Notes of TTC MEETING (29th September 2014, VC)
These notes should be read in conjunction with the more formal minutes of the meeting.
6. TERENA Technical Programme in NewOrg
Updated terms of reference for the technical programme forthcoming
VN: what kind of support NRENs want to have from TERENA when running an activity - Task Force (TF), Special Interest Groups (SIG), Special Interest Areas (not used any more)
VC: Only TF and SIG (Special Interest Areas is only defining the areas that are considered strategic by the community) – VC will send the terms of reference to the TTC mailing list
VN: There is a need of different levels of interactivity between NRENs; used to be TF, but if NRENs want to do something more lightweight, how do we do it? What is the factor that makes different activities different? SIG require less involvement from TERENA.
RE: TF can be as heavy weight as you want them to be (collaboration via video conferences and mailing lists)
VN: TF supposed to have deliverables and work packages; definitely see the merit in running the TF in a more relaxed way
RE: GEANT activities - very formal, maybe TF does not have to have formal deliverables. Milestones instead of deliverables?
VC: agree; TF are defined in the technical programme as having deliverables, but we never enforced that; seeing the need for looser ways for the community to work together we introduced SIGs
VN: what we are looking at is the number of levels, when NRENs want to set up something that doesn’t require a mailing list…
VC: any time NRENs wanted to have a discussion on any level, TERENA has accommodated that; there is a way to interact that is looser than SIGs - assistance to the community; don’t think that there is a need to formalise yet another level of collaboration
LD: maybe there is a need to inform the community of all the platforms of collaboration; there is discussion going on about what is going to happen in NewOrg about it; would want to see that as a category on its own. Also - wrong to assume that it wouldn’t require much staff involvement.
VN: agree, unsure if the levels are reflecting the level of engagement, but had no different way of trying to put it together
DG: if we set up any communication channel, it’s important to advertise it appropriately; make sure that people who might benefit from it would know it’s there
SP: “LEGO blocks” - people can compose what level of support they want (mailing list, wiki…), instead of concrete defining
VN: instead of offering packages, let people choose what they need
VC: the more we classify, the less things we can offer; we’ve always been extremely open - we might not have been good at communicating that to the community; spending more time formalising things might result in us being able to offer less; the reason why TF were introduced was because we were struggling with formalities and the idea was to go away with the formalities; we would lose flexibility in the community
SP: fixed categories with maximum and minimum? - need to make it less regulated, less formal; is there a need to discuss this now with NewOrg coming?
VN: the technical programme will survive for the coming years with no changes - technical programme has taken a decision which will not be formally eliminated after the merger; however trying to see ways in which TF and GEANT projects can coexist in the future
JD: support for TF is in the first phase of GEANT4 and should remain that way
SP: defining TF with the tunnel vision of TERENA or looking at it as an opportunity to talk about it more generally?
JD: need to raise visibility of TFs in GEANT4 in general
VC: this is outside of the TTC, its already happening - there is no issue to address, this is just FYI; we don’t have big issues concerning the technical programme; TFs included in the innovation chain of GN4, TFs and SIGs are specifically mentioned as level zero for communication and community collaboration in the proposal, this has been captured already
SP: why this discussion then? TF is in GN4 anyway.
VC: there has been reasons to consider changes to the terms of reference, we didn’t have SIGs then, we don’t need extra levels.
VG: the difference between TF and SIG not clear, the level of support from TERENA seems the same; the difference in the name - “TERENA Task Force” seems as a branding thing. Two options are enough, but need to clarify what the differences are.
YM: a year ago we already discussed the role of SIG in the TERENA portfolio; did we asses if the SIGs worked as expected? Agree that those two tools are enough and no need to introduce something new
VC: TF-NOC is still a SIG, the other one we will decide on today; not sure if there are any TFs to become SIG?
RE: the technical programme is here to stay.
VN (SUM UP):
- In general the current model is something sufficient for the NRENs to cooperate, let’s stay with the current structure with TF and SIG;
- Visibility and availability of different options need to be improved;
- Terms of reference of the technical programme - need to be updated, structurally will stay the same, updates on how we reference things.
7. Task Force Status, EMC2, CISO Charter
EMC2
BS: no progress on EMC2 - nobody wanted to be chair. Some Slovenian suggestions, Swedish and Finish showed interest. Some groups are showing interest in the campus space, NRENs are becoming more aware that there is a gap on the campus level, campuses not as capable; possibility for work in this area, but calling those people together to see if they are interested in doing something collaboratively or are they just country specific interests is worth exploring. A lot of ideas came up in the proposal of GN4, so there is a desire to do things in the area of middleware.
