*MACE-WebISO Conference Call* June 11, 2002 *Participants* Nathan Dors -- Washington(chair) Shawn Bayern -- Yale Susan Bramhall -- Yale Lawrence Greenfield -- CMU Jeff Eaton -- CMU Daniel Fisher -- Virginia Tech Chad La Joie -- Virginia Tech Bob Morgan -- Washington Ryan Muldoon -- Wisconsin Nate Klingenstein -- Internet2(scribe) *Discussion* Nathan encouraged the group to work to continue the theoretical definition of WebISO systems that it had begun to address earlier. WebISO Problem Space Definition The first thing the group considered is what services a WebISO system should provide to be a WebISO system. One clear requirement is the ability to perform single-sign on, which is a general concept which can also be performed by many other systems. The other significant problem in the space beyond SSO is delegation, which entails questions about tiers and proxied authentication, problems that often confront portal developers. The group was wondering whether it would be appropriate to address each issue individually, or whether the issues should be considered together in a general set of requirements for a WebISO system. While there are many individual components or systems which only need to handle one problem or the other, the group reasoned that those systems aren't necessarily under the umbrella of what should be looked at. There are several other architectural considerations that the group named. Definition of a common WebISO system API or common set of attributes to be passed from the session server to application servers would allow for vendors and application designers to rely on a specific exported scenario. There is also a potential need to define a back-end API to allow for different authentication systems to plug-in at that interface. Discussion continued about definition of common payloads to be sent between application servers and client servers. There are currently a number of potential standards which may be used in that space, including SAML. Bob noted that SAML could be used for this eventually, but there is no standards definition in place yet to allow for SAML to be used in a proxiable way. Bob is working on a several-page description of a standard, generic WebISO architecture at this point and is making significant progress. This will allow the group to start with a model and begin to flesh out the individual requirements of the individual pieces that must compose a WebISO system to start to define a best practice or common practice in the space. -----------------------------------------------------------mace-webiso-+ For list utilities, archives, subscribe, unsubscribe, etc. please visit the ListProc web interface at http://archives.internet2.edu/ -----------------------------------------------------------mace-webiso--