Single Sign-on Network Authentication Working Group
         ---------------------------------------------------

Our charge:

1.  Define a campus-wide User ID space by merging existing ones
2.  Define mechanisms for maintaining the User ID space
3.  Develop (copy) policies for Kerberos-like authentication servers
4.  Test, pilot, and begin deployment of Authentication Servers

dce-authen-wg@isc.upenn.edu:

alex@scotty.dccs arzt@nextb.dccs aukee@pobox awhite@sas batista@pobox
dan@crc hiester@pobox ira@central.cis johnsonj@pobox lila@staff.udc
litwack@scotty.dccs millar@pobox morrison@seas powell@pobox
pring@a1.mscf riegera@wharton rosenblatt@umis seidita@pobox shuque@sas


Meeting Summary - 8/30/94
-------------------------
(Please send omissions/corrections in summary to the group.)

Attending:

Nirmalya Das, Emily Batista, Norm Morrison, Alex Garthwaite,
Mark Litwack.

  Mark updated the group on our goal to collect username and PennID
information from all major computing centers.  The small schools group
will probably do so, but they wanted to confirm it with all their
constituents.  Annenberg needs to confirm with their dean.  SAS will
provide the information.  Pobox administrators will provide the
information.  The Engineering school and Medical School has already
provided the information.  Wharton has not replied yet.

  The PAS system code has been modified to limit username selection to
8 characters, all lowercase.

  Alex updated the group on the API status.  The API will not be done
in time for anyone to use it during CUPID.  [Post meeting note: Alex
has completed the API as of 9/2/94, and has released it to Norm.]

  Norm reported on some statistics from a comparison between the PAS
and Engineering school account databases.  The SEAS database had 7,000
entries and the PAS database had 18,000.  Of those entries, 2,000
account names were in common.  Of the 2,000, 1,700 were the same
person according to the PennID number, leaving 300 names that were in
conflict.  It was encouraging that we only had a 15% conflict rate,
but it was also pointed out that we had data from other schools to be
considered.

  Alex brought up the possibility of using a completely new and
non-intersecting account naming strategy.  After some discussion, we
decided that it might impede acceptance of our campus-wide namespace,
and we decided to not deviate from our current plan.

  Mark reported that Chris Shull is working on getting us an Alpha
workstation to use as a pilot DCE server.  Mark also said that Chris
is looking into purchasing the appropriate level IBM HESC license
which includes DCE services.

  Mark reported from the chairs committee that our group is authorized
to make the types of decisions that we have been making thus far.  But
there is no set formula for determining the limit of our
responsibility, and that should be handled on a case by case basis
using our best judgment.  (This question had come up last meeting.)

  Mark also summarized some items from the last chairs committee, FYI.
First, that the chairs committee was going to try to apply the
Technology Architecture Methodology to the DCE problem.  Second, that
Chris Shull will begin teaching a course on DCE based on the course he
took from Transarc, and that all participants in the working groups
were invited.

  It was suggested that the chairs minutes just get sent out to the
working group.  Mark agreed to do that.

  Our next meeting will be on September 13 in the UDC conference room.
Next Tuesday's meeting is cancelled because everyone will be busy with
the incoming students.

Action items:

* Continue to build the database of common names so that they may be
reserved, and also so that we can continue our statistical analysis.
(Mark, Norm, Alex)

* Test and deploy the new API.  (Norm, Alex, other participating
schools)

* Get answer from chairs committee: What is the role of the Advisory
Committee?  What channels do we use to communicate with them?  (Jim,Mark)
(PRE/)