*HEPKI-TAG Conference Call* August 9, 2006

*HEPKI-TAG Conference Call*
August 9, 2006

*Action Items*

(new)
[AI] Jim will see if he can schedule the PKI Implementers Workshop immediately before or after the December 4-7 Internet2 Member Meeting in Chicago.
[AI] Jim will contact possible PKI Implementers Workshop presenters for input on setting the agenda and recruiting participants.

(from previous calls)
[AI] Jim will review the action items and send Ben a list of changes and deletions.
[AI] Eric will experiment with delivery and trust of root and intermediate certs via the web in Mozilla-family browsers.
[AI] Scott will send out a pointer to the draft TAGPMA CA audit requirements.
[AI] Jim will incorporate Scott's digsig-tools information into the HEPKI-TAG web site.
[AI] All will ask their contacts what material their schools would find most useful in a PKI implementers workshop.
[AI] David will follow up on SAFE's open-source signing work.
[AI] All will send URLs for CA software (open-source or not) to TAG.
[AI] Eric will let TAG know when Ron DiNapoli's work on Aladdin eTokens on Macintosh is available for the group to look at.
[AI] All will look at http://www.gridpma.org for materials for the CA Audit project to point to or extract from.
[AI] Bob will send out pointers on UW's experience with the Federal Credential Assessment Framework (CAF).
[AI] All who can test the Eudora S/MIME plugin, or find others to do so, will contact Jim.
[AI] Jim will expand the signing-tools matrix with columns on APIs and scripting tools; multiple signatures (parallel vs. stacked); and whether or not the tool lets you add a trust anchor.
[AI] All who have time to investigate one or more of the signing tools at http://middleware.internet2.edu/hepki-tag/new/signing4.html will contact Jim.
[AI] Jim will continue looking at PKI Lite cert profiles for Rice's code-signing application.
[AI] Eric will call Mozilla's attention to the fact that they don't support the standards needed to recognize trust anchors on tokens, and nudge them to do something about it.
[AI] Eric will continue seeking feedback on his Top 10 lists, especially from HCISec.
[AI] Jim will get an OID for PKI Lite from MACE.
[AI] Mark will ask Jed Dobson for more information on OSG.
[AI] David will look at some of the products listed at http://middleware.internet2.edu/hepki-tag/new/signing4.html in the light of the list of questions there.
[AI] Neal will continue looking at OpenOffice, and Jim will look at eLock.
[AI] Jim will send the list more information on the Acrobat transcript-signing work at U. of Chicago.
[AI] Jim will draft a discussion of the pros and cons of hierarchical and flat campus PKIs for discussion on a future call.
[AI] All will send Jim further suggestions for TAG projects.
[AI] Jim will send mail to people who have expressed interest in various possible areas of work for TAG, and work toward finding a focus for the group.

*Attendees*

Jim Jokl (chair) - Virginia
Nathan Faut - KPMG
Eric Norman - Wisconsin
Neal McBurnett - Internet2
John Krienke - Internet2
Ben Chinowsky (scribe) - Internet2

*Discussion*

The group discussed plans for a PKI Implementers Workshop later this year. [AI] Jim will see if he can schedule the PKI Implementers Workshop immediately before or after the December 4-7 Internet2 Member Meeting in Chicago. Nathan noted that he'll be at the MM, and can present at the workshop if takes place then. The group made a list of other possible presenters; [AI] Jim will contact possible PKI Implementers Workshop presenters for input on setting the agenda and recruiting participants.

Presentations from the August 4-5 PKI Summit at Snowmass are at http://www.educause.edu/SessionsWithAvailableResources/10581.

Nathan suggested that HSPD-12 is likely to drive widespread adoption of SAML. [HSPD-12 is the White House Policy for a Common Identification Standard for Federal Employees and Contractors; see http://csrc.nist.gov/policies/Presidential-Directive-Hspd-12.html.] Under HSPD-12, government departments can set up their own identification systems, but they must be able to interoperate; Nathan predicts that a federations approach will dominate, with PKI widely used to validate SAML assertions. There was general agreement on the growing importance of such background architectural uses of PKI, which also include DNSSEC and Grid security.

The group reviewed and approved the latest version of the CA Requirements Document: http://middleware.internet2.edu/hepki-tag/new/HEPKI-CA-Req-Summary-20060726.html. Jim stressed that the document is intended only as guidance for the developers, not as a rigid spec; he expects there to be an ongoing iterative process between the HEPKI-TAG and the developers.