*MACE-WebISO Conference Call* January 7, 2003 *Participants* Steven Carmody -- Brown Nathan Dors -- Washington(chair) Scott Fullerton -- Wisconsin Bob Morgan -- Washington Mark Wilcox -- WebCT Steve Willey -- Washington Lisa Hogeboom -- Internet2 *Discussion* OKI is Coming to Town Members of the Open Knowledge Initiative (OKI) will be participating on the next conference call, January 21, 2003. What do we want to accomplish with that discussion? What needs to be done ahead of time? Those were the questions of the day. A proposal based on discussions of this group is important grist. Bob took an action item to coax Larry with his draft document on a language-independent WebISO API. Bob floated the idea of a quick call between Bob, Larry, Derek, and Steven as a possible catalyst. Nathan hopes that language independence doesn't imply complete independence from the two common WebISO models: the module approach vs. programmer's API. One could reasonably expect sections on each. In Bob's words, one outcome for the joint call--provided we have something to show them ahead of time--would be for the OKI folks to say, yeah, we'll do that, or we'll do that with these modifications, or, yeah, that's consistent with what we're doing. Some sort of high-level understanding, in other words, is a desirable, obtainable outcome: where we stand, where the remaining challenges are, perhaps where there isn't sufficient overlap to warrant attention. What about the OKI Authorization API? asked Scott, which we've discussed some on previous calls. The group agreed that there wouldn't be time to discuss both authentication and authorization APIs in detail, so the agenda will focus solely on APIs for authentication. There is sufficient "fervor" with regard to notions of APIs, said Scott, that the hour will go by quickly. To help freshen the perspectives of this group with regard to OKI activity in the area, Scott took an action item to send the most recent OKI AuthN document to the WebISO list. Steven expressed concern that in looking only at APIs that we'll forget what got us there, forget the pre-conditions that provide much-needed perspective on and understanding behind the APIs. With that in mind, each side might write and submit a paragraph or two about the scope of the authentication problem: beyond establishing identity, what are the constraints of the WebISO and OKI problem spaces, what sorts of systems and architectures do they intend to apply to, what backend transactions must they assist. Scott: OKI is looking beyond just the Web. Mark: Right, OKI isn't just client-server either, but their class factory could support WebISO compatibility or work with a driver for Pubcookie or some other implementation. Bob: Of course, we might decide we're working at different levels from them. Scott: However, OKI should at least be able to use WebISO to get the web-specific stuff done. Steven: I like that last statement. Nathan: Ditto. I'll make sure that topic is in the agenda. Steven: Another outcome of the discussion, or at least something to get clarification on, is how an OKI application authenticates within the WebISO use case. Forming understanding there would be a benefit. WebISO WAA Questionnaire Responses Responses to the questionnaire have begotten more responses, and the January 7th deadline has arrived. Nathan proposed that we leave things open for now, since it'll take some effort now to distill them into a report. Steven will check on the submission from Brown. There was brief discussion about what shape the final report will take. Bob said it would depend on the time and ambitions of whoever wants to tackle it. A summary of the questionnaire--it's motivations and area of focus--and some pithy observations on similarities and differences is probably sufficient, with an appendix at the end containing all the submissions. "Where the rubber hits the road", added Bob, "is where the proposed WebISO API does or doesn't fit with these existing solutions." Nathan will post all the responses on the website, along with the original questionnaire. That's mostly done. Just need to add the last batch. *Action Items* 1) Bob will ping Larry Greenfield about language-independent WebISO API draft document. 2) Scott will confirm availability with OKI members (Scott Thorn and Chuck Schubert?) for next call, Cc'ing Nathan so he can send them further communiques regarding agenda, etc. 3) Scott will post the most recent OKI AuthN document. 4) Nathan will post an agenda for the next call by Friday, January 17th. 5) Nathan will post all WebISO questionnaire responses on the website.