://www.edu.cn/HomePage/english/index.shtml) has been losing business to commercial networks in its former main business of selling bandwidth, and is interested in selling middleware services to compensate. CERNET has also launched a joint venture with Blackboard; see http://www.blackboard.com/about/press/prview.htm?id=254 [AI] Keith will post notes from his Asia trip, and notify MACE.

Bob reported back from a meeting of IEEE LTSC-DREL (http://ltsc.ieee.org/wg4/) on digital rights expression languages for e-learning. The meeting was primarily concerned with content protection, which hasn't come up much in the Shibboleth context. Bob noted that IEEE IPR policy allows incorporating IPR-encumbered stuff; Scott noted that IEEE has RAND patent policy. The IEEE group would like to get DRM built into MPEG -- they talk about MPEG DRM rather than XRML. [AI] Bob will send out some URLs on issues with MPEG DRM and XRML. Although Internet2 isn't doing much with DRM at the moment, that could change, and Bob sees this IEEE activity as something worth tracking. In particular, Robby Robson, who has a consultancy called Eduworks (http://www.eduworks.com/) and who ran a Mellon-sponsored survey evaluation of OKI, seems like someone MACE could work with on DRM.

Ken is at GGF9. The GGF large-site AAA group is documenting its requirements for accepting assertions, including proposing operational requirements for issuing authorities. The document also proposes that assertions be considered current for no longer than one megasecond, which is about 11.57 days. [AI] Ken will send the GGF AAA document to MACE. Ken will be presenting MACE's take on federations at a BoF tomorrow.

Diego noted that a preliminary program has been posted for the Malaga TF-AACE meeting; see http://www.terena.nl/tech/task-forces/tf-aace/AAworkshop/. Many European academic networks will be represented, and many vendors are being invited.

Neal reported on recent developments with USHER, HEBCA, and InCommon. Grants have been secured for the hardware and software for USHER and HEBCA; it may be possible to run InCommon on this hardware as well. Key management hardware has not been selected yet, though there is a lot of interest in an nCipher box which costs around $5000 per CA. Neal is still taking suggestions for a permanent name for USHER. Jim noted that many schools are resistant to being saddled with strict certificate-practice requirements, even when the requirements are for common-sense procedures that they'll probably do anyway. [AI] All will review plans for the USHER/HEBCA/InCommon storefronts and backends, with a view to finding ways to minimize cost and improve the fit of the various pieces, but without slowing down deployment. Watch http://www.educause.edu/hepki/tag.asp for the latest on these discussions.

Bob noted that there has been some test deployment of Sympa at Internet2; Sympa is also a candidate to be middleware-enabled by the new MACE-mailinglists group. Bob observed that middleware-enabling a listserv is a fairly involved project; in particular there have been some interesting discussions of what authentication means in the context of a listserv, which Bob would like MACE-mailinglists to take up. This led to a discussion of how to proceed in the area of middleware-enabling applications more generally. Ken noted that there are people who'd like there to be some kind of formal NMI or MACE certification of applications; Bob noted that "there are some deep swamps" in this area. Michael expressed concern that starting a new working group for each type of application to be middleware-enabled -- continuing the pattern established with MACE-mailinglists and MACE-WebDAV -- would soon become unwieldy. There is also the issue of where within Internet2 this work belongs -- under MACE? in the Applications area, with a middleware liaison? in a new area of its own? [AI] Ken will send MACE a budget presentation that includes some of his thoughts on how to organize the middleware-enabling-applications work. Ken also noted that the current push for authenticated access is likely to lead to middleware becoming more involved with network-layer issues.

*Action Items*

[AI] Keith will post notes from his Asia trip, and notify MACE.
[AI] Bob will send out some URLs on issues with MPEG DRM and XRML.
[AI] Ken will send the GGF AAA document to MACE.
[AI] All will review plans for the USHER/HEBCA/InCommon storefronts and backends, with a view to finding ways to minimize cost and improve the fit of the various pieces, but without slowing down deployment.
[AI] Ken will send MACE a budget presentation that includes some of his thoughts on how to organize the middleware-enabling-applications work.