I2IM Conference Call November 14, 2003

I2IM Conference Call November 14, 2003 *Attendees*
Seth Vidal, Duke
Michael Gettes, Duke
Steve Cochran, Dartmouth
Chris Williams, University of Buffalo
Steve Carmody, Brown
Scott Cantor, OSU
Mike Grady, U. Illinois
Tom Barton, U. Chicago
Ann West, Educause
Mark Poepping, CMU
Klaas Wierenga, SURFnet
Derrick Brashear, CMU
Jeanette Fielden, Internet2
Steve Olshansky, Internet2

*Discussion*

The charter has been updated on the web site.

Steve Carmody is working on a non-browser based use case for submission to the OASIS Security Services TC, the group working on SAML 2.0, that would enterprise enable jabber by leveraging an enterprise authentication management system. He would like to explore how Shibboleth and XMPP could address a specific user case where a user attempts to join an access controlled chat room. It might be a mixture of enterprise managed and regular fabric. There would be linkages between identity, the system, user objects and regular jabber where a user might choose their nickname and self publish attributes.

Steve and Peter St. Andre have been exchanging e-mail about what the parameters of the case would be. Much of the exchange has centered on whether bundled attributes would be obtained and forwarded to a chat room when a user logs in to a local server or should the remote chat room get a handle and an attribute so chat room A can send attributes to chat room B. Should things be embedded within an XMPP message or should separate information exchanges happen? The first challenge is to work through a reasonable model in Shibboleth terms. Defining how to attach SAML credentials to an XMPP protocol message might be a starting point.

Scott expressed concern about binding a lot of exchanges to XMPP before it is clearly understood if the exchanges have a general purpose. If the exchange is purely in the SAML domain model and something that any SAML profile might have to make use of, it’s not clear that the answer is to bind that to XMPP.

Mark asked if there is an expectation in the authentication mechanism that there is going to be a one-to-one domain mapping between gettes@duke.edu and gettes@jabber.duke.edu? Yes there is some out of band mechanism expected so that Jabber.surfnet and jabber.duke trust each other. With Brendan's pseudo-anonymous use case there could be issues where you authenticate locally but how you're seen in any given IM context could be different.

[AI] Mark will send his questions regarding naming and anonymity to the list.

Klaas sent some thoughts to the list about how to bring in an anonymous user. He started with comparing IM to e-mail since discussions about authenticated messaging are a replay of discussions about e-mail 10 years ago. Signed e-mail is still rare, but there is a range of mail types. You can be relatively anonymous (hotmail), more authenticated (university mail), or use PGP (person-to-person) and S/MIME (PKI lite). These types could be replicated somehow in IM to enable a similar range of identity authentication.

Brendan mailed out an updated version of his pseudo-anonymous case to the list. It now says that it is not intended to prevent system administrators from being able to trace source of an IM and is designed to allow the typical initiator and target to communicate without the target knowing whom the initiator really is.

It also talks more about addressing the creation of a persistent handle and the need for people to be able to have multiple pseudo-anonymous connections simultaneously with the same person, i.e.. an initiator has two connections open with same person with two different handles so the target doesn’t know they are both the same person.

There was some confusion over what all is contained in Brendan's document and if it moves from a general use case to implementation. In order to minimize confusion Brendan will reorganize it into two documents. The first will have an introduction and the cases, and will add a case involving a persistent handle added. The second document will deal with the persistent handle itself.

There will also be text added to clarify where a moderator might initiate a trace due to a legal requirement because of something said in a chat room. It's a variant of the suicide hotline issue where a trace and police call could be initiated under certain circumstances.

The next call will be December 12, 2003.