MACE Conference Call, September 8, 2003

*MACE Conference Call*
September 8, 2003

*Attendees*

Ken Klingenstein (acting chair) - Colorado/Internet2
Neal McBurnett - Internet2
Chas DiFatta - CMU
Brian Gilmore - Edinburgh
Steve Worona - EDUCAUSE
Renee Frost - Michigan/Internet2
Steven Carmody - Brown
Mark Poepping - CMU
Jim Jokl - Virginia
Ben Chinowsky (scribe) - Internet2

*Discussion*

Ken opened the call by noting that there will be a combined release for NMI-R4; since most components will come from NMI-EDIT rather than GRIDS, EDIT gets to decide on the timing. NMI-R4 will include three WebISO packages: Pubcookie (http://www.pubcookie.org/), cosign (http://www.umich.edu/~umweb/software/cosign/), and A-Select (http://a-select.surfnet.nl/). NSF has asked for a short document to distinguish the three; it was agreed that this should take the form of a Q&A, with the questions being ones that deployers should ask in choosing which WebISO package to deploy. [AI] Ken will work with Nathan Dors to come up with the list of questions, which will then be submitted to the Pubcookie, cosign, and A-Select teams. [AI] Brian will see if he can get funding for someone outside the MACE orbit to write a critique of the three WebISO packages, with a view to using this document to guide deployments in the UK.

Ken noted that a new conference call series (two calls so far) is looking at how to fit OKI and IMS together with Internet2 middleware. Steve Griffin of IMS is the convener; participants include an Australian, two JISCers, and some EDUCAUSEers. The group is not technical; its foci are on 1) articulating how the world should be (rather than on the details of how to make it that way), and 2) figuring out what an OKI/IMS/MACE interoperability demo would look like.

The group continued the last call's discussion of plans for an AuthZ Recipe. Ken noted that the difficult problem of getting descriptions of how the organization works and definitions of the roles of individuals within it will be out of scope for the initial version of the AuthZ Recipe. Rather than structure the document as a single model for AuthZ, illustrated by case studies (as discussed on the last call), the group agreed to make case studies the principal element. In addition to documenting the few existing deployments, the AuthZ Recipe project will adopt the Early Harvest model, identifying a few schools with widely divergent needs and constraints, and documenting their work as they deploy AuthZ solutions. Once the AuthZ Recipe is released, a second stage of AuthZ work will focus on putting together a kit including descriptions of items in the underlying registries, the Grouper software (formerly known as SAGE), a user interface, and advice on getting the needed attributes into your applications.

Ken directed the group's attention to Diego's comments in his September 7 note to the MACE list. [AI] All will provide feedback on Diego's September 7 note to the MACE list.

Chas led a discussion of plans for middleware diagnostics. Chas reviewed the initial middleware-diagnostics document (attached to Ken's September 7 email with the agenda for today's call), summing it up as a plan to reach first for the low-hanging fruit. It was agreed that, of the various groups from which the document suggests gathering requirements, the focus needs to be on developers at first, to be followed later on by network admins, application admins and users, and helpdesk people. The requirements-gathering will be used to produce an initial architecture and some simple tools. It was further agreed that the initial focus of the effort will be on tools to extract useful troubleshooting information from local campus log files, leaving inter-domain troubleshooting for a later stage. Ken suggested trying to find out if the cert generation process is a major source of problems; [AI] Chas will draft a list of middleware-diagnostics questions for developers, to be reviewed on the next MACE call. [AI] All will work their contacts (Grid, Sun, Oracle, HP, etc.) to gain insights into which log files we want to get access to and what the problems are with doing so.

Upcoming meetings:
- GGF9 takes place October 5-8 in Chicago; see http://www.globalgridforum.org/Meetings/ggf9/reg.htm. An AuthZ working group has been formed; so far it appears to incline toward SAML and XACML. A federations BoF is also planned, but federations thinking in GGF seems to involve federating targets rather than users -- what Ken called "a bucket-of-root-certs approach". [AI] At GGF9, Ken will see if he can get GGF to adopt a different label for its "federations" work, emphasizing that this would be helpful to Internet2's effort to establish an infrastructure for federations.
- Ken noted that the schedule for the October 13-16 Internet2 Member Meeting (http://events.internet2.edu/2003/fall-mm/) is "packed". Mitch Kapor arrives on Wednesday to talk about Chandler and its higher-education version, called Westwood (see http://osafoundation.org/Chandler_in_higher_ed_TOC_3002_05_13.htm). The MACE dinner is Tuesday night, with trust models as the topic of discussion.
- Bob Morgan will be the US attendee at November 20-21 TF-AACE meeting in Malaga (http://www.terena.nl/tech/task-forces/tf-aace/).

*Action Items*

[AI] Ken will work with Nathan Dors to come up with the list of questions, which will then be submitted to the Pubcookie, cosign, and A-Select teams.
[AI] Brian will see if he can get funding for someone outside the MACE orbit to write a critique of the three WebISO packages, with a view to using this document to guide deployments in the UK.
[AI] All will provide feedback on Diego's September 7 note to the MACE list.
[AI] Chas will draft a list of middleware-diagnostics questions for developers, to be reviewed on the next MACE call.
[AI] All will work their contacts (Grid, Sun, Oracle, HP, etc.) to gain insights into which log files we want to get access to and what the problems are with doing so.
[AI] At GGF9, Ken will see if he can get GGF to adopt a different label for its "federations" work, emphasizing that this would be helpful to Internet2's effort to establish an infrastructure for federations.