MACE Call 7-Jan-2007

MACE Call 7-Jan-2007

*Attending*
RL "Bob" Morgan – U. Washington (chair)
Leif Johansson - Stockholm University / SUNET
Diego Lopez - RedIRIS
Michael Gettes - MIT
Jim Jokl – U. Virginia
Mark Poepping - Carnegie Mellon University
Ken Klingenstein - Internet2
Scott Cantor - Ohio State University
Keith Hazelton – U. Wisconsin - Madison
Nate Klingenstein - Internet2
Neal McBurnett, Internet2
Scotty Logan - Stanford University
David Wasley – independent
Rodney McDuff - U. Queensland
Tom Barton, U. Chicago
Ann West, Internet2
Renee Frost, Internet2
Steve Olshansky, Internet2 (scribe)

*Action Items*
[AI] {Diego and Ken} will follow up about adding topics to the upcoming TF-EMC2 and DANTE meeting agendas.
[AI] {Bob and Ann} will follow up about doing an IdM tutorial at the April JA-SIG meeting
[AI] {All} forward comments on proposed new MACE members to RL "Bob" ASAP.

*Discussion*
- Upcoming Meetings -
- CSG meeting will include a workshop on technologies to intercept and disrupt sharing of copyrighted material. This will include university legal counsel and representatives of companies involved.
http://www.stonesoup.org/

- APAN
Jan. 22-25, 2007, Honolulu
will include representatives from China discussing CARSI (Cernet Authentication and Resource Sharing Infrastructure), their Shibboleth infrastructure - http://carsi.edu.cn
There will also be discussion about the future of middleware/AAA within APAN.
http://www.apan.net/meetings/hawaii2008/proposals/middleware.html

- CAMP: Bridging Security and Identity Management
Feb. 13-15, 2008, Tempe
Registration and planning are going well.
http://www.educause.edu/camp081

- TF-EMC2 & TF-Mobility
Feb. 4-6, 2007, Marseilles
    http://www.terena.org/activities/tf-emc2/meetings/10/
    http://www.terena.org/activities/tf-mobility/meetings/16/

How middleware can support the network, e.g. provisioning and monitoring of dynamic circuits are topics we would like to add to the TF-EMC2 agenda if possible. There is also a DANTE meeting coming up at the end of January at which we would like to include some related topics, e.g. COmanage.
[AI] {Ken and Diego}will follow up about this.

- Mellon gathering of projects
February 2007
Someone from MACE will be attending.

- Shib CAMP (InstallFest)
May 13-15, 2007, Ann Arbor
will be focusing on Shibboleth v2.0. Planning is under way and going well.

- JA-SIG Spring Conference
April 27-30, 2008, St. Paul, MN
http://www.ja-sig.org/conferences/08spring/
JA-SIG is doing outreach around several open-source projects. They are still entertaining proposals, for anyone interested. We are looking into doing an IdM tutorial, and perhaps presenting about COmanage, and/or federation, and/or application integration.
[AI] {Bob and Ann} will follow up about this.

- AdvancedCamp + ITANA
June 18-20, 2008, Location TBD
ACamp topic will be Enterprise Service Bus (ESB), program committee being assembled.
[AI] {All}Anyone interested in serving on the program committee contact Bob and Ann.

- LIGO hackathon plans   http://ligo.org/
They are planning a week-long event at CalTech soon, the goal of which is to create a prototype of a service akin to COmanage that will work in their environment. There will be attendees from PSU and Stanford helping them from within our community.

- IAM and dynamic circuits and control plane
There is a growing recognition of the need for authentication and authorization for dynamic circuit services, both within Internet2 and other NRENs. Initial efforts within Internet2 focus on Internet2 issuing certs to – who? End users? Hosts? Regional networks? Other? There are related issues surrounding just how far within a campus network a dynamic circuit would be provisioned – to the edge (campus or regional network) or to the end user? If it is to the edge then presumably AuthN/Z needs would be minimal on the DC provisioning side.

COmanage is potentially an attractive option in this environment, utilizing inter-realm information in a directory.

In Europe, the trend is to provision to the edge of national NRENs, and leave it to each NREN to handle the downstream connections. Thus the NRENs are more focused on AuthN/Z than DANTE is.

- MACE membership, MACE and ECAM
RL "Bob" sent out mail regarding 2 potential new members. Feedback is welcomed, please direct to him. We will leave this open for another week, and conclude on the next call.

ECAM is looking into more MACE liaisons, but perhaps informally. In general cross-participation is a positive thing, and both groups are looking at ways to do more of this.

- Commercial hotspot providers and Eduroam/federation?
There have been some conversations around this, and interest in exploring this to support traveling users in particular. Eduroam has apparently had some conversation about something similar in Europe. The commercial hotspot providers will clearly insist on not giving away access for free, but perhaps there would be mutual benefit in negotiating a bulk deal…

It was noted that apparently no commercial hotspot providers support 802.1x, thus the benefit of having a more secure connection is not clear beyond the enterprise environment.