*MACE-WebISO Conference Call* June 25, 2002 *Participants* Nathan Dors -- Washington(chair) Jeff Eaton -- CMU Scott Fullerton -- Wisconsin Larry Greenfield -- CMU Bob Morgan -- Washington Ryan Muldoon -- Wisconsin Mark Wilcox -- University of North Texas Steve Willey -- Washington Nate Klingenstein -- Internet2(scribe) *Discussion* Pubcookie Nathan has been working extensively on the documentation and community outreach regarding Pubcookie. While current documentation and webspace is generally organized in a Washington-specific manner, Nathan plans to spin it into a more independent open-source project led by the University. He has developed a staging area for a new website which has been extensively re-engineered and many documents have been pieced back together into this new format. At the same time, Nathan invited the Pubcookie contributors to write additional documentation regarding features they had developed to be merged into the rest of the docs. There is also an expressed desire to migrate to a common coding style. The current disparities in how code is commented, the line length, etc. can make code more difficult to read and contribute to. Larry has been working on alternative ways to pass credentials and other information. Development of a way to modularly, dynamically select the information to be sent in assertions from clients to servers as well as the types of assertions themselves will be useful for situations in which multiple authentication domains and methods need to peacefully and simultaneously co-exist. Work on abstracting this out from the main code has begun. Ryan has also made some efforts on adding a more intelligent logging system, with calls available to start and close logging. There is also a function to write directly to the logging system for special events and a convenience function for posting text with nicer formatting and timestamps. Some brief discussion was held regarding the possibilities of making assertions passed between the server and application clients compliant with SAML specifications. Larry suggested as a potential workaround to create a SAML converter to bridge conventional Pubcookie assertions into SAML assertions, potentially either at the application or at the server. While there may be some cryptographic difficulties here in terms of private key propagation and use, it remains a viable option to retain some backward compatibility. There was also a fair deal of analysis about what it would take to allow some sort of Java Applet-to-Pubcookie interaction without requireing extensive recreation and coding. This seems relatively straightforward when the cookie has already been created, but the series of fancy redirections necessary when the cookie has not yet been placed in the browser could be very difficult to emulate using Java. There may be some role for OpenSAML, developed for the Shibboleth project by Scott Cantor of Ohio State University, in the processing and bundling of assertions for Java apps.