TF-AACE Terms of Reference

April 8, 2002

Discussed at the 4th PKI-COORD meeting
March 13, 2002

(Authentication and Authorisation Coordination for Europe)

1. A Task Force is established under the auspices of the TERENA Technical Programme ( to investigate the issues related to deployment of Authentication, Authorisation and other Security related services among the European NRENs and research community. It will be known as TF-AACE (Authentication and Authorisation Coordination for Europe)

2. The aims of the Task Force is:

a) To provide a forum for exchanging experiences and knowledge in the area of authentication and authorisation technologies and deployment within NRENs;

b) To encourage the deployment of a interoperable (inter-institutional) authentication and authorisation infrastructures and services in the TERENA community;

c) To coordinate the TERENA communities contribution to the standardisation process through liaisons with the appropriate groups including IETF, ETSI, GGF and Internet2

3. The Task Force is open to any individual or representative of an organisation that can offer appropriate expertise, manpower, equipment or services. It will be composed primarily of staff members of National Research Networks.

4. The Chair of the Task Force is Diego Lopez. He is responsible for preparing the agenda for each meeting and for coordinating the work of the Task Force. He will also be responsible for ensuring that any agreed deliverables are produced.

5. The secretary of the Task Force is appointed by TERENA. He is responsible for taking the minutes at each meeting and for making logistical arrangements as necessary.

6. The Task Force will operate with a two-year mandate, starting 1 May 2002 with agreed activity Programme for two years. A mid-term milestone is set May 2003. A report on the progress of the Task Force and the results achieved so far willbe presented at the  TERENA Networking Conference in 2003. The mandate of the Task Force may be renewed by the TERENA Technical Committee (TTC). If the mandate is not renewed, the Task Force will be dissolved. The Task Force may also be dissolved if the TTC considers that it is making insufficient progress or that its activities are no longer useful or relevant, or if the Task Force chair resigns and no replacement can be found.

7. The Task Force will meet at approximately 4-months intervals (although this may be via telephone or videoconference). Physical meetings will normally be held at the TERENA offices in Amsterdam or in other locations at the discretion of the Chief Technical Officer, though care should be taken to reduce overall costs to participants.

8. Reports and other results of the Task Force will be placed in the on the TERENA web site and will be in the public domain, with the exception of activities that are subject to a commercial Non-Disclosure Agreement.

9. The Task Force will have an open mailing list and web site, operated by TERENA for the communication and information dissemination.

10. TF-AACE will liaise and coordinate its activity with other TERENA task forces and activities (particularly, TF-LSD, mobility, etc.) providing input on AAA issues.

Work items, deliverables and timetable

A. Define interoperability requirements for a European Academic PKIs, including guidelines for PKI deployment at NRENs, and addressing  international issues in PKI use (e.g., personal identity, key escrow,  etc.)
[June2002 - October 2003]

A.1. Prepare a questionnaire on PKI applications and requirements, to be distributed to NRENs and other communities relevant to the academic environment (essentially, Grids)
[June 2002]

A.2. Collect the results of the questionnaire on a requirements survey
[September 2002]

A.3. Collect current practices and policies in active European academic PKIs and evaluate their interoperability
[April 2003]

A.4. Produce a report on interoperability requirements and a document with deployment guidelines, taking as input the results of the above tasks
[October 2003]

B. Define common requirements for inter-institutional authentication and authorization, providing a framework for harmonizing NREN initiatives
[October 2002 - April 2004]

B.1. Investigate the different approaches to inter- and extra-institutional A&A, analyzing the alternatives in architecture and protocols. Produce a report on these alternatives
[October 2002]

B.2. Define the components and protocols to guarantee an harmonized operation of A&A systems
[June 2003]

B.3. Set up a reference implementation, with the objectives of: a) Validating the component and protocols defined in the above task; b) Providing a way for the evaluation the interoperability of existing and future A&A implementations
[April 2004]

B.4. Run two workshops on inter-institutional authentication and authorisation. [October 2002 and October 2003]

C. Investigate/compare use of hierarchical and bridge PKI/CA and make recommendation for European NRENs.
[April 2003 - April 2004]

C.1. Define an experimental setup for evaluating BCA technologies, including software to be used, tests to be performed and (at least) three different PKIs to be "bridged"
[April 2003]

C.2. Perform the experiments defined in the above task and report their results, including an assessment on the use of bridge technologies
[April 2004]
D. Investigate existing initiatives on common identity on the Internet (e.g., Microsoft Passport, Liberty Alliance, others)
[February 2003 - April 2004]

D.1. Report on the activities at D above [April 2003, April 2004]

E. Liaise with Internet2 and GGF in PKI/AAA related projects. Exchange information and contribute to common/similar projects to ensure compatibility of PKI/AAA infrastructures

[Reporting regularly to TF and TTC]