*HEPKI-TAG Conference Call*
June 14, 2006
Jim Jokl (chair) - Virginia
Nathan Faut - KPMG
Eric Norman - Wisconsin
David Wasley - independent
Renee Frost - Michigan/Internet2
Neal McBurnett - Internet2
Ben Chinowsky (scribe) - Internet2
[AI] Jim will incorporate the group's feedback into the next draft of the CA requirements document, and add a paragraph or two on the intent of the project, the background expected of the deployer, and how the package might be used for both pre-production and production.
[AI] All will send David suggestions for topics at the EDUCAUSE PKI Summit (http://www.educause.edu/pki06).
[AI] Eric will follow up with Christopher Bongaarts on his experiments with differences in browsers' cert-importing behavior.
(from previous calls)
[AI] All will ask their contacts what material their schools would find most useful in a PKI implementers workshop.
[AI] David will follow up on SAFE's open-source signing work.
[AI] All will send URLs for CA software (open-source or not) to TAG.
[AI] Eric will let TAG know when Ron DiNapoli's work on Aladdin eTokens on Macintosh is available for the group to look at.
[AI] All will look at http://www.gridpma.org for materials for the CA Audit project to point to or extract from.
[AI] Bob will send out pointers on UW's experience with the Federal Credential Assessment Framework (CAF).
[AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] All who have time to investigate one or more of the signing tools at http://middleware.internet2.edu/hepki-tag/new/signing4.html will contact Jim.
[AI] Jim will continue looking at PKI Lite cert profiles for Rice's code-signing application.
[AI] Eric will call Mozilla's attention to the fact that they don't support the standards needed to recognize trust anchors on tokens, and nudge them to do something about it.
[AI] Eric will continue seeking feedback on his Top 10 lists, especially from HCISec.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing4.html in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock.
[AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.
Most of the call was spent reviewing http://middleware.internet2.edu/hepki-tag/new/ca-req-2.html. [AI] Jim will incorporate the group's feedback into the next draft of the CA requirements document, and add a paragraph or two on the intent of the project, the background expected of the deployer, and how the package might be used for both pre-production and production.
David noted that, due to a general shift of interest away from strong credentials and toward identity management, there is some question whether the EDUCAUSE PKI Summit, currently planned for August 4-5, will take place this year. [AI] All will send David suggestions for topics at the EDUCAUSE PKI Summit (http://www.educause.edu/pki06). Eric observed that identity management has become "this year's fad"; David suggested that understanding identity management might bring people around to an understanding of the need for strong credentials as well.
The group also revisited the idea of organizing a hands-on PKI implementers workshop sometime this coming winter. David suggested planning on 25-30 attendees; Jim suggested using a draft agenda to gauge the level of interest in such a workshop.