Single Sign-on Network Authentication Working Group
         ---------------------------------------------------

Our charge:

1.  Define a campus-wide User ID space by merging existing ones
2.  Define mechanisms for maintaining the User ID space
3.  Develop (copy) policies for Kerberos-like authentication servers
4.  Test, pilot, and begin deployment of Authentication Servers

dce-authen-wg@isc.upenn.edu:

alex@dccs arzt@dccs aukee@pobox awhite@sas batista@pobox
dandough@pobox das@cip.ldi hiester@dccs ira@central.cis johnsonj@pobox
lila@staff.udc litwack@dccs mckenzie@pobox millar@pobox morrison@seas
powell@pobox pring@mscf riegera@wharton rosenblatt@umis seidita@pobox
shuque@sas tom_mcaleer@path1a.med tony@dccs

Meeting Summary - 9/13/94
-------------------------
(Please send omissions/corrections in summary to the group.)

Attending:

Andy White, Norm Morrison, Emily Batista, Ellen Rosenblatt,
Mark Litwack, Alex Garthwaite

  Norm updated us on the username statistics which now includes PAS
(20,000 entries), SEAS (8,000 entries), and SAS (6,000 entries)
databases.  26% had the same username and same PennID number, and 76%
had the same username and different PennID number.  But, it appeared
that most people did not have the same machine account name and PAS
account, so in total, 85% of the SAS and PAS database was not in
conflict, and 70% of the SEAS and PAS database was not in conflict.
There appeared to be 400 username conflicts between SAS and SEAS.
Norm stated that these were only preliminary results, and will have
a more complete report for us next time.

  We then discussed ways of solving the conflicts.  It was suggested
that we examine the completed statistics to select the path of least
disruption.  Then,any remaining conflicts would be resolved by a
ranking of faculty, staff, then students, in order of preference.
This would be done once to combine the username space, and after that
merge we would institute usernames on a first come, first serve basis.
Other suggestions included making all parties change, so that no one
gets the contended username, and having a free for all where it would
be a race to get the name desired.

  We then discussed how one would recycle names.  It was suggested
that a list of names to be deleted from the username database would be
circulated or made available to all service providers who use the
database.  All providers must report that a username is no longer in
use before it is removed.  A name would remain dormant for 6 to 12
months before it could be used again.  It was also pointed out that we
should probably establish a unique identifier for each person to
simplify database management problems, hopefully in cooperation with
the people database project.

  After discussing the complexity of the above process, many in the
group felt it would be better to assign usernames to people, such as 3
initials and then a 5 digit serial number.  These numbers would never
be reused and would alleviate many problems with database management.

  We then decided that we should speak with the SAS and SEAS
administrators and ask them for their rationale on why they adopted a
highly personal form of username, and not something less so, as
described above.  Norm and Andy volunteered to find this out from SEAS
and SAS, respectively.

  Our next meeting will be on Sept 20 in the UDC conference room, at
the 1:00pm (the usual).