Certificate+Discovery+for+Direct+Project+SWG+Meeting+Minutes+2011-08-01


 * Meeting Date**: 08/01/2011
 * Meeting Title:** PD Certificate Discovery for Direct Project SWG Meeting Session 8

Agenda/Objectives:

 * **Topic** ||= **Time Allotted** ||
 * Develop LDAP Guidance || 90 min ||

Attendees:
__Workgroup Attendees:__

__Panelist Attendees:__ Erik Pupo, Jonathan Tadese, Kelly Conlin

**Action Items:**
“Yes with comments” were provided by Brett Peterson and McLain Causey ||
 * **Date** || **Description** || **Owner** || **Status** || **Notes** ||
 * 7/25/11 || Develop LDAP guidance || Erik, Bob, John, Peter, Les, Ken, Alex, and any other interested SWG members || OPEN ||  ||
 * 7/18/11 || Gain clarity from ONC regarding universal certificate discoverability || Harmonization Support Team || OPEN || Refer to meeting minutes below ||
 * 7/18/11 || Conduct preliminary environmental scans || All SWG Members || OPEN || Refer to Query for Digital Certificate for Direct Project - Ecosystem Consensus Wiki Page ||
 * 7/18/11 || Gain clarity regarding when Direct Rules of the Road will be finalized || Harmonization Support Team || OPEN || Refer toDirect Project Recommendation Review ||
 * 7/18/11 || Present revisions made to the Use Case to address “No” and “Yes with comments” votes from Committed Members || Use Case Support Leads || CLOSED || “No” votes were provided by Les Keepper and Ernest Grove.
 * 7/18/11 || Review SWG Meeting Minutes and provide any corrections || All SWG Members || OPEN || Refer to meeting agenda and minutes section of SWG page ||

**Meeting Minutes:**
Development of LDAP Guidance:
 * 1) **The need for global automated query and federation.** We’d like to explore and document why Direct pilot participants considered this a major reason for not implementing LDAP and how this can be mitigated with the proposed hybrid approach.
 * 2) **How to discover the DNS SRV record on a global basis**. One possible option is that DNS would still be offered as a way to publish certificates on a global basis and the LDAP method could be offered where digital certificates can be discovered using LDAP by allowing for the discovery of LDAP entry points using the DNS SRV record
 * 3) **How to provide protection of provider attributes/certificates** should an organization or provider desire to achieve this level of security through use of non-anonymous query.
 * 4) **How to possibly provide some level of federation** if the pilot participant requires it. The Query for Digital Certificate for Direct Project does not specifically indicate federation as a specific requirement, however, we may want to explore this topic optionally in the event that it becomes relevant in the future.