UK Academic Community Directory Group Minutes of Meeting on 5th September, 1990 Paul Barker Organisation: UCL Document Location: UCL _A_B_S_T_R_A_C_T Minutes of the Eighth Meeting of the UK Academic Community Directory Group held at Edinburgh University on Wednesday, 5th September, 1990. October 3, 1990 UK Academic Community Directory Group Minutes of Meeting on 5th September, 1990 Paul Barker Organisation: UCL Document Location: UCL Present: Adrian Barker Bloomsbury Paul Barker UCL (Secretary) Chris Bayliss Birmingham Asif Bhatti Reading Graham Carpenter Surrey Tim Clark Warwick Julie Cook Oxford Jonathan Couzens Imperial Shirleen Craig Heriot-Watt Jim Craigie JNT (Chair) William Craven Sussex Bob Day RAL Andrew Findlay Brunel Brian Gilmore Edinburgh Karen Goswell RAL Mike Guy Cambridge Julia Hill Heriot-Watt Robert Hogg Bradford Steve Kille UCL Max Lang Southampton Damanjit Mahl Brunel Peter Mills Manchester Stefan Nahajski Brunel Julian Onions X-Tel Tony Roadknight X-Tel Colin Robbins UCL & X-Tel Graham Rule Edinburgh Sandy Shaw Edinburgh Kel Shorey Strathclyde Linda Skordellis ULCC Hugh Smith Nottingham & X-Tel Rodney Tillotson RAL Alan Turland Edinburgh John Williams Aston - 2 - Apologies for absence from: Brian Bullen Stirling _1. _A_p_p_r_o_v_a_l _o_f _t_h_e _A_g_e_n_d_a The following agenda was agreed upon: 1. Introductions 2. Review of minutes of the meeting held on 2nd May 1990. 3. Matters arising. 4. Quipu implementation status report 5. Brunel's user interface implementation status report 6. Status of other known Directory implementations 7. Directory pilot sites status reports 8. Report on the RARE Working Group 3 and RARE Directory Project 9. COSINE Project 10. New Support Arrangements 11. Quipu course 12. Document on explanation of the Directory for administrators 13. Access control and security 14. Simple user interface and user-friendly naming 15. Any other business 16. Date of next meeting _2. _A_p_p_r_o_v_a_l _o_f _m_i_n_u_t_e_s _o_f _p_r_e_v_i_o_u_s _m_e_e_t_i_n_g The minutes were approved _n_e_m _c_o_n. - 3 - _3. _M_a_t_t_e_r_s _A_r_i_s_i_n_g Jim Craigie was required to write to academic institutions to determine their preferred name forms. This had still not been done. It was agreed that it was important that this action be completed as it was not easy to alter organisations' RDNs. By dint of the oft repeated mistake of suggesting something sensible (i.e., that someone else drafted the note), Peter Mills was coerced into producing a draft of this note. The action remained on Jim Craigie to send the note. The note on explaining X.500 to administrators was presented in draft form and discussed at the meeting. See section 12 for discussion. The Data Protection Registrar had indicated that there was no problem for sites to replicate each other's data so long as they were registered as computer bureaux, which was the case for most computer centres. It was not completely clear whether this covered replication for all purposes. The DPR would come to the next group meeting to clarify this and other issues. Bob Day had not collated the site reports from the previous meeting, but would do so for the current batch or reports. It was realised that there were two useful strands to be drawn from such collation. First, the reports provided a form of monitoring on how much information was in the directory and what sort of access was being provided to that information. Second, the combined reports could indicate which were the most pressing problems at the time, and how and when those problems were resolved. The effect on Quipu caused by X.25 temporarily disappearing had been investigated, but there did not appear to be a problem. It was thought that past bugs in SUNLINK and ISODE may once have caused problems. It was, however, recommended that listeners use sub-addresses, rather than trying to multiplex on the basis of PIDs. The Quipu developers reported that DSA relaying had been implemented and would be available in the next release of Quipu. Support (the secretary) regretted that no advice had been prepared for those sites who had configured their systems according to the initial disk layout, and who wished to reconfigure in line with the amended layout. It was hoped that X-Tel would be able to help here in the future. The document archive had been created and advertised. Details on how to obtain the directory user interface for - 4 - the Macintosh had been provided. Comments from a couple of sites