Certificate+Discovery+For+Direct+Project+SWG+Meeting+Minutes+2011-07-25


 * Meeting Date**: 07/25/2011
 * Meeting Title:** PD Certificate Discovery for Direct Project SWG Meeting Session 7

Agenda/Objectives:

 * **Topic** ||= **Time Allotted** ||
 * DNS for Direct Project Recommendation Review Page || 15 min ||
 * Review of LDAP Direct Project Recommendation Review Page ||= 75 min ||

Attendees:
__Workgroup Attendees:__ Vince Lewis, Chris Andreou, Robert Dieterle, Peter Bachman, Ernest Grove, Kelly Conlin, Jonathan Tadese, Ken Pool, Don Jorgenson, John Moehrke, Karen Witting, Alex de Leon, Rao Parvatam, Lester Keepper, Erik Pupo, Victoria Njoku, Ananya Gupta, Lin Wan

__Panelist Attendees:__ Erik Pupo, Jonathan Tadese, Kelly Conlin

**Action Items:**
“Yes with comments” were provided by Brett Peterson and McLain Causey ||
 * **Date** || **Description** || **Owner** || **Status** || **Notes** ||
 * 7/25/11 || Develop LDAP guidance || Erik, Bob, John, Peter, Les, Ken, Alex, and any other interested SWG members || OPEN ||  ||
 * 7/18/11 || Gain clarity from ONC regarding universal certificate discoverability || Harmonization Support Team || OPEN || Refer to meeting minutes below ||
 * 7/18/11 || Conduct preliminary environmental scans || All SWG Members || OPEN || Refer to Query for Digital Certificate for Direct Project - Ecosystem Consensus Wiki Page ||
 * 7/18/11 || Gain clarity regarding when Direct Rules of the Road will be finalized || Harmonization Support Team || OPEN || Refer toDirect Project Recommendation Review ||
 * 7/18/11 || Present revisions made to the Use Case to address “No” and “Yes with comments” votes from Committed Members || Use Case Support Leads || CLOSED || “No” votes were provided by Les Keepper and Ernest Grove.
 * 7/18/11 || Review SWG Meeting Minutes and provide any corrections || All SWG Members || OPEN || Refer to meeting agenda and minutes section of SWG page ||

**Meeting Minutes:**

 * Brief follow up discussion regarding the DNS for Direct Project Recommendation Review Page**


 * Review of LDAP Direct Project Recommendation Review Page**:
 * Les: LDAP has a great deal of support in the community and is being used in many places. What is the difference between the support of LDAP and DNS?
 * In the context of the Direct Project, most of those pilots use DNS.
 * Global automated federated querying is a way to query at the national level
 * There was a belief that LDAP was incapable of performing this global querying
 * DNS pilots do exist although we have yet to receive a lot of feedback on those pilots from Direct Project participants
 * Our team should learn why pilot participants who initially wanted to use LDAP and requested to not use DNS did so
 * We should learn why they didn’t just roll out directly using LDAP
 * They were looking towards rolling out a provider directory with capabilities to our use case 2 but didn’t know how to use a minimalist form of LDAP for the direct need while not causing trouble for a future full-on provider directory
 * This is the same type of problem that the harmonization team confronted with now (use case 1 short term goals vs. overall long term capabilities)
 * SRV field commonly available with DNS; allows someone to reference an LDAP server
 * Has advantages of both LDAP and DNS
 * It is important that we understand the benefits and limitations of the environment into which we are trying to implement a technology
 * We should include political factors, etc. when we’re doing an evaluation and consider not only the maturity of the standard but also if there is a ‘market issue’ where the technology itself is problematic with dominant players
 * Discussion regarding ease of certificate publishing versus certificate discovery
 * Currently, LDAP is being used for security (user verification, etc.) in other industries; not particularly used in healthcare. We should attempt to understand more about the directories that exist as LDAP (whether in healthcare or outside of it).
 * We need to know more about the directories that are out there in LDAP, whether they be in healthcare or outside of
 * Gaining more information from LDAP vendors would be a good way to obtain this information but considering our time crunch, the harmonization team may not have this capability.
 * LDAP supports the capability to use SRV to discover certificates published by other organizations via SMTP mail services but the maturity of the ability to search for the DNS/ SRV cert is not as mature as a query to an LDAP server. Generally speaking, email is expecting to hit an email-based LDAP server; however the maturity of the email’s capability to hit an external LDAP server is questionable.


 * Opinions regarding the approval of the hybrid approach (DNS and LDAP in combination) were voiced**


 * Call for volunteers to develop guidance surrounding LDAP recommendations**:
 * Bob, John, Peter, Les, Ken, Alex
 * High level and/ or detailed guidance regarding LDAP and DNS (perhaps a hybrid)