Jim Jokl (chair) - Virginia
Eric Norman - Wisconsin
Scott Cantor - OSU
David Wasley - independent
Nathan Faut - KPMG
Renee Frost - Michigan/Internet2
Neal McBurnett - Internet2
Ben Chinowsky (scribe) - Internet2
*Action Items* (from previous calls)
[AI] Jim will review the action items and send Ben a list of changes and deletions.
[AI] Neal will look for more information on the logo-searching problem in CardSpace.
[AI] Eric will experiment with delivery and trust of root and intermediate certs via the web in Mozilla-family browsers.
[AI] Scott will send out a pointer to the draft TAGPMA CA audit requirements.
[AI] Jim will incorporate Scott's digsig-tools information into the HEPKI-TAG web site.
[AI] David will follow up on SAFE's open-source signing work.
[AI] All will send URLs for CA software (open-source or not) to TAG.
[AI] Eric will let TAG know when Ron DiNapoli's work on Aladdin eTokens on Macintosh is available for the group to look at.
[AI] All will look at http://www.gridpma.org for materials for the CA Audit project to point to or extract from.
[AI] Bob will send out pointers on UW's experience with the Federal Credential Assessment Framework (CAF).
[AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] All who have time to investigate one or more of the signing tools at http://middleware.internet2.edu/hepki-tag/new/signing4.html will contact Jim.
[AI] Jim will continue looking at PKI Lite cert profiles for Rice's code-signing application.
[AI] Jim will get an OID for PKI Lite from MACE. [AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing4.html in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock.
[AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects. [AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.
The group discussed various aspects of CardSpace. [An introduction to CardSpace, recommended by Kim Cameron, is at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/IntroInfoCard.asp]
- Motivation. Eric suggested that the principal motivation for CardSpace is user frustration with the proliferation of passwords. Scott disagreed strongly, arguing that in most cases, users consider having a browser remember their passwords to be a sufficient solution. Scott sees combating phishing as the main motivation for CardSpace.
- Deployment. As phishing is only a major concern when large amounts of money are at stake, Scott doesn't see much use for CardSpace for blogs, wikis, or e-commerce, or on campus. Scott argued that CardSpace will not deploy widely until Microsoft recruits some big players -- e.g. banks, other financial sites -- to use the technology.
- Relationship to Shibboleth. Scott noted that SAML is not part of the CardSpace architecture; while there are SAML flavors of, e.g., the IdP-IdP bridging function, the CardSpace client is WS-Trust only. Out of the box, CardSpace and Shibboleth (including Shibboleth 2.0) will have no technical relationship. Integration with Shibboleth is possible, however. Scott believes that on the campuses there is both considerable interest in CardSpace-Shibboleth integration, and recognition that it will take a lot of work.
The group also made final plans for the PKI Implementers Workshop. Presentations from the workshop will be archived at http://events.internet2.edu/2006/fall-mm/sessionDetails.cfm?session=2981&event=258