who had ported the interface suggested that the interface was not all that was desired. _4. _Q_u_i_p_u _i_m_p_l_e_m_e_n_t_a_t_i_o_n _s_t_a_t_u_s _r_e_p_o_r_t A substantial note on "Management in Quipu" was presented to the meeting by Steve Kille. Comments were requested on the paper. Since the last meeting, a number of areas had been worked on: o Management tools o Performance enhancements o DSA relaying now implemented o Asynchronous DUA almost ready o DSA probing o New audio attribute! Volunteer sites were sort for experimentation with strong authentication. _5. _B_r_u_n_e_l _u_s_e_r _i_n_t_e_r_f_a_c_e _i_m_p_l_e_m_e_n_t_a_t_i_o_n _s_t_a_t_u_s _r_e_p_o_r_t Andrew Findlay announced that the interface design document was ready. Copies were available at the meeting, and a postscript version would be made available in the UCL-CS document archive. (Details on how to get this document at the end of this section) Brunel now had a new contract with the JNT. This revised the order in which things were done. The need to demonstrate directory interfaces at Networkshop had resulted in one interface being produced as a rush job, namely pod. However, this interface had withstood the test of time and, with some modification, was evolving into the final product. (A new version of the interface would be released approximately two weeks after the meeting. This new version of pod would allow modification of entries.) People seemed to want the interface in a variety of forms. In an effort to please all the people all of the time, the interface was designed as a kit of parts, which could be assembled appropriately according to a configuration file. In due course, a Motif implementation would be made available, which would match Nottingham's XUA mail user agent. - 5 - A version for a PC was almost working, but Brunel were still waiting for the protocol stack. This version was less configurable than pod, but offered users 3 levels of sophistication/difficulty. A new version of SD was also available. This offered no great change in functionality, but provided greater robustness. An interface, similar in style to SD, would eventually be available for low-end PCs. To obtain the design document from the UCL-CS info-server, complete a mail message as follows: From: Joe.Soap@somedomain To: info-server@uk.ac.ucl.cs Subject: Anything you like -------- request: dirpilot topic: xdir.ps The document is also available by FTAM or FTP thus: FTAM to 00000511160013, username = anon, no password NIFTP to uk.ac.ucl.cs, binary mode, username = guest, password = (Your mail address in the form user@site) filename = xdir.ps The document, and various interface sources, are also avail- able from Brunel thus: NIFTP: Host: uk.ac.brunel.ft User: guest Password: Mode: BINARY File: pod.tar.Z File: sd.tar.Z File: xd.tar.Z File: design.ps.Z FTAM: Host: brunel User: anon File: x500/pod.tar.Z File: x500/sd.tar.Z File: x500/xd.tar.Z File: x500/design.ps.Z - 6 - _6. _O_t_h_e_r _D_i_r_e_c_t_o_r_y _i_m_p_l_e_m_e_n_t_a_t_i_o_n_s The OSIWare system had been demonstrated at the IETF meeting in Vancouver in June. The system had been seen to interwork with Quipu. A UNIX version of the system was currently out on beta test - a release was not anticipated before the end of this year. There was no indication about whether there would be a VMS port. Rutherford said that they might be interested in running the OSIWare software, if the software was made available to the academic/research community. British Telecom had announced their "COHORT 500" system this summer. However, COHORT was not a full X.500 system. It was marketed as "the internal company directory that grows with you". It was not at all clear what, if any, relationship this product had with X.500. Nevertheless, it was felt that the group would be interested to hear a representative of British Telecom talk at one of the group meetings, and if possible, see a demonstration of COHORT. There was some discussion about work done on porting ISODE onto VMS. Peter Kay in New Zealand was known to have ported the protocol stack and FTAM, but it was not known whether this port had been done on the fairly recent asynchronous code. It seemed apparent that the key problem to solve was getting a DUA ported onto a VMS system, as this would open up the Directory to a large community of users. It was argued that access could be provided to VMS users through PADs, but most felt that this was unacceptable. The chair indicated that the