*MACE-WebISO Conference Call* December 11, 2001 *Participants* Nathan Dors -- Washington(chair) Jim Blankenship -- Washington Steven Carmody -- Brown Tom Dopirak -- CMU Jeff Eaton -- CMU Scott Fullerton -- Wisconsin Michael Gettes -- Georgetown Lisa Hogeboom -- Internet2 Greg Miskin -- ???? Bob Morgan -- Washington Russ Tokuyama -- Hawaii Steve Willey -- Washington Russell Yount -- CMU Nate Klingenstein -- Internet2(scribe) *Discussion* Nathan opened the call with a dialog on the difficulties encountered by various sites when trying to use the Pubcookie ISAPI filter. Jim, lead programmer for the IIS effort at Washington, joined the call. The error confronting other sites centers around the decrypting of cookies. Different byte ordering or word alignment, between login server and target server architecture, were two of the factors mentioned that might cause problems with encryption, and the group thought that might be worth testing to determine if it's the root of the problems. Another potential test would be to encrypt some text on the login server, then send it manually to a target machine and attempt to decrypt it there. [AI] Washington will distribute the tools necessary to conduct this sort of test. Russ has been compiling the ISAPI filter from source successfully, but he was unable to link it and get a DLL, which is the next step. He has a fix for this which Jim sent to him earlier but hasn't gotten to try it out yet. The group expressed a desire to work to record the process of compiling the IIS version from scratch with a significant deal of experimentation to better understand it. Michael was able to build the whole server but was bothered that he had to go into a web page to put it all together without any amount of documentation about how to Pubcookie enable that web page. Indiana reached the same spot and had the same request, so [AI] Nathan offered to expand and post on this concept and send it to the list. The CVS repository for Pubcookie is live and will include public read access. CMU has sent a .tarball of changes to the login server which offloaded much of the page design to config files to limit recompilation when minor modifications to content were done as an initial contribution. The new CVS also includes a possible documents repository. There has also been some discussion of shipping Shibboleth with Pubcookie as an integrated solution which will work relatively well out of the box. The group wanted to integrate the simplest possible login scenario imaginable with a sample login screen and a simple backend like an .htaccess file. [AI] Tom offered to formally write up the request from Shibboleth land for design of this sample login screen and scenario to provide a packaged example for easy installation. The most immediate short-term demands other than general code cleanup from a functionality standpoint is isolation of the problems in the IIS module and then some indication of how WebISO will work with uPortal. Hawaii still intends to make some effort towards this latter goal within the month, but as of yet has no live apps using Pubcookie. The WebISO system developed by Yale has been successfully integrated already with uPortal. Beyond there, key exchange is another possible goal, as are many others mentioned on the initial document Nathan circulated when the group began. In an effort to expand the group, [AI] Michael will send the e-mail address of Zed Shaw of the University of British Columbia to Bob, who will make contact. Documents Scott developed a set of scenarios of WebISO use to better ground the requirements document. This is intended to give a background against which requirements can be compared to verify their relevance and importance. He also thought the group would be able to better focus on these requirements if they looked at a phased delivery, discussing things both which could be done in the relatively near term and those which will require significant additional experience and coding. Scott is also working on a model which is the basic discussion of precisely what a WebISO system is and what it is supposed to do as a preamble to the more general and applied scenarios. Bob disagreed with assigning features to phases initially, preferring instead to discuss scenarios without any concern from timeframe and working to derive from them instead a set of abilities and requirements which could then be assigned more of a set of priorities. Another suggestion made was to distinguish between active vs. static needs of applications relying on the WebISO system. Creation of a set of application requirements could be helpful for future design and could support more potential application needs. Nathan has been working on this high-level WebISO model as well, having created an outline discussion of what makes Pubcookie Pubcookie. This includes discussions not only from Pubcookie's perspective but also from that of the application developer. He has also worked on creation of a build instruction set with an external target in mind. For packaging reasons, it would be nice to bundle these directions with Pubcookie rather than requiring installers to find them on a webpage. *Action Items* 1. UW will distribute the set of tools necessary to test encryption manually between servers and target machines. 2. Nathan offered to work to develop better documentation on how to initially situate a basic webpage to use Pubcookie authentication. 3. Tom offered to formally write up a request from Shibboleth land for design of a sample login screen and scenario to provide a packaged example for easy installation of a complete solution. 4. Michael will send the e-mail address of Zed Shaw of the University of British Columbia to Bob, who will make contact.