Untitled Document

Technical Activities Group Meeting Minutes
HEPKI-TAG Conference Call

December 20, 2000
Attendees

* Jim Jokl (chair) - Virginia
* Neal McBurnett - Avaya
* Bob Brentrup - Dartmouth
* Kevin Unrue - Cornell
* Deb Crocker - Alabama
* Eric Norman - Wisconsin
* Judith Boettcher - CREN
* Ken Klingenstein - Colorado/Internet2
* Jeff Schiller - MIT/CREN
* Bob Morgan - Washington
* Ben Chinowsky (scribe) - Internet2
* Others joined and left the call at various times.

Discussion

There were two changes to the minutes of the previous meeting. Bob Morgan clarified the statement that "we can protect the DNS/IP lookup, but not the SRV lookup"; in fact the SRV lookup could be protected by the same means (SSL) as the DNS/IP lookup, but it would be harder. Eric Norman asked that the minutes include his recommendation that certs contain information that helps users verify that they are actually talking to the server the cert is pointing them to.

[AI] Ken will organize further conference calls on cert profile convergence. The cert-profiles group will start with the easy fields (those other than Subject and Issuer) and aim for closure by the end of February. In the unlikely event that there is little else to do in the next TAG call, this discussion will begin then; otherwise Ken will schedule these discussions separately from the regular TAG calls. The group discussed identity certs; two places these could be used are with apps that use ACLs and with Grid certs (either activating the Grid certs or substituting for them). [AI] Ken will ask the Grid people in San Diego if the Grid could substitute ID certs for its current manual process.

At IETF, Bob Morgan and Jeff Schiller met with Tim Polk of NIST, Neal McBurnett, and Paul Hill to discuss dc naming. This group agreed that the directory community's strong preference for fixed placement of the dc components within the DN lacks technical justification. Bob has initiated a mailing list discussion on this question; unless a technical justification is provided, he will suggest new language on dc component placement for draft-ietf-ldapext-locate-04.txt. It was noted that the current attitude to dc naming among vendors is negative. [AI] Bob Morgan will write the beginnings of a TAG white paper presenting the case for dc naming.

Bob also reported that he and Neal McBurnett had attended the San Diego IETF-SACRED meeting and volunteered TAG's help in documenting scenarios to complement the IETF-SACRED requirements document ( http://www.ietf.org/internet-drafts/draft-ietf-sacred-reqs-00.txt ). This led to a long discussion of which of the many possible scenarios it would be most valuable to document, and of how to classify them. Agreement was reached on the following taxonomy and volunteer assignments:

1. working at home (few machines accessed by one user) - Jim
2. a. public kiosks (many machines accessed by many users - low security needs) - Kevin
b. public labs (includes hospitals; many machines accessed by many users - high security needs) - Jim, Keith
3. root certs (heDRCD and similar scenarios) - Neal
4. wireless/dissimilar platforms (cell phones, PDAs, etc.) - no one

[AI] Eric will write up some notes on providing access to users who lose their smartcards (smartcards are out of scope for IETF-SACRED). There is some time pressure to make these scenarios available; the end of January is the target. TAG still needs a volunteer to write up the dissimilar-platforms scenario. It was agreed to consider the scenarios work as part of the mobility group. [AI] Kevin will draft a charter and accompanying questions for the mobility group. Kevin also volunteered to join IETF-SACRED and collect more scenario writeups from its members. Neal noted that IETF-SACRED is interested in device initialization as well as mobility issues. [AI] Eric will send Kevin text on using symmetric keys for secure access to credentials.

There was a short review of the overall TAG process and upcoming developments. Process suggestions included pursuing fewer topics but in more depth, setting priorities, and keeping the calls to their official length of one hour. Bob Morgan raised the question of how to get more people from the participating schools involved in discussions on the TAG mailing list. Kevin noted that due to the state of New York now requiring electronic grants submissions, he will have three or four new people available next year to help with TAG work. [AI] Judith will forward a request she received for information on how to set up a campus CA.
Action Items

* [AI] Ken will organize further conference calls on cert profile convergence.
* [AI] Ken will ask the Grid people in San Diego if the Grid could substitute ID certs for its current manual process.
* [AI] Bob Morgan will write the beginnings of a TAG white paper presenting the case for dc naming.
* [AI] Eric will write up some notes on providing access to users who lose their smartcards.
* [AI] Kevin will draft a charter and accompanying questions for the mobility group.
* [AI] Eric will send Kevin text on using symmetric keys for secure access to credentials.
* [AI] Judith will forward a request she received for information on how to set up a campus CA.