JNT would sponsor a port of a DUA onto VMS. _7. _R_e_p_o_r_t_s _f_r_o_m _D_i_r_e_c_t_o_r_y _P_i_l_o_t _s_i_t_e_s Most sites indicated that their written reports made all the points that they wished to make. This section thus concentrates on areas which provoked discussion at the meeting. Adrian Barker of Bloomsbury initiated a discussion on data protection issues. It was probably true to say that most university Data Protection Officers (DPOs) did not fully understand the ramifications of the X.500 Directory with regard to data protection issues A number of questions were frequently asked by DPOs: o Can commercial companies list the data? o What should individuals' rights be w.r.t. ex-directory entries? o Does the Directory open the floodgates for more junk - 7 - mail? It was noted that there were no technical problems with registering under the DPA. However, there were severe problems of university administrations being worried about X.500 being a "can of worms" which they could well do without. It was recognised that a code of practice would go a long way to easing these problems, and that such a code should be developed. It would probably be of use to all institutions in the academic community. Andrew Findlay would draft a copy of a code of practice regarding use of the Directory. The DPOs were due to meet next February and would benefit from a soothing note on these issues. This note would supplement and set in context the DPA proforma registration form already developed. Julia Hill would provide this. John Woulds, the Assistant Data Protection Registrar, would be invited to the next Directory Group meeting. Edinburgh, who at the last meeting reported that making information about students publicly available, without their explicit consent, was proscribed by university policy, said that they now had a paragraph about the directory on their login-request forms. People could now indicate if they wished to be in the Directory or not. Reading asked whether they should have applied the Quipu-6.1 upgrade. The answer was a definite _y_e_s, as this upgrade closes a serious security loophole. Colin Robbins was to circulate instructions to the directory group list on how to obtain and apply the upgrade. Rutherford asked for a jnt-mailbox attribute, where mailboxes could be stored in the U.K. order. There then ensued a religious argument about whether or not interfaces should be transforming the rfc822 mailbox, or whether this new attribute was beneficial. There was a lengthy discussion about whether this attribute should be proscribed, optional, recommended or mandatory. The discussion was broadened somewhat when the chair suggested that in fact the X.400 mailbox attribute (ASN.1, not text- encoding) should be the mandatory one, if any electronic mailbox attribute was made mandatory. Following an historic vote, the consensus of the group was that "a jnt-mailbox attribute will be made available, but no recommendation is made that sites should include this attribute". Surrey asked about the prospects of using Oracle as the DSA's database. Steve Kille replied that this was not part of the Quipu workplan, but said that many people were interested in seeing such a port. However, Quipu had use of the in-memory database very much "designed in", and porting Quipu onto a database package was a non-trivial task. - 8 - It was noted that a large number of university administrations (20-30) were using, or planning to use, Oracle systems. The MAC initiative was aimed at a coordinated approach to administrative computing for various "families" of universities. It seemed prudent that the Directory Group tried to influence the work of the MAC initiative, so that X.500 requirements were designed into systems from an early stage. The same arguments applied to all the MAC families. For the Quipu developers and erstwhile supporters, Steve Kille said that he would like to see more effort going into improving the availability of DSAs. Colin Robbins would provide a set of simple instructions on how to ascertain whether a site's DSA was accessible remotely. _8. _R_e_p_o_r_t _o_n _R_A_R_E _W_G_3 There had not been a meeting of WG3 since the last Directory Group meeting. There was nothing new to report. _9. _T_h_e _C_O_S_I_N_E _p_r_o_j_e_c_t The COSINE proposal was progressing, but deep in bureaucracy. It seemed likely that the project would go ahead. Since an end data for the project had been fixed, there was considerable pressure to start