CL5 High Performance Transport Decision and draft JAD Agenda Items

["David C. Niemi" <dcn0@salliemae.com>]

In the conference call today, we discussed MQ Series and Secure HTTP as
proposed transports for the CL5 high performance option.  Other
transports mentioned were FTP/SSL and TEMPEST, but neither is at this
point being seriously proposed by anyone.

Represented were PHEA, USA Group, Guarantec, GLHEC, and Educaid (showing
up at the last moment).  Sallie Mae abstained from voting as the
facilitator.

The decision was unanimous in favor of actively pursuing both MQ Series
and Secure HTTP in parallel. This means we will be splitting our effort
through the Jacksonville JAD session, where we may reconsider this
decision and try to choose just one transport.  Participation has been
thin lately, and I am concerned that we lack critical mass to very
actively pursue two subtracks, but we will have to do our best.  I will
need volunteers for helping to move each subgroup forward; please
indicate which of the two (or both) you intend to work on, and if
response is weak I may start explicitly asking everyone on the list.

Questions which I specifically did *not* ask, which perhaps will have to
be considered in the future might be:

-	Do you believe we should actively pursue both transport
	protocols, or do you believe we should concentrate on just
	one?

-	If you had to pick just one transport, which would it be?

-	Which of the two transports are you willing and able to put
	design and specification time into in the near future?

Perhaps another straw poll will be in order in early January.  If you
have other ideas on what to ask to resolve such questions please let me
know.

------------------------------------------------------------------------

As for the JAD session, I'd like to propose an agenda of what to cover.
Much of this will be split between the transports and time will be
tight; it is possible we may pick off some of the low-hanging fruit and
try to resolve it in advance to prune down the agenda.

1) Outline and summary of general design, including both client/sending
and server/receiving sides (each transport covered separately) (1 hour)

1) Encryption support (each transport covered separately) (3/4 hour)

2) Authentication support (each transport covered separately) (3/4 hour)

3) Acknowledgements, file integrity checking, and error handling (each
transport covered separately) (1 hour)

4) Key exchange (shared -- perhaps shared with Basic too) (3/4 hour)

5) XML/metadata (shared) (3/4 hour)

6) Rescoping direction, requirements, and platforms, e.g. whether to get
down to one transport and if so which one.  Also consider whether true
clients (e.g. SBS/WBS) and integration with large schools should be
added to the scope or considered as an additional out-of-scope
requirement. (1 1/2 hours)

7) Sample designs for MQ Series; and at least Apache and IIS HTTPS-based
systems, including handoff to the next hop (Thursday, 2 hours?).

---

Given that we have a great deal to cover and that we will be subdivided
not only between Basic and High-Performance, but between transports, I
would ask that those planning to implement the high-performance option
try to stay for the optional half-day on Thursday.  Also, if the Basic
channel feels it does not need half of the time on Tuesday/Wednesday, we
certainly could use it on the high performance side.

I'd also ask that the Basic track go first, in the hopes that this will
get the participants acclimated and better able to reach consensus on
the probably more difficult high-performance-track issues.

------------------------------------------------------------------------
David C. Niemi         dcn0@salliemae.com        (703) 810-5538
Network and Communications    SallieMae    Reston, Virginia USA