SP: the list doesn’t know that formally EMC2 has ended (facts stated, no discussion after that, it is implicit what has happened, but would be good to send another email about what is going on)
BS: final drawing to conclusion letter is a good idea
LD: and a Pear News item to inform the community
VC: the TF doesn’t exist formally; it’s not up to us to find alternative ways of keeping EMC2 alive, but would hope for the community to find some reason to stick together, sorry to see this community of 10 years disappearing, if there is something that TERENA should do in the area of middleware and something could be “born out of the ashes” of the EMC2 - would be happy to support, but it’s not up to TERENA to initiate that, but nobody from the community expressed a wish to continue
SP: not sure that a possibility of becoming a SIG has even been discussed, there will be something forthcoming, but people have to understand that it has been formally closed
VN (SUM UP) - formally EMC2 is closed; however, there might be will in the community to continue collaborations on middleware in some form
CISO
VC: Portfolio of Alessandra, was initially in the portfolio of Peter; Peter organised a BoF in Dublin; Alessandra followed up, meeting in Utrecht to discuss the proposed SIG. The proposed charter was forwarded to the TTC mailing list. If you approve it today it will be formally a SIG of TERENA. Mirroring the charter of a TF, steering committee (no chair) and one person from the secretariat (Alessandra), intention to submit periodically short reports to TTC
PS: Charter to be used in the future for SIGs; SIGs have no fixed mandate so they can go on as long as the community wants to collaborate; Appendix document might change every year
VN: is it the steering committee who writes the report?
PS: yes, secretary reads it for the TTC
RE: important topic, should receive a lot of interest, support it.
SP: what kind of reports are imagined? Something that other SIGs could follow; how often is “periodically”? I support the creation.
PS: report to TTC, not longer than a page + secretary’s comments, every year; TF-NOC works as a SIG, set up works very well - meetings organised, the steering committee shares responsibility, less work for the secretary
VN: What about the name change from CISO to ISM?
PS: it is not only for the Chief information security officers; changed the name to include different people working on Information Security in a broader sense, name not to suggest restriction.
SP: support the creation, a field that has not been professionalised; number of participants (15-20) - number seems quite high, but matches the current intended audience
PS: at the meeting we had 15 organisations
SP: what if 12 members? Will change the appendix?
VC: is 12 too small of a number? I don’t think so.
DG: topic in which you expect growing, 4-5 should be fine
SP: why have a minimum number?
MN: if the SIG wants to meet the target that they came up with? Let them do it
PS: established as an open group, can include universities, CIOs, information security specialists (like TF-CSIRT)
RE: SIG more informal, maybe should be looking at milestones instead of measuring level of participation
SP: it’s not about this specific SIG, its more about the process of thinking in line whether having this number - if the number is lower they would change the appendix or we would have to request a change
VC: Don’t ask KPIs in the charter of TF, so don’t know why he community came up with KPIs?
SP: comes from us indirectly because they don’t have deliverables so wouldn’t know if they are still alive
VN: generally positive, questions around the KPIs, but not the content in the SIG charter
YM: KPIs are a bit vague, but the objectives (of the SIG) not clear, elaborate a little bit more, put them into the paper - too broad at the moment
VC: agree with Yannis, very broad - was proposed, details on the programme that they intend to work with are in the minutes of the meeting in Utrecht, this document was forwarded to the TTC mailing list; agree that the substance needs to be evaluated - community has a clear view on what they want to work on; prefer to get an approval of the SIG today
BS: if we don’t approve the SIG, this group can be working outside of the technical programme; it’s important for TERENA to have a watching brief over what this group is doing
VG: the difference not clear between this SIG and the TF focusing on security, need to define differences more clearly, not enough information - maybe they can write what they will not be doing to give a better understanding
PS: all have been discussed in Utrecht, should be in the minutes
VN: agree with Valentino, important to take this forward, valuable area to collaborate; propose to formally acknowledge the SIG as proposed, and later have a renewed discussion on the KPIs - whether included on not
PS: KPIs should be updated every year
VC: there is already a web page, can send the link, all information available - question of whether Valter wants an updated version of the charter that actually addresses the issues that have been raised; can ask the SIG to update it
RE: support the creation of the SIG
VN: refine the objectives within a few months?
VC: we want a better version of the charter, refining the objectives?
VN: would be happy to accept the charter as it is today but tell the SIG that the TTC felt like the objectives can be retired and ask them if they want to refine that within coming 3 moths
SP: ask for an updated version of the received draft
VC: need a clearer action - clear about the objectives but information is in different places, so we are not able to access those objectives; let’s ask for an improved version that elaborates of the objectives
RE: update in 2-3 months
PS: charter written after a full day meeting, shouldn’t be a problem to come up with a new version on short notice
VN: approve the SIG, ask for an updated version for the November meeting with the expanded objectives and possibly revised KPIs
PS: if you want the KPIs to be revised, please advise how you want it done
VN: KPIs question - is it too heavyweight and too formal, could it be reduced?