the project as soon as possible. _1_0. _N_e_w _s_u_p_p_o_r_t _a_r_r_a_n_g_e_m_e_n_t_s Since the previous directory group meeting, X-Tel had been awarded the support contract for both Quipu and the PP mail system. Hugh Smith spoke to the meeting about the new support arrangements. In some ways, the situation was not yet fully stable. X-Tel were moving into new accommodation in the very near future. Support mail addresses were not yet finalised or available as X-Tel were not yet registered in the NRS, but support could be obtained in the interim by contacting quipu- support, which would be read by X-Tel personnel. Outlining the goals of X-Tel, Hugh indicated that they were interested in selling both products and support. Colin Robbins was identified as the principal support person for Quipu, and Julian Onions occupied a similar role for the PP system. The following services to the academic community were covered by the JNT contract. Configuration Configuration of new hardware with pilot software at X-Tel premises before delivery to - 9 - sites. Updates The preparation and distribution of updates, together with installation documentation (excludes SUNOS) Site support Problem resolution via telephone, email and network support. Bug fixes The fixing of bugs in liaison with the UCL developers. Documents A document archive will be kept which will duplicate the documents kept at UCL. Programs An archive of binary and source programs (such as the latest distribution of Quipu) will be maintained. DSA Maint. UCL will continue to maintain the UK master node, but community changes will be handled by X-Tel. X-Tel could provide additional support services to sites at extra cost. U.K. academic support would be given a separate mailbox, to make this activity distinct from general support of Quipu. A number of questions were asked about the support of the PP system. The support arrangements were similar, although PP was a much more service oriented system. It seemed likely that a series of PP meetings would be necessary. On a general note, indication was given that support would be given to problems occurring on non-standard systems, if they could be reproduced on the standard hardware and software configuration. Support would be given on a "best efforts" basis to those running non-standard systems. Finally some practicalities about support were covered. Past experience had often shown that problems could be solved within a minute or two if an expert was allowed to log onto a site's directory machine. Superuser access was not always necessary, as often the problems only required minor alterations to EDBs etc. It was suggested that if passwords needed to be conveyed to the support site, that they should be provided by telephone rather than by email. _1_1. _Q_u_i_p_u _c_o_u_r_s_e A booking cut-off date of the 14th September was announced for the Quipu course, which was scheduled for the 27-28th of September. The chair indicated that the JNT were unlikely - 10 - to fund further courses, and this position had to be made clear to all in the directory group. _1_2. _D_o_c_u_m_e_n_t _o_n _e_x_p_l_a_n_a_t_i_o_n _o_f _t_h_e _D_i_r_e_c_t_o_r_y _f_o_r _a_d_m_i_n_i_s_t_r_a_t_o_r_s Julia Hill presented a draft of the document she had prepared for university administrators. There was insufficient time for those at the meeting to digest the material therein in detail, but the author took the meeting through the main points of the document. The following comments were made: o The document was too long as it stood as a first document for administrators. A two page "glossy" was required for initial digestion, and the initial document could then be offered if there was a request for further information. o The role of the Directory in managing communications facilities had to be emphasised. Failure to use the Directory could lead to loss of facilities. o The ability to go ex-directory had to be discussed. This might mean ex-directory in the sense that ordinary users could not see the entry, although the entry was in fact in the X.500 directory, but concealed by access control. Julia asked for comments on the draft document to be sent to _d_i_r_e_c_t_o_r_y@_h_w._c_l_u_s_t _1_3. _A_c_c_e_s_s _c_o_n_t_r_o_l _a_n_d _s_e_c_u_r_i_t_y There was a general clamour for more information and explanation about what was available. People needed a range of further information: o What facilities were currently (or would soon be) provided? o What measure of