*HEPKI-TAG Conference Call* November 2, 2005

*HEPKI-TAG Conference Call* November 2, 2005

*Action Items*

(new)
[AI] Eric will send out the questionnaire being used for Wisconsin's directory registry audit.
[AI] Jim will email the list with a request for volunteers for the CA Audit project.
[AI] All will send comments on the Draft AuthN Roadmap (http://www.nmi-edit.org/roadmap/auth-roadmap_200510/) to Ann West
(awest@educause.edu) by November 18.

(from previous calls)
[AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] All who have time to investigate one or more of the signing tools at http://middleware.internet2.edu/hepki-tag/new/signing4.html will contact Jim.
[AI] Jim will continue looking at PKI Lite cert profiles for Rice's code-signing application.
[AI] Eric will call Mozilla's attention to the fact that they don't support the standards needed to recognize trust anchors on tokens, and nudge them to do something about it.
[AI] Eric will continue seeking feedback on his Top 10 lists, especially from HCISec.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing4.html in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock.
[AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

*Attendees*

Jim Jokl (chair) - Virginia
Eric Norman - Wisconsin
Shelley Henderson - USC
John Duksta - Brown
Steve Carmody - Brown
Jeff Schiller - MIT
Ann West - NMI-EDIT
Nathan Faut - KPMG
David Wasley - independent
Renee Frost - Michigan/Internet2
John Krienke - Internet2
Neal McBurnett - Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*

USHER root key generation is currently planned for November 11. The root keywill have a 20-year lifetime, though there are plans to re-key in about 10 years.

Eric has looked into the possibility of getting Apple to include USHER root certs; they want to see a web trust audit. For a future call, Nathan offered to do a presentation on what would be required.

Jim noted that there is strong interest on the campuses in getting help with preparing campus internal auditors to audit CAs. Wisconsin is currently auditing its directory registry and looking at auditing other systems;
[AI] Eric will send out the questionnaire being used for Wisconsin's directory registry audit. [AI] Jim will email the list with a request for volunteers for the CA Audit project.

Jim noted that http://middleware.internet2.edu/hepki-tag/new/signing4.html has been updated; volunteers are still needed to look into some of the signing tools.

Steve Carmody and Ann West gave an overview of the NMI-EDIT Draft Enterprise Authentication Implementation Roadmap. The finished version of this document will be part of NMI-R9 next spring. Carmody described the main idea as to get people to start thinking about identity as an inter-domain concern, not just an intra-domain concern. [AI] All will send comments on the Draft AuthN Roadmap (http://www.nmi-edit.org/roadmap/auth-roadmap_200510/) to Ann West (awest@educause.edu) by November 18. In particular, answers to threequestions are needed:

1. Does the document take the right overall approach?

2. Does the document contain or point to the right content to support that approach? Where not, such content is urgently requested. Campus case studies would be particularly welcome.

3. Is the document presented in the right format to make it likely that it would actually get used on your campus? Ann noted that one of the lessons from the earlier Directory Roadmap was that people tended to use it more as "a checklist to make sure they've thought of everything" than as a standard procedure to be followed step by step. The Authentication Roadmap has been designed with this in mind.