LDAP Services Deployment

DRAFT Minutes of the 6th TF-LSD Meeting

2 June 2002, Limerick


1. Opening, introduction and agenda bashing

Meeting was attended by 20 people. A list of the attendees can be found in the appendix to these minutes.

Apologies were received from David Chadwick (University of Salford), Tomasz Wolniewicz, NCU, Henny Bekker, SURFnet.

2. Minutes of last meeting (March 12, 2002, Amsterdam)

The minutes of the previous meeting held on 12th March 2002 were approved without changes.

3. Actions from previous meetings and pilot projects update

As it was agreed at the last TF-LSD meeting, the focus of this meeting should be completely on the TF-LSD deliverables. No specific issues regarding open actions were discussed apart of those related to the status of the Deliverables.

4. Discussion of TF-LSD deliverables status

4.1. Deliverable B: Investigation of the various directory indexing implementations based on CIP and their interoperability - RH and HB

This Deliverables is in its final stage but Henny Bekker who supposed to present it to this meeting could not make to the meeting because of Air Lingus strike. It was decided that Henny will send his presentation to the tf-lsd mailing list and soon the final document.

4.2. Deliverable C: Study on the privacy issues arising with the public pan-European White Pages service - PG

Peter Gietz presented recent updates on the Privacy document which was sent to the list in advance to the meeting ( http://hypermail.terena.nl/tf-lsd-list/mail-archive/att-0446/01-Privacy-TF-LSD-Del.-Cv1.1.doc). The presentation can be found from the meeting's programme page http://www.terena.nl/task-forces/tf-lsd/tf-lsd6th020602agenda.html.

No comments received other than at the last meeting. These comments were on crawler detection and crawler policy and are included into new chapter 3 on Generic description of the White Pages Indexing System. Additionally, Privacy enhancing technologies are renamed to Privacy preserving technologies.

Peter went in details through the new chapter 3 that covers such issues as overall architecture description, referrals, data sources, indexing schema described as minimal set of attributes, crawler detection and crawler policy. People discussed issues of different forms of data subject's consent: with signature on paper, via e-mail, or implied by non-objection. This issues has different exposure in different countries (or even organisations/universities) and depend very strongly on local legislation. Micahel Gettes suggested that they at NMI/Internet2 need to check how their LDAP Recipe matches to European legislation and possibly to make changes.

Discussion on Crawler detection deserved a suggestion to include into section 3.6.1 a statement about maintaining "black list" (registry) of banned IP addresses.

People also agreed on two other issues regarding the content of the document:
1) move some parts (more technical) to the White Pages definition (Deliverable D);
2) include information about related developments in other parts of the world; Michael Gettes agreed to contribute on Internet2 developments.

4.3. Deliverable D: Definition of a European wide White Pages service; current status and next steps - Crawler Policy (PG)

Peter Gietz gave presentation on Crawler Policy which is a part of SUDALIS Project between SURFnet and DAASI (full presentation is available from the meeting programme page - http://www.terena.nl/task-forces/tf-lsd/tf-lsd6th020602agenda.html). This is work is considered to be a part of the Deliverable D.

The key issue of the proposed solution is a pointer to the Crawler policy placed in the root of the directory to be indexed. Data administration is flexible to define which part of the directory is allowed to be indexed. Peter explained new attributes that define server side crawler policy.

Crawler looks at the root DSE whether Directory has a Policy and next look at the Policy and match it with the own policy. It is expected that Crawler will index only allowed subtree, no negotiation is suggested. Crawler is expected to obey the Policy. Access restrictions can be put on server side but this is rather difficult. One of solutions may be Crawler registration.

4.4. Deliverable E: Setup of an experimental service for a CIP based European wide White Pages index service - KC and/or RH

Roland Hedberg informed that there is some work in NEEDS that can be presented as a Deliverable E. He explained that the technology itself is very simple, all remaining problems and difficulties are concerned with the selection what attributes to index, privacy and security. Another problem is related to scaling: how to sign-on a new organisation. Roland also remarked that White Pages is not a "killer" application for CIP, and other applications that need access to resources from everywhere should be considered. The question is whether Authentication and Authorisation can be these applications.

Peter Gietz asked who will volunteer to lead this deliverable but nobody show up at the moment. Peter will write his part to this Deliverable. People asked about the possible status of the final document. It was suggested as an issue to think about.

4.5. Deliverable F: Investigate the possibilities to reference between the X.521 naming and DC-naming and the referral mechanisms to set up a DIT between LDAP servers via distribution of knowledge information - TV and DL

Ton shortly updated on this Deliverable. The idea behind was to have access to LDAP data regardless of the naming scheme. The working solution currently being implemented by RedIRIS and next by SURFnet is to have static parallel access/resolution. Related documents had been sent to the list, further step is to see the differences. Ton proposed to postpone discussion to the list.

4.6. Other Deliverables G, H,I

Discussion on Deliverables G and H related to using LDAP for PKI was proposed to move to the TF-AACE meeting if time will allow. Discussion on Deliverable I to be included into the Agenda of the next TF-LSD meeting.

5. New developments

5.1. LDAP/Directory standardisation at IETF - RL "Bob" Morgan

RL "Bob" Morgan from University of Washington and Internet2 provided update on LDAP related standardisation at IETF. Currently two WGs are dealing with LDAP:

  • LDUP WG (LDAP Duplication/Replication/Update Protocols) is dealing with replication issues;
  • LDAPbis (LDAP (v3) Revision) WG, which is chaired by Kurt Zeilenga and RL Morgan, is revising LDAP related RFCs and shepherding them through the Internet Standard process.

Bob overviewed work of LDAPbis WG where he is involved deeply. He informed that ongoing LDAP standards revision doesn't make any actual changes, only removals. He expects from this group (i.e., TF-LSD) contribution on implementation cases and current practice.

6. AOB and next meeting

No AOB were discussed. Discussion about the date of next meeting which will the final meeting under current TF-LSD Term of Reference to be initiated on the mailing list.

7. Summary of actions from the meeting

No specific actions from the meeting have been suggested apart of recommendations to the Deliverables.

Appendix. List of the 6th TF-LSD attendees 2 June 2002

1 Axelsson, Paul Upsala University
2 Daskopoulos, Dimitris GRNET
3 Demchenko, Yuri TERENA
4 Derenale, Corrado Politecnico di Torino
5 Direk, Mustafa Hadi Tubitak-Ulakbim
6 Gettes, Michael Georgetown University
7 Gietz, Peter DAASI International
8 Gomez, Izabel Barroso USIT/UoO
9 Hedberg, Roland Catalogix/NEEDS
10 Ivarsson, Lars-Owe Upsala University
11 Jakobsen, Bard Henry Moum USIT/UoO (aff. UNINETT)
12 Kanner, Janne CSC, Finland
13 Klingenstein, Ken Internet2
14 Milinovic, Miroslav CARNet / SRCE
15 Morgan, RL "Bob" Univ. Washington/Internet2
16 Penezic, Dubravko CARNet / SRCE
17 Saragiotis, Panagiotis GRNET
18 Sova, Milan CESNET
19 Verharen, Egon SURFnet
20 Verschuren, Ton SURFnet