security did these facilities provide? o What impact on performance resulted from using these facilities? o Did the code _r_e_a_l_l_y work? It was felt that there were insufficient examples of access control lists in the documentation, and that no-one felt that they could set up acls with any degree of certitude that the acls did what was intended. A tool was needed to help configure acls. - 11 - Access control requirements could be very detailed and complex. However, it was also noted that access control was not just a question of technical feasibility, but just as much one of policy. In particular, _d_i_r_e_c_t_o_r_y _e_x_p_e_r_t_s needed to be very clear when talking to admin people about the distinction between what the system could and couldn't do, and should and shouldn't do. It was suggested that UCL and X-Tel should give a presentation at the next meeting on what could and couldn't be done with access control in conjunction with the various degrees of authentication. _1_4. _S_i_m_p_l_e _u_s_e_r _i_n_t_e_r_f_a_c_e _a_n_d _u_s_e_r-_f_r_i_e_n_d_l_y _n_a_m_i_n_g The secretary said that he had been charged by his head of department with making available user interfaces for the members of his department. He was finding this surprisingly difficult, despite the seeming plethora of options. Brunel has provided X-based and screen-based interfaces and these were suitable for use in a department with a large number of workstations. However, the secretary felt that there was still room for an "ultra naive, line-based, prompting interface", and that this need had not been addressed by Brunel's work. It was possible to concoct interfaces which had approximately the desired behaviour using dish scripts, but these proved to be too slow. On another tack, some prototype work had been done on implementing Steve Kille's user-friendly naming design, but this work was far from finished. In short, something else was required. The discussion was terminated by the secretary being given the task of specifying a design for a ultra-naive users' interface. _1_5. _A_n_y _o_t_h_e_r _b_u_s_i_n_e_s_s There was a brief discussion about Network Time Protocol (NTP). The JNT were funding a Rugby clock. This would be situated at UCL, and attached to the UCL Directory machine. Other sites could synchronise with the UCL level 1 clock using NTP running over Remote Operations Service (ROS), as specified in RFC1165. _1_6. _D_a_t_e (_a_n_d _p_l_a_c_e) _o_f _n_e_x_t _m_e_e_t_i_n_g. Monday, 10th December, 1990, in the Staff Dining Room, in the basement of the Windeyer Building, Middlesex Hospital, Cleveland Street, WC1 (about 5 mins walk from UCL Computer Science department) _1_7. _A_c_t_i_o_n_s _b_e_f_o_r_e _t_h_e _n_e_x_t _m_e_e_t_i_n_g. PMills To draft a note to be sent to academic institutions to determine their preferred - 12 - name forms. JC To edit and send this drafted note PB To add Brunel's design document to the UCL-CS info-server JC To invite Steve Brabner of British Telecom to the next meeting to talk about COHORT 500 JC To find out about the licensing and availability of the OSIWare X.500 implementation JMH To provide a brief note on X.500 for Data Protection Officers as a cover note to the proforma registration form JMH To provide a (no more than) 2-page guide to X.500 for administrators all To provide comments on JMH's document "The X.500 Directory Service - An Introduction for Administrators" AF To draft a code of conduct on usage of the Directory JMH To invite John Woulds (the Asst Data Protection Registrar) to the next meeting. all To comment on SEK's document "Management in Quipu" PB To distribute the embryonic data management tools via the UCL-CS info-server BDay To produce a summary of the directory pilot reports, containing all the nuggets of information of more than ephemeral interest. CJR To re-publicise how to obtain and apply the Quipu-6.1 upgrade. UNIX X-Tel To provide a tool to convert rfc822 addresses into X.400 addresses CJR To provide a procedure to enable sites to ascertain whether their DSA is visible remotely. all Volunteers required for experiments with strong authentication - 13 - UCL & X-Tel Presentation on what can and can't be done with authentication and access control SEK Circulate the note on user-friendly naming PB Specify a line-based, ultra-naive directory user interface. X-Tel | Brunel Take over the running of the directory-group and directory-pilot lists? X-Tel Set up and publicise the new support lists