[note: this group was originally self-titled as the "Stone Soup Group", but is now referring to itself as "Common Solutions Group". It is effectively an ad-hoc committee of active CREN members.] Stone Soup Group Meeting Notes Monday-Tuesday, May 23-24, 1994 Attendees: Doug Bigelow, Jim Conklin, Ira Fuchs, Doug Gale, Steve Hall, Greg Jackson, Raman Khanna, Ken King, Ken Klingenstein, Stuart Lynn, Gerry MacDonald, Glenn Ricart, Mike Roberts, Amanda Rushing, Doug Van Houweling, and Steve Worona The attendees represent universities, CNI, CoREN, CREN, EDUCOM and NTTF, FARNET, FNCAC, Merit, NorthwestNet, NYSERNET, and other mid-level networks. Invited but unable to attend were: Jim Bruce, Bill Graves, Bob Heterick, Eric Hood, Richard Mandelbaum, Paul Peters, Don Riley, Mike Staman, Ed Sharp, and Bill Yundt. - ----- MONDAY, MAY 23: I. Introductory remarks and progress reports A. Ken King and Glenn gave an overview of the history of the Stone Soup Group and how the name was derived. B. CoREN -- Ricart CoREN is redoing its backbone procurement to ensure its surviving a challenge as to process. CoREN will interconnect its regions without using NAPs. Glenn also provided an overview of the challenges to be surmounted as NSFNet is replaced by competitive backbones. C. Educom/NTTF -- Roberts Mike gave the group an overview of the legislative scene including a report on the status of various telecom bills. He also described a new media project which will be kicked off in Ann Arbor on July 12. The thrust of this project that was initiated at an NTTF policy group meeting is to start some cooperative multi-media projects designed to develop the next generation of network technology tools and applications. D. Merit -- Van Houweling Merit is getting out of the connectivity business relying increasingly on Ameritech. Some key members of the Merit staff have moved to Ameritech. Merit is in the final stages of planning for local- call access to the Internet throughout Michigan and IP connectivity to at least 80% of the intermediate and high schools in Michigan. Their goal is to provide enough bandwidth to run a decent Mosaic in every high school. E. FARNET -- Klingenstein FARNET is still seeking a replacement for Laura Breeden and thinking about relocation to DC. Their new publication ("51 Reasons...") has been a big success, making it to a White House coffee table. FARNET has had difficulty taking an advocacy position given the range of fundamental values of its members. F. FNCAC -- Klingenstein Ken Klingenstein reported on a recent FNCAC meeting. Major issues included the clipper chip and education. It was clear that Gore's goal of connecting all K-12 institutions to the NII by Jan. 11, 2000 has no leadership in the federal government. Anita Jones and Laura Breeden gave impressive reports. Stuart Personick from Bellcore will succeed Ken Klingenstein as chair. G. Cornell -- Lynn The Mandarin Consortium is still in legal formation. They have 15 charter members. There is also the possibility of a CU-SeeMe consortium. They have decided not to deploy version 1 of Mandarin but wait for version 2, which will be much more robust. The integration with DCE is being explored. The sound version of CU-SeeMe is about to move from alpha to beta test. H. CREN -- Fuchs BITNET III is operational in alpha at Cornell, Princeton, CREN, and Michigan. CREN has acquired ListProc with version 7 being released in July. CREN is also testing the P/370 co-processor card as a low-cost device to off load some of its core nodes. Early results at Princeton are encouraging. CREN may become on OEM for this card. Discussions with U of Minnesota about Minuet and Cal State about GINA continue with modest progress to date. II. An Architecture and Matrix for Higher Education Systems -- Gale Doug Gale presented and distributed a document defining an information technology architecture based in part on work by the Gartner Group. He also discussed the process by which a University of Nebraska Advisory Committee adopted this architecture. III. New Federal NII purchasing guidelines from the Technology Policy Working Group (TPWG) -- Roberts Mike Roberts handed out public minutes of the TPWG. There is a desire to finesse the old GOSIP requirements out of existence and move to the new IP. The DOD is embracing a "dual use" philosophy forcing a complete revision of federal guidelines. The Commerce Department is pushing voluntary industry standards. IV. Other issues Glenn Ricart observed that he was less sure than before that the Internet can avoid a "success catastrophe". It was decided to add an item to the agenda to discuss the potential of a major Internet disaster and what to do about it. V. Exploration of Projects for a Higher Education Bellcore -- MacDonald Two umbrella projects that had received high priority at the Captiva meeting were: A. Integrity of network Data, Privacy-Enhanced Mail, and related issues B. Network Information Services It was observed that there were a lot of relationships and common elements between A and B. A broad ranging discussion ensued. It was observed that the campus architecture must scale into the public architecture because it's people outside the campus with whom campus folks want to communicate. Doug Van Houweling observed that DCE as an architecture was a good starting point but not a solution without DME. Components of what we need are in Mandarin, Commercenet, and other software. Three potential projects were focused upon: 1. A workshop on authentication and authorization 2. A task force on Privacy-Enhanced Mail including electronic