Single Sign-on/Network Authentication Working Group

Minutes of meeting held July 19, 1994.  Send additions and/or corrections
to johnsonj@pobox.

ATTENDING.

Lila Shapiro, Ellen Rosenblatt, Alex Garthwaite, Andrew White,
Shumon Hugue, Mark Litwack and Jim Johnson.

MEETING SUMMARY.

1.  Pilot Approach.
        -  No one in attendance at this meeting has hands on experience with
        Kerberos.  The group felt that the best way to get up to speed quickly
        is to acquire a server, and install Kerberos.  In parallel, we can in
        continue to investigate various methods for assigning the user name
        space.

2.  User Name Assignment.
        -  Cornell assigns unique user names using a method which combines a
        person's initials with a sequentially assigned number.
        (e.g., abc1, abc2,... abc99999).
        -  Mark asked if there is away to map the currently assigned user
        names and passwords in the installed base, to the unique user name
        and password on the Kerberos Server. If a mapping of this kind is
        possible, a conversion of the installed base could be avoided.
        Further research and understanding of Kerberos is required to answer
        this question.
        -  The group agreed that the unique user name and password should be
        attributes of a common People Database.
        -  In developing a method for assigning unique user names, it would
        be desirable to allow a person to accept a system assigned name or
        choose their own, subject to appropriate edits.

3.  Education.
        - The group again stressed that we a short term focus on education,
        wanting to know the status of OSF membership, and what DCE
        bibliographies are available.
        - Lila indicated that she would be attending a Share conference where
        she hopes to learn about IBM's DCE direction.

4.  GES Seminar.
        -  Alex indicated that the seminar did not specifically address issues
        of authentication or Kerberos.  The focus was on firewalls, password
        usage, and technology such as smart cards.

ACTION ITEMS

1.  General DCE Education.
        - Mark will follow up with Chris Shull on OSF membership.
        - Mark will look into "How to" publications from O'Reilly and
        Associates.
        - Contact vendors and ask them to speak or send information to our
        group about their position on DCE.
                * Lila will contact HP.
                * Mark will contact DEC.
                * Andrew White will contact IBM.
                * Ellen will contact Computer Associates.
                * Shumon will contact SUN.
        - Mark will arrange to have a course or talk on Kerberos given to the
        group.
        - Alex will contact Jeff Schiller from MIT about speaking to the
        group.

2.  Set up a pilot Kerberos server
        - Mark will follow up with Chris Shull about acquiring a server.
        - Jim will ftp Kerberos software from MIT.

3.  User Name Space Assignment Methodologies.
        - Find out with other installations have done.
                * Shumon will contact Iowa State.
                * Norm will contact MIT.
                * Mark will contact Small Schools and Radiology.

4.  Administration.
        - Jim will see that Chris Hiester and Dan Dougherty are added to the
        dce_authen_wg mailing list.
        - Mark will find out who the MAC and PC liaisons are for our group.

NEXT MEETING

Tuesday, July 26, from 1-2pm, in UDC conference room, located at 3401 Walnut
Street, Suite 335b.