MACE Conference Call, August 9, 2004

*MACE Conference Call*
August 9, 2004

*Attendees*

Ken Klingenstein (acting chair) - Colorado/Internet2
Neal McBurnett - Internet2
Scott Cantor - OSU
Chas DiFatta - CMU
Mark Poepping - CMU
David Wasley - UCOP
Brian Gilmore - Edinburgh
Paul Hill - MIT
Jim Jokl - Virginia
Ben Chinowsky (scribe) - Internet2

*Discussion*

Recent meetings:
- Ken and RL Bob were at Microsoft to discuss Shibboleth/WS-Federation interoperability. The meeting went well; a workplan is being developed, with an announcement planned for sometime this fall. The timeline for the work itself is still tentative, as WS-Federation won't be released until next year.
- Scott was at the SIP and SIPPING meetings at the San Diego IETF. He described the situation as "really ugly in terms of security," with lots of drafts proposing lots of extensions that have security implications. Paul observed that there is growing understanding of these security implications, but there's a lot to sort out; he'll be working on this over the next few months.

Upcoming meetings:
- Scott will be giving a version of his Burton talk to a group from the Department of Homeland Security next week.
- A Sympa/MACE-MList workshop has been scheduled for 1-5pm on Sunday, September 26, ahead of the Internet2 Fall Member Meeting. The group discussed how to publicize this workshop; Mark noted that the timing could make it challenging to get people there. [AI] All will send Mark suggestions for people to recruit for the Sympa workshop, and places to publicize it. [AI] Mark will look for USENIX SIGs in which it would be appropriate to publicize the Sympa workshop.
- The MACE/SALSA dinner at the Fall MM has been scheduled for Wednesday evening. Ken noted that the Identity Commons people have been following SAML and Shibboleth for a while and are very interested in federated and P2P social networks. [AI] Ken will see if he can get an Identity Commons speaker for the MACE/SALSA dinner.
- Planning is moving forward for the trust meeting in Slaughter, UK; and for CAMPs in Australia in Europe.

Shibboleth has just issued its first security advisory; see http://shibboleth.internet2.edu/secadv/secadv_20040804.txt. The problem was due to a bug in one of the libraries Shibboleth depends on; Scott observed that it's very likely there will be further such problems in the future. So far he's adopted an OpenSSL-like approach to notification. There is a wider set of issues here around how to better articulate the levels of support available (or not) for various versions of the software and various types of federation participation (InCommon, InQueue, etc.). [AI] All will send Scott their thoughts on Shibboleth support.

Chas gave an update on the progress of the Middleware End-To-End Diagnostics Advisory Group (MW-E2ED; http://middleware.internet2.edu/e2ed/). The group has been working on an architecture for capturing a wide variety of application, host, network, and security data, and correlating it in a common event record. A pilot deployment is getting underway, and the group is looking for participants, especially participants who are already involved with Shibboleth. Scott stressed the importance of finding good ways to present diagnostic information to users; MW-E2ED has been working with PSU on this. [AI] Scott will send the MW-E2ED mailing list scenarios concerning new types of federation problems that end-to-end diagnostics tools will need to be able to catch.

*Action Items*

[AI] All will send Mark suggestions for people to recruit for the Sympa workshop, and places to publicize it.
[AI] Mark will look for USENIX SIGs in which it would be appropriate to publicize the Sympa workshop.
[AI] Ken will see if he can get an Identity Commons speaker for the MACE/SALSA dinner.
[AI] All will send Scott their thoughts on Shibboleth support.
[AI] Scott will send the MW-E2ED mailing list scenarios concerning new types of federation problems that end-to-end diagnostics tools will need to be able to catch.