UC Authentication Workgroup

UC Authentication Workgroup Minutes - October 13, 1998

Attendees:   Marina Arseniev (UCI), Peter Brantley (UCB), Denis DeLaRoca (UCLA), Mike Friedman (UCB), Joan Gargano (UCOP),
                    Sal Gurnani (UCO   P), Russ Harvey (UCR), Arlene Allen (UCSB), John Kunze (UCSF), Tom Marazita (UCSB), Pete Neilson (UCLA),
                    Vance Vaughan (UCB), Ken Weiss (UCD), Don Worth (UCLA)

Several campuses provided summaries of authentication issues and potential implementation projects for their campus. These were summarized in an overview of issues and projects for consideration. Throughout the discussion of authentication issues, the workgroup identified areas where decisions about authentication services could not be made without a better understanding of the University Directory, its content and functional capabilities. Bennie Min will be invited to future meetings to answer questions about the directory and to provide an opportunity for both groups to exchange information about work in their respective areas.

I. Identify the issues for consideration for 1998/99.

Definition of the UC Attribute Service

Define the UC Attribute Service and the Universitywide API (http) to the service. Define a level of service by December 19, 1998 which can be relied upon for application development (Marina Arseniev, Sal Gurnani, Pete Neilson, Vance Vaughan)

User Support

The workgroup recognizes the importance of user support for certificate technology. To help campus support organizations, the workgroup will place examples of campus documentation on its web site and create a "Frequently Asked Questions" document that explains certificate technology and the UC authentication architecture. (Workgroup)

Public workstation support and certificate portability.

Report to UC Authentication Steering Group on the problems with certificate portability and the continuing need for password based authentication at the campuses.

Define a mechanism for the use of public terminal certificates that can be used to reduce the dependence upon IP authentication. (Sal Gurnani)

UCLA will be evaluating smartcards. The UC Authentication Workgroup will stay abreast of this evaluation and report on the applicability of the UCLA solution as a Universitywide solution. (Workgroup)

Clarify Technology Issues

The workgroup will continue to identify technology issues as they arise through campus implementation projects and provide reports to the Authentication Steering Group as appropriate. Digital signatures and key escrow systems was identified as a technology that may need to be reconsidered in the next year.

II. Identify the first implementation project. Attribute Service Proof of Concept

Create a prototype attribute service. Demonstrate the use of certificates with the UDIR attribute server through MelWeb. (Sal Gurnani)

Create a web site that accepts a certificate, queries an attribute server and presents a web page targeted to the individual classification. (Sal Gurnani)

Each campus needs to have a DNS entry for the attribute server.

III. Establish Deliverables and Workplan Authentication Architecture Statement

The workgroup will create the authentication architecture statement and implementation specifications. The specifications will inform campuses on the requirements and processes required to participate in the authentication infrastructure and service.

*Collect Campus Architectures Statements*	October 30, 1998
Describe of the hardware, software and management of the campus certificate authority.
Description of current practice for issuing and revoking certificates.
Description of the hardware, software and management of the attribute server.
List of immediate projects.
Integrate statements into the draft UC Authentication Architecture statement. Redistribute the draft statement.	November 13, 1998
Meet virtually to create second draft architecture draft.	November 20, 1998
Complete Architecture Statement.	January 5, 1999

Attribute Service

Define the UC Attribute Service and the Universitywide API (http) to the service.	December 19, 1998
Create a prototype attribute service. Demonstrate the use of certificates with the UDIR attribute server through MelWeb. (Sal Gurnani)	December 19, 1998
Create a web site that accepts a certificate, queries an attribute server and presents a web page targeted to the individual classification. (Sal Gurnani)	January 5, 1999

Certificate Portability

Define a mechanism for the use of public terminal certificates that can be used to reduce the dependence upon IP authentication.	January 5, 1999
Report to UC Authentication Steering Group on the problems with certificate portability.	January 5, 1999

Clarify Authentication Technology Issues

Schedule a videoconference technology briefing with Netscape.
Notify the Authentication Steering Group of the ongoing issue of root level chain of authority for the UC certificate hierarchy and its affect on user support.

IV. Meeting Logistics

The workgroup would like to hold its next meeting on November 20th using videoconferencing with the capability to share a computer display. Joan Gargano and Ken Weiss will work out the details of the meeting using the University videoconferencing system and a whiteboarding network application.