PS: we can recommend them to do that
SP: we asked for it of a SIG (written for the benefit of the TTC) and now we are saying it is too much? If they don’t meet their KPIs they can still continue by updating the KPIs every year
PS: conclusion that if KPIs are not met then they can’t continue is not the only one - another conclusion can be that the steering committee is not capable, and other conclusions
VN: keep the KPI revision out of the suggestion
SUM UP - SIG approved
ACTION: ask for an updated version of the charter with more clearly refined objectives for the November meeting
8. Roll-out plan of New TCS
VC: want to consult the TTC mainly on the roll out but also about “the various flavours of the TCS service and what is the perceived value of various types of certificates”
The status of the contractual discussions - have chosen a new supplier (DigiCert), liaising with them trying to negotiate a contract, also involving our legal consultant; back and forth communication - tender require a new service to run in parallel of the existing one to run for at least 10 months, to ensure a smooth transition - new service much more expensive that the old one (twice) Question: when should this new service start?
Roll out: there was an agreement to run a pilot for approx. 10 months and then start the service; there were volunteers to participate at the pilot, initial experts suggested - need to find a way to start the service, cannot talk about a “pilot” for contractual reasons need feedback on the way of sorting out this issue
Proposal of introduction of new service - aiming to sign a contract with DigiCert so that we could start paying them in December - we would still want it to be used by a few NRENs to which the experts belong to; starting in January we could offer the service to other NRENs - maybe some want to start later; would start talking informally to the managers of those NRENs to figure out what type of pricing scheme we should device in order to cope with the increased costs, …
Financial issues to be discussed later, negotiations ongoing
NH: google chrome won’t work with the current certificates, little time (12 weeks) - caused problems with the current COMODO service and have two options: 1. request certificated through COMODO, 2. implement a separate CA for TERENA. Agreed to get own CA - getting a lot of demand from the community; there will be a SHA-2 solution with COMODO (not as fast as expected by the community) - won’t costs us anything
SP: happy with a later start
VC: January?
SP: for example
YM: important to have feedback about the portal - need to know the details ASAP about the new portal
VC: Nicole, can you send a note to every one of the message you’ve just given?
NH - will do.
VN: time frame - the estimate?
YM: given the differences, need to build something from scratch - hard to estimate the time frame
VC: should the new service be available on the 1st of January - would you wait or start even earlier?
YM: I would like to have it ASAP, but from the administrative perspective - extra cost
VC: no managers would be happy to hear this; need to understand the costs better
YM: GRNET took the initiative to provide to the members some cards - all of them with embedded certificates, we would include TCS - need to work towards this direction
BS: call on YM to lead the effort …
VC: not the highest priority of this discussion
DG: disregarding the financial issues, it is important to start early (ASAP not wait until January) with the integration of the services - no federation is the same
SP: if the API is public, need to be communicated to the current subscribers - [NH - it’s already done] personal certificates haven’t been mentioned - no idea how it’s going to work, but supposedly someone is working on that?
NH: 2 options but no answer yet; need to understand integration at DigiCert (missing for now, but will deliver soon)
VN: to sum up: value in providing the service ASAP
VC: charging separately for service certificates, personal certificates and code signing certificates - one of the options: bundling those in different ways, which would mean better ways of sharing the costs among the customers - not about the money, but value for money - should we continue charging separately meaning that the code signing certificates are adopted by a fraction of the customers, the different relative value of the various flavours of certificates that are offered now
NH: The DigiCert offering is different from COMODO offering - in DigiCert cannot distinguish code signing certificates so we won’t have that natural cut-off as now, a different kind of offer, a more expansive one
SP: leads naturally to the one price model Valentino proposed - service certificates necessary, others - nice to have, we would endure higher prices only for having the service certificates
DG: having it all available as a single bundle is a good proposal
SP: we don’t know what the signing process looks like
DG: all the same federation process
VN: need to encourage the use of certificates - would be much happier to see the bundle, but reluctant to put that forward if there is a different pricing of TERENA and DigiCert
NH: for TERENA is one price for everything, no distinction
VN (SUM UP): most are happy to have a bundle proposed
VC: shouldn’t come to the conclusion that we will offer that, but now we have feedback from you; next - Alessandra will spend some time exploring the views of the NRENs on the charging informally; meeting of TERENA executive committee coming up, will discuss this internally; will continue negotiations with DigiCert - aiming to sign the contract with DigiCert in October to start on the 1st of November; then have a discussion about the roll out
Ongoing notes of the meeting can be added here