Untitled Document

Technical Activities Group Meeting Minutes
HEPKI-TAG Conference Call

June 19, 2002
Attendees

* Bob Brentrup - Dartmouth
* Eric Norman - Wisconsin
* Michael Gettes - Georgetown
* Chris Misra - Massachusetts
* Michelle Gildea - CREN
* Bob Morgan - Washington
* Judith Boettcher - CREN
* Jim Farmer - CREN
* David Wasley - UCOP
* Jim Jokl - Virginia
* Ken Klingenstein - I2/Colorado

Jim started the call by explaining that our scribe was unavailable and that the minutes for the call were likely to be rather sketchy.

The next item was a short update from several participants of the Federal / Higher Education PKI meeting. Several topics were discussed. Much of the Federal government information is available on a few web sites:
http://www.cio.gov/eAuthentication/
http://www.cio.gov/fpkisc/
http://www.eGov.gov/

The majority of the call was again devoted to discussing proposed changes to the certificate profile to incorporate the U.S. Department of Education's OPEID/FICE identifier number and/or the Federal Institutional Entity Identification Number (EIN). See the June 5 minutes for details of the issues. After a long series of discussions revolving around the usual distinctions between authentication and authorization and how they apply in this case, a general sense was reached that it is probably not appropriate to include this information in the Subject field of an End Entity certificate. The logic behind this sense was that the status of people changes too frequently for use in a personal identity certificate. Furthermore, including the identifier number doesn't help to convey what the individual is authorized to do. Likewise, servers can have multiple roles that could easily span the boundary between different OPEID or FICE codes. [1] The group agreed to discuss this issue via email in the interim and make a final decision on the next call.

The discussion next turned to the question of if it is appropriate to recommend that higher education CAs include these numbers in the Issuer field of the certificates that they sign. These identifiers probably mean more than the X.500 names commonly used now and could help to further solidify the identity of the CA. [2] The question of recommending these identifiers in the Issuer field will be discussed in the next call. [3] Jim Farmer will try to check on how these types of issues are handled in other areas such as the banking industry.

The next agenda item was Digital Signature tools and experiences at various schools. [4] Bob Brentrup knew of work being done at Dartmouth and Virginia Tech and agreed to see if the researchers would be willing to make their draft paper available to TAG before publication.

Finally, Ken mentioned that I2 may be able to provide some paid assistance to help support the TAG S/MIME work. [5] The group agreed to discuss this possibility on the next S/MIME call.