signatures 3. A task force on Accounting/Billing, the licensing, distribution, and update of software and other materials and the integrity of network-accessible data. Ken Klingenstein reminded the group that there were two separate issues: 1. Policies and practices defined 2. Software produced VI. Discussion of how to organize the effort -- Van Houweling It was decided that we needed to appoint task forces with an explicit charge including product and time frame. Given the speed at which the world is changing any project that takes more than a year to complete is a failure. Focus turned to picking low-hanging fruit and finding an 80% solution on a minimum platform set including Mac, Unix, and Windows. It was decided that we needed to pay people from institutions participating for "released time" in order to get results quickly. Discussion turned to how much each project might cost. Estimates ranged up to $50K. Projects also needed a commitment by institutions to use the results of our efforts. Fuchs observed that folks around this table represent the institutions who've historically generated their own solutions. If 50% of the people at the table could agree to buy any of these products it will be a success. It was proposed and agreed that the new name for this effort be "Common Solutions Group". It was then decided to separate authorization from authentication and to try writing a charter for the Authentication Task Force. A discussion ensued on the elements of this charter. It included such elements as: * Budget * Time-frame * General approach * 80% rather than 100% of solution * Cost-effective * 80% of the market * Probably Unix, Mac, Windows * Final deliverables * Architecture * Protocols * Single API * Single driver * Tools to facilitate use Van Houweling and Worona agreed to develop a full charge from this discussion. Raman Khanna agreed to chair this task force and names for possible participants were discussed. - ----- TUESDAY, MAY 24: VII. Review of progress and definition of the agenda for Tuesday -- Lynn AGENDA: Legislation -- Roberts Charge to Task Force -- Discuss, modify, approve/adopt charge to other tasks How to transmit charge Principles of participation How do we disseminate How to survive the Internet transition Schedule next meeting Minutes VIII. Legislation -- Roberts Mike described the efforts of public interest telecom groups to legislate "free time" on the Internet. Their efforts represented a lack of understanding of cost and cost recovery for Higher Education for Internet access. This exhibited the possible need for better "glossy" explanatory documents designed for the public. IX. Task Force Charges -- Van Houweling The group discussed, modified and approved a charter for the Authentication Task Force (Appendix A). It was decided to adapt this charge to a second effort. After some discussion, it was decided that Accounting and Billing was the choice. The Group then hammered out a charter for Accounting and Billing based substantially on the charter for Authentication. Geraldine MacDonald agreed to chair this effort. The Charter for the Accounting and Billing Task Force is included as Appendix B. The discussion then turned to principles of participation. Each of the members present agreed to contribute up to $5K to finance the two projects. These included CREN, Cornell, Michigan, Stanford, Harvard, Binghamton, MIT, Maryland, Colorado, NTTF, and Nebraska. Not present, but assumed as possible contributors were Minnesota, CICNet, NYSERNET, Utah, NorthwestNet, CNI, and North Carolina. CREN agreed to bill the institutions in a manner to be negotiated with the institutions and to manage the finances of the Common Solutions Group. Discussion then turned to the need to disseminate information on this effort. Ricart volunteered to create a Mosaic document describing this effort. X. Surviving the Internet Transition -- "saving the Internet" The following threats were identified: * Possibility for a rocky transition * Unreliable NAPs * Interchange failures * Possible lack of NAP awardee expertise * Lack of carrier cooperation on routing * NSF team disappearing * VBNS allowable traffic indistinguishable from unallowable What we can do: To address the NAP / interchange issues, encourage membership in a stronger CoREN and work with it to facilitate the transition. Reduce the pressure on NSF to speed the transition, as opposed to taking the time to do it right. Form an NTTF advisory group to monitor and, if necessary, advise the federal establishment, on the transition. XI. NEXT MEETING FOR SSG: September 26 and 27 -- Massachusetts; location TBA Hosts are Greg Jackson and Steve Hall XII. Next steps and action items for next meeting: 1. NTTF to monitor NSFNet transition, advise the NSF -- Roberts 2. Next meeting in Boston area -- Jackson and Hall as hosts. 