MACE Conference Call, February 9, 2004

*MACE Conference Call*
February 9, 2004

*Attendees*

Keith Hazelton (acting chair) - Wisconsin
Steve Worona - EDUCAUSE
Renee Frost - Michigan/Internet2
Diego Lopez - RedIRIS
Neal McBurnett - Internet2
Tom Barton - Chicago
Brian Gilmore - Edinburgh
Paul Hill - MIT
Jim Jokl - Virginia
Ton Verschuren - SURFnet
David Wasley - UCOP
Scott Cantor - OSU
Mark Poepping - CMU
Ben Chinowsky (scribe) - Internet2

*Discussion*

Keith and Renee opened the meeting with a review of the last CAMP. Both the identity-management tutorial and the main meeting were overbooked, with about 75 and 130 attendees respectively. Keith noted that most tutorial attendees were not really new to identity management; most had a basic identity-management and directory system already in place.

Upcoming events:
- The next CAMP is scheduled for June 27 through July 2, in Broomfield, Colorado (near Denver). This meeting will combine Base and Advanced CAMPs, probably with separate registration. Topics have not been decided yet, but Shibboleth and AuthN Architecture are the leading contenders. Feedback from the last CAMP indicates that the large number of attendees didn't get in the way of people having adequate access to the instructors, so the planners are leaning away from trying to limit attendance. Keith suggested that the group instead focus on how to make large gatherings work better, e.g. making sure to leave enough unscheduled time in the agenda.
- The Internet2 Spring Member Meeting is April 19-21 in Arlington, Virginia. There are fewer slots available for middleware sessions than had been hoped; some planned sessions will need to be cancelled, and others will need to run concurrently. It appears that most MACErs will be arriving late on Sunday the 18th. So far Tuesday night looks like the best time for a combined MACE/SALSA dinner; [AI] All will check their schedules for available times for a combined MACE/SALSA dinner. [AI] Renee and Tom will work on scheduling a meeting of the role-of-the-IT-architect group.

Scott gave an update on Liberty and SAML. Liberty is hashing out its third round of requirements, including looking at groups and roles. Work on SAML 2.0 is moving along; there's an April deadline for delivery of the spec, with an up-or-down vote expected in May or June. Scott has been working with Bob and several people at Liberty and Sun to push for more comprehensive treatment of non-browser uses for SAML; Scott sees this as necessary in order for SAML to get traction against its competitors, e.g. WS-Security. There has been lots of discussion around attributes; the way SAML handles attributes will change substantially in 2.0 to reflect various existing practices. There have also been interesting issues around "dealing with a world of opaque identifiers."

SALSA has been working to define its tasks and the contexts in which they are to accomplished; a draft charter will be available soon. Mark described the SALSA problem space as "security issues related to network management and network engineering;" SALSA's constituency is therefore more network security architects and network engineers than middleware people. Mark noted that while Abilene and the EDUCAUSE/Internet2 Security Task Force have issued best practices for security, SALSA wants to look at fundamental security architectures and "new practices." One example involves the virus detection "arms race" -- is there a way to get at the root cause of the problem, rather than continuing this arms race indefinitely? Some of the areas SALSA is looking at overlap with the MACE and MACE-Dir problem spaces, e.g. network authN and "the traveling scientist problem," and using a single system to authenticate both people and machines. Controlling inter-institutional access to network information (e.g., traffic databases) is one area that SALSA has decided is out of scope for it, but Ton noted that that area will be addressed in GN2; [AI] Ton will notify MACE when a list or web site is available for tracking discussions of controlling access to network information. David suggested that SALSA take up access control for QoS and multicast.

Tom noted that MACE-Dir is starting work on roadmaps for both Privilege Management (formerly known as AuthR) and Grouper, and hopes to be able to set a target delivery date soon. Keith suggested that MACE-Dir recruit early adopters for these roadmaps at the I2MM.

Finally there was a short discussion of REST (REpresentational State Transfer). REST is a major competitor to SOAP; for more information see http://internet.conveyor.com/RESTwiki/moin.cgi/FrontPage and http://www.nwfusion.com/ee/2003/eerest.html. The group agreed that MACE needs to maintain the smallest possible set of interfaces across the various projects it's involved with. [AI] MACE will take up REST again in the light of the discussion of interfaces for Grouper planned for the February 11 MACE-Dir call.

*Action Items*

[AI] All will check their schedules for available times for a combined MACE/SALSA dinner.
[AI] Renee and Tom will work on scheduling a meeting of the role-of-the-IT-architect group.
[AI] Ton will notify MACE when a list or web site is available for tracking discussions of controlling access to network information.
[AI] MACE will take up REST again in the light of the discussion of interfaces for Grouper planned for the February 11 MACE-Dir call.