Single Sign-on/Network Authentication Working Group

Minutes of meeting held August 23, 1994.  Send additions and/or corrections
to johnsonj@pobox.upenn.edu

ATTENDING.

Ellen Rosenblatt, Norm Morrison, Emily Batista, Lila Shapiro, Nirmalya
Das, Alex Garthwaite, Mark Litwack and Jim Johnson.

MEETING SUMMARY.

Status updates for work in progress.

1.  Modifications to PAS and development of PAS queries and API's.  (See
minutes from August 9th meeting for details on PAS queries and API's)

Software needs to be in place by August 31 in order to meet the Fall rush of
students and others needing accounts. It is not known if schools other than
SEAS will be in a position to take advantage of the queries and API's this
Fall.  Norm indicated that he would need to have this software available by
August 30 at the latest, so that he can conduct tests on the SEAS to PAS
feeder process.

Alex felt that the PAS eight character username modification was doable in
the time frame.  Providing PAS queries and API's in this time frame are
less certain.  Mark and Alex will re-evaluate current priorities, to
determine feasibility of delivering PAS queries and API's in the above
time frame.

2.  User Name Space Analysis.

Norm has distributed a request to sysadmins for data files on usage of
username space in the schools and centers.  This request contains details
on data file content, and alternative methods of distribution. To date,
only the Medical School has supplied data files.

3.  Username space management at other institutions.

Lila attended the SHARE conference and reports:

        * Cornell manages an eight character(maximum) username space,
using a person's initials in the first three positions, and an assigned
number of up to 5 characters in the 4-8 positions.

        * RPI manages an eight character username space, using characters
from a person's name in the first 5 positions, combined with an assigned
number in positions 6-8.

4.  Vendor status on DCE.

        * Norm reported that Kerberos version 4 is available for SUN.  As
of yet, there is no DCE available for SUN.

        * Mark reported that Gradient Technologies markets Kerberos for
the PC.

        * MVS/DCE will be available 4th qtr 94, however, robust security
features are not expected until late 1995, at the earliest.

ACTION ITEMS

1.  Mark will touch base with sysadmins at schools and centers to discuss
when and how they will use the PAS queries and API's that DCCS is
developing.  At the same time he will invite them to participate in the
username space analysis that Norm is doing.

2.  Alex will implement the eight character username (Network ID) space in
PAS, and work with Mark to determine feasibility of delivering  PAS
queries and API's in the August 31 time frame.

3.  Jim will verify the bounds of dce-authen-wg authority to define the
composition of a university-wide username space.  Can the work group
define the name space on its own authority, or is it necessary for the
work group to make a proposal, then present it to another body(s) for
approval?

4.  Jim will verify identity of dec-authen-wg MAC and PC liaisons.

5.  Mark will follow-up on obtaining a host machine for testing Kerberos
authentication.

6.  Norm will continue with username space analysis, as data files are
supplied to him by school and center sysadmins.


NEXT MEETING

Tuesday, August 30, from 1-2pm, in UDC conference room, located at 3401
Walnut Street, Suite 335b.