HEPKI-TAG Conference Call May 3, 2006

*HEPKI-TAG Conference Call*
May 3, 2006

*Action Items* (new)
[AI] All will ask their contacts what material their schools would find most useful in a PKI implementers workshop.
[AI] Jim will send the list a pointer to the draft Grid PMA policy and practices document
[AI] Jim and David will draft requirements for the packaged-CA project, for discussion on the May 17 call.
[AI] Eric will send the list some documentation relevant to requirements for the packaged-CA project.
[AI] All who have material to contribute to the workflow CAMP will contact Bob Morgan.

(from previous calls)
[AI] David will follow up on SAFE's open-source signing work.
[AI] All will send URLs for CA software (open-source or not) to TAG.
[AI] Eric will let TAG know when Ron DiNapoli's work on Aladdin eTokens on Macintosh is available for the group to look at.
[AI] All will look at http://www.gridpma.org for materials for the CA Audit project to point to or extract from.
[AI] Bob will send out pointers on UW's experience with the Federal Credential Assessment Framework (CAF).
[AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] All who have time to investigate one or more of the signing tools at http://middleware.internet2.edu/hepki-tag/new/signing4.html will contact Jim.
[AI] Jim will continue looking at PKI Lite cert profiles for Rice's code-signing application.
[AI] Eric will call Mozilla's attention to the fact that they don't support the standards needed to recognize trust anchors on tokens, and nudge them to do something about it.
[AI] Eric will continue seeking feedback on his Top 10 lists, especially from HCISec.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing4.html in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock.
[AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

*Attendees*
Jim Jokl (chair) - Virginia
Nathan Faut - KPMG
Neal McBurnett - Internet2
John Krienke - Internet2
Eric Norman - Wisconsin
Jeff Schiller - MIT
Renee Frost - Michigan/Internet2
David Wasley - independent
Ben Chinowsky (scribe) - Internet2

*Discussion*
The group discussed ideas for a potential hands-on PKI implementers workshop sometime in the next year or so. There was general agreement that such a workshop should focus on ensuring that attendees learn exactly what they need to get PKI up and running when they get back to their campuses. This would include both setting up servers and deploying applications. Renee noted that some of the Shibboleth events begin with an optional half-day "install-fest" for people who aren't familiar with the basics; something similar might be useful for a hands-on PKI workshop. [AI] All will ask their contacts what material their schools would find most useful in a PKI implementers workshop.

Jim noted that the Grid PMA has produced a draft policy and practices document that looks similar to PKI Lite. [AI] Jim will send the list a pointer to the draft Grid PMA policy and practices document.

The group discussed how to move forward with the packaged-CA project. [AI] Jim and David will draft requirements for the packaged-CA project, for discussion on the May 17 call. [AI] Eric will send the list some documentation relevant to requirements for the packaged-CA project.

Finally there was a discussion of workflow. David suggested that, while currently everyone seems to be doing workflow in their own way, it should be possible to devise a common format for describing tasks, with assorted pieces of middleware feeding information in that format into a workflow engine. The greater the generality achieved by such an engine, the more powerful it would be. Renee observed that Kuali appears to be the main thing happening with workflow in higher education right now; see http://kuali.org and http://www.kuali.arizona.edu. Renee also mentioned OneStart Workflow at Indiana University; see http://kb.iu.edu/data/aqgq.html. The program committee for the June 28-30 Workflow CAMP (http://www.educause.edu/camp063) would like to hear about any workflow projects TAG members are involved in. [AI] All who have material to contribute to the workflow CAMP will contact Bob Morgan (rlmorgan@washington.edu). Renee noted that this is an Advanced CAMP, hence more investigative and less tutorial than the Base CAMPs.