MACE Conference Call, March 8, 2004

*MACE Conference Call*
March 8, 2004

*Attendees*

Bob Morgan (chair) - Washington
Ton Verschuren - SURFnet
Neal McBurnett - Internet2
Diego Lopez - RedIRIS
Brian Gilmore - Edinburgh
Paul Hill - MIT
Steve Worona - EDUCAUSE
Steven Carmody - Brown
Mark Poepping - CMU
Renee Frost - Internet2
Scott Cantor - OSU
Tom Barton - Chicago
Michael Gettes - Duke
Keith Hazelton - Wisconsin
Ben Chinowsky (scribe) - Internet2

*Discussion*

Bob reported on developments at the Seoul IETF last week:
- IETF is still spending a lot of time and energy on organizational and process questions.
- In the calendaring space, there are big questions about whether CAP will make it to proposed standard, and how much interest it will garner even if it does.
- Roland Hedburg presented SPOCP (http://www.umu.se/it/projupp/spocp/). Bob suggests that someone in MACE take a closer look at SPOCP to see if it meets their authZ needs.
- Bob attended a BoF on MTA Authorization Records in DNS (the agenda is at http://ietf.org/ietf/04mar/marid.txt). A working group is on the way; the planned approach is to include records in the DNS that specify official MTAs for each domain -- the MTAs from which you should expect mail to come bearing that domain as the From: address. This approach resembles that of SPF (Sender Policy Framework; see http://spf.pobox.com/intro.html), which has gotten some attention on Slashdot and elsewhere lately. AOL has announced that they plan to start deploying SPF.

Bob reported back from a federations user group meeting held in association with RSA. David Wasley also attended, and several of the GM people from FOO were there. Bob presented on the use cases that motivated Shibboleth. A representative from Merck talked about how they are looking for a way to do ID management across their hundreds of domains. A followup meeting is in the works for sometime in the next couple of months.

Keith noted that the NAC (http://www.netapps.org) would like to have someone do a one-hour presentation on Internet2 activities at the April 18-20 NAC conference in Frederick, Maryland. [AI] Keith will work with Stefan Weigh and Bob to get an Internet2 speaker to the NAC meeting. Keith noted that the University of Wisconsin is currently the only university member of NAC, which is primarily composed of large corporations and has close ties to Burton. Keith suggested it might be worth exploring the possibility of NAC joining Internet2.

Renee gave an update on planning for the Spring Internet2 Member Meeting (http://events.internet2.edu/2004/spring-mm/). The middleware schedule is heavy, particularly on Monday. The MACE/SALSA dinner is Tuesday night; Michael noted that Mitchell Baker and Brendan Icke from Mozilla will be there to give an overview of their work and discuss possibilities for working together. Renee also called the group's attention to the real-time communications sessions taking up two slots on Wednesday, the first for presentation, the second for discussion.

Steven updated the group on work on the OKI OSIDs (Open Service Interface Definitions; see http://sourceforge.net/projects/okiproject) coming out of the Retreat on Mellon Open Source Projects. There is broad and strong interest in seeing these security interfaces succeed, and Steven noted that "we're now in a period of intense discussion" trying to reach consensus in the next couple of weeks. There is an authZ meeting with Paul Hill and Scott Horn at MIT tomorrow; this will likely lead to a somewhat expanded working group, for which recruits from MACE will be needed. [AI] Steven will send out notes from the March 9 authZ meeting at MIT. Bob noted that the calendar work happening at Washington is waiting on these standards; [AI] Mark will send Bob mail relating to the calendar work at Washington.

Ton gave a short Europe update. Contract negotiations for GN2 are now underway; it looks like the start date will be sometime this fall. GN2 includes an ambitious work package (JRA5) which addresses both network access (including universal single sign on) and extending web-based authN/Z. Ton also noted that the RADIUS-hierarchy-based system SURFnet has deployed to support roaming has a new name: EduRoam.

Keith reported that the legal issues around the launch of the privilege management project appear to have been resolved, and a task list has been drawn up. The first item on that list is getting a tech writer together with the Stanfordians to produce an initial document. Tom and Blair expect to have a draft API spec ready tomorrow.

Per his action item from the last call, Steven looked into whether CERN can join the Swiss federation, and the answer is yes. He's not sure whether or not CERN actually plans to join.

*Action Items*

[AI] Keith will work with Stefan Weigh and Bob to get an Internet2 speaker to the NAC meeting.
[AI] Steven will send out notes from the March 9 authZ meeting at MIT.
[AI] Mark will send Bob mail relating to the calendar work at Washington.