*MACE-WebISO Conference Call Minutes* August 8, 2001 *Participants* Nathan Dors -- Washington (chair) Tom Dopirak -- CMU Renee Frost -- Michigan/Internet2 Craig Counterman -- MIT Aaron Wohl -- CMU Russell Yount -- CMU Steve McRoberts -- Wisconsin Bob Morgan -- Washington Ellen Vaughan -- Internet2 David Wasley -- UCOP Steve Willey -- Washington Nate Klingenstein -- Internet2(scribe) *Discussion* Pubcookie Pubcookie is a WebISO system that is being developed principally under Nathan with the University of Washington being implemented as both an Apache module and an IIS ISAPI filter. The IIS support has not been completed yet, but should be completed by the next call; Tom was pleased that this too would be distributed in code form, quipping, "source is complete; DLL's give scurvy." David stated that, although "the ISO holy grail is still eluding us after much time," developing a WebISO interface is an extremely important part of many inter-realm puzzles that are finally falling into place. Internet2 initiatives such as Shibboleth could be greatly facilitated by implementation of a WebISO system. A WebISO system is designed to allow the user to authenticate for local Web access once and use the credential to securely authenticate to multiple servers and applications. After the user initially authenticates using a local web page, three cookies are planted in the browser which are then used to securely authenticate the user across the entire domain. Providing a single point of authentication generally improves security and reduces hassle for users, as well as facilitating many new applications. For more detailed information about the technical workings of Pubcookie, please refer to http://www.washington.edu/computing/pubcookie/spec.html. Pubcookie has so far been given to eight places and has been successfully installed and used. The contingent from the University of Wisconsin stated that they have some of the source code but that it is not yet operational at their site. CMU has managed to get Pubcookie "up and running in production with Blackboard," and has worked with the code fairly closely. While MIT primarily uses certificates to drive local authentication, there is interest in a WebISO for use with open courseware. Short-Term Goals and Progress At the University of Washington, efforts are currently underway on setting up a Pubcookie web-site with better code distribution, bug tracking, and other open-source services. Nathan distributed a list of to-do's for the Pubcookie software in June and received a bit of feedback. [AI] A primary aim is to work on prioritizing this list, which includes a copious number of topics such as key management, design of authentication interfaces for the login server, creating a better design document, writing a server guide, developing a standard test suite, and a host of others. Key management is another fairly high-priority issue, and nobody has yet examined the code to look for security loopholes. CMU has completed a large amount of work on separating web-page content from the source code more effectively, allowing running of the web-server with modification of configuration files and dynamic HTTP data rather than compiling pages and preferences into the server binary. [AI] CMU will send the modifications to the server code they have made to better separate code and content to Washington, who will collaborate to further this progress. There is also a desire to integrate certificate authentication with WebISO authentication, allowing different clients to authenticate to the same page using disparate authentication means; cycling through authentication systems has not yet been understood, however. Additional comments from WebSSO and uPortal designers would prove helpful in determining what is important for the MACE-WebISO group to address. *Action Items* 1. The to-do list sent out by Nathan should be prioritized soon to focus the group's efforts. 2. CMU will send the modifications to the server code they have made to better separate code and content to Washington, who will collaborate to further this progress.