3. Draft plans in advance of next meeting A. Authentication -- Khanna B. Accounting and Billing -- MacDonald 4. Provide draft plans for CSG doing business: rules of participation and investment -- Hall, Van Houweling, Roberts 5. A "Policies and Practices" document -- Klingenstein and Jackson 6. WWW Home Page for Common Solutions Group -- Ricart 7. Incorporation of what we've done into Doug Gale's matrix -- Gale APPENDIX A: Draft Charge to Authentication Project Planning Group (PPG) Preamble The Common Solutions Group is an ad hoc collection of individuals from universities and other allied organizations focused on creating common infrastructure and tools required for the future of our institutions. The CSG is currently acting as an architecture committee to define a set of key problems and commission the work required to address these problems in order to create the technological environment for spanning higher education institutions. We are concentrating on efforts that will have substantial impact in a short period of time. We anticipate this will require "80% solutions" and short project cycles. The results should be immediately applicable to the challenges facing higher education. Our effort is not focused on creating standards for their own sake, but on actually implementing solutions consistent with existing standards. AUTHENTICATION PPG SPECIFICS: Authentication PPG to complete its work by September 1, 1994 PROBLEM DEFINITION: We need the capability for secure, unambiguous, universal ("inter- realm") identification of an actor (including people, machines, services, etc.). We lack consistent API specifications and compliant drivers for the MacOS, Windows, and Unix environments. Current related approaches include Kerberos variations, Apple's AOCE, and Novell's and Banyan's proprietary directory services. Kerberos appears to be the best base for this work. A solution to this problem is a prerequisite for the following capabilities, among others: Digital signature and electronic approvals Correctly attributed communication/dialogs Authorizations and other universal attributes Easy implementation of common applications (e.g., "co-laboratory", business-processing applications including SPEEDE transcript transfer, etc.) Other considerations: How will realms collaborate on authentication? Other campus prerequisites, including a common name space PROCESS: Step 1: Review this draft charge and report back to CSG subcommittee on omissions, corrections; i.e., tell us what we should have asked. Reach agreement with CSG subcommittee on the real charge within a week of the first PPG meeting. The subcommittee Chair is Raman, and Stuart, Greg, and Doug VH to nominate committee members Step 2: Prepare report to be delivered by 9/1/94. Suggested content of report: * Environmental scan. Review existing products and protocols which are relevant to the problem solution. * Gap analysis. Describe deficiencies in existing products and protocols; i.e., what is missing in order to create a useful solution? * Recommended solution. What general combination of existing products/protocols, "glue", and new products/protocols are proposed? * Market analysis. Who will use the recommended solution and when? * Project plan. Should include an overall schedule for the project, including detailed specifications (with cost and schedule) of each task. APPENDIX B: Draft Charge to Accounting/Billing Project Planning Group (PPG) Preamble The Common Solutions Group is an ad hoc collection of individuals from universities and other allied organizations focused on creating common infrastructure and tools required for the future of our institutions. The CSG is currently acting as an architecture committee to define a set of key problems and commission the work required to address these problems in order to create the technological environment for spanning higher education institutions. We are concentrating on efforts that will have substantial impact in a short period of time. We anticipate this will require "80% solutions" and short project cycles. The results should be immediately applicable to the challenges facing higher education. Our effort is not focused on creating standards for their own sake, but on actually implementing solutions consistent with existing standards. ACCOUNTING/BILLING PPG SPECIFICS Accounting/Billing PPG to complete its work by September 1, 1994 PROBLEM DEFINITION: We need to enable a common, scalable set of protocols and services in support of financial transactions among buyers and sellers located on the network. These protocols will allow campus-based individuals or entities to order services or goods and vendors to charge for services or goods delivered. We presume this will entail the creation of trusted electronic "orders", "bills", and "receipts". Current approaches include NetBill, CommerceNet, the BellCore project, and several ad hoc campus solutions. Our preference is not to build a new solution, but to choose among existing alternatives. A solution to this problem is a prerequisite for the following capabilities, among others: Secure, network-based order entry Network-based accounting, billing, and collection Hand-off to campus and other accounting, billing, and payment systems Easy, open commerce over the Network both intra- and inter-campus PROCESS: Step 1: Review this draft charge and report back to CSG subcommittee on omissions, corrections, or narrowing of scope; i.e., tell us what we should have asked. Reach agreement with CSG subcommittee on the real charge within a week of the first PPG meeting. The subcommittee Chair is Geraldine, and Steve W, Doug VH, Steve H, and Bill Y to nominate committee members. Step 2: Prepare report to be delivered by 9/1/94. Suggested content of report: * Environmental scan. Review existing products and protocols which are relevant to the problem solution. * Gap analysis. Describe deficiencies in existing products and protocols; i.e., what is missing in order to create a useful solution? * Recommended solution. What general combination of existing products/protocols, "glue", and new products/protocols are proposed? * Market analysis. Who will use the recommended solution and when? * Project plan. Should include an overall schedule for the project, including detailed specifications (with cost and schedule) of each task.