*HEPKI-TAG Conference Call* May 18, 2005

*Action Items*

(new)
[AI] Jim will convey TAG's views to LionShare and try to find out more about why they're asking for an USHER policy requirement.

(from previous calls)
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing.html in the light of the list of questions there.
[AI] Shelley will ask her sysadmins list for information on applications using any of the tools on Jim's list.
[AI] Neal will continue looking at OpenOffice, Jim will look at eLock, and Eric will look at WonderCrypt.
[AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] Jeff will send Jim a Mutt column for the TAG S/MIME table.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.
[AI] Eric will look for pointers on getting Mozilla to recognize trust anchors on tokens.
[AI] Eric will review his Top 10 lists to see if they're ready to be added to the TAG web site.

*Attendees*

Jim Jokl (chair) - Virginia
Mark Franklin - Dartmouth
Nick Lewis - Internet2
Neal McBurnett - Internet2
Eric Norman - Wisconsin
Scott Rea - Dartmouth
Jeff Schiller - MIT
Bob Morgan - Washington
Shelley Henderson - USC
Nathan Faut - KPMG
David Wasley - independent
Ben Chinowsky (scribe) - Internet2

*Discussion*

Jim noted that the PKI Lite documents have been approved by MACE.

Scott outlined work at Dartmouth and Penn State on using Infomosaic SecureSign to create an XML DSIG template for transcript signing. See http://pki.od.nih.gov for the interoperability portion of this project. Jeff has also been working with Infomosaic at MIT.

Registration for the July 25-27 PKI Deployment Summit is now open; see
http://www.educause.edu/pki05/ for the program and further information.

The group discussed LionShare's request that campuses that receive an USHER authority certificate be required to post a policy document based on the PKI-Lite policy template. Although, as Jim pointed out, this would only amount to USHER formalizing the existing PKI-Lite commitment to do no worse than existing, non-PKI I&A procedures, TAG felt that it would nonetheless be a barrier to participation, and recommended against it. [AI] Jim will convey TAG's views to LionShare and try to find out more about why they're asking for an USHER policy requirement.

Jim noted that it's been agreed to delete the CRL pointer from the USHER root cert profile (http://middleware.internet2.edu/hepki-tag/usher-common/ hepkiCA-root-profile-current.html).

HEPKI-TAG met at the recent Internet2 Member Meeting; minutes are at http://www.educause.edu/May22005/6872. Jim noted that there appears to be a need
on the campuses for more guidance on how to get started in the USHER/HEBCA/PKI-Lite space; he is planning an overview document to address this.