Wednesday, April 18, 2012

Notes from IETF 83rd Meeting

As you may know, IETF 83rd meeting was held in Palais des Congres, Paris from 25th-30th March. I too got the opportunity to attend the IETF 83rd Meeting and SCIM Interop Event which was held in parallel to it.

It was an interesting, novel and great experience to see how people who form technology standards-(that we implement and that become buzzwords in the industry), get together in IETF meetings as working groups (WG) and present new ideas, discuss and argue on them, conduct consensus and agree upon things which is a part of the whole long process of publishing a standard as a IETF RFC.

New comers  orientation:

OK, first let me mention what is IETF, its purpose and how it operates as I learned from this session which was held on Sunday 25th March.  Scott Bradner - Secretary of Internet Society explained the the what & the how of IETF to all new comers.
  • IETF (Internet Engineering Task Force) is the organization that develops and maintains the standards related to how the internet operates today. It meets 3 times a year.
  • It is an open organization that any one can join through mailing lists and contribute to the development of standards of your interested area.
  • There are 8 main areas of focus: Application, General, Internet, Operations & Management, Real-time Applications & Infrastructure, Routing, Security, Transport.
  • There are 131 Working Groups under the above areas - it is in a working group that the standards are developed. Each working group has a mailing list where the work happens.
  • IETF Management consists of : IETF Chair,Area Directors (AD), Internet Engineering Steering Group (IESG), Internet Architecture Board (IAB).
  • IETF management are all volunteers. People are company or self supported.
  • RFC are the final document published by IETF. Although earlier it referred to as 'Request for Comments', no changes made after RFC is published. So now RFC is not an acronym.
  • It usually takes about 2 - 3 years for a draft-00 version of a technical standard be published as a RFC.

Tutorial sessions for beginners:

First day(Sunday afternoon) was allocated for induction & tutorial sessions. 
- I attended one tutorial session on "Operations, Administration, and Maintenance Tutorial" which was focused on networking side. 
- There was another tutorial on "Tools for Creating Internet-Drafts Tutorial" which I think would have been more useful, but  I missed it since the session was held in parallel to orientation session mentioned above.
- Slides of both these sessions can be found here under Training.

Above are two pics of Palais Des Congres where IETF 83rd meeting was held.

Meetings.. Meetings.. Meetings..

Mainstream IETF work started from Monday onwards and there were meetings of several types throughout the week as I have categorized below:
- Birds of feathers sessions : these sessions are conducted to decide whether a working group should be formed inside IETF to carry on work of a new standard. Only very few sessions of this type are held in one IETF meeting.
- WG meetings : Majority of meetings fall under this category. This is where WG members meet and discuss about the issues in current drafts formed by that particular WG and present the new drafts to IETF etc.
- Informal meetings organized by other societies/communities : Related organizations and communities like Internet Society and WGs from OASIS etc. take the free slots in IETF agenda (like lunch break) and conduct sessions on the topics of current interest. These are informed through IETF registrants' mailing list and participation is allowed through first come fist served basis.
- Technical plenary sessions : All most all IETF attendees who attended to different WG meetings of their interests, attend these plenary sessions where reports of different IETF management groups (like IAB, IRTF) are presented and a technical topic of common interest is discussed.
- Research forums:
These are conducted by research groups chartered under IRTF (Internet Research Task Force) which  is an affiliated organization of IETF. It focuses on long term research problems related to internet.

I happened to attend all types of meetings during the week. Several sessions happen in parallel and sometimes we miss some of the interesting sessions as well.
  • SCIM BoF - Simple Cloud Identity Management is an emerging standard for user account and identity provisioning. It was proposed to be chartered under Application Area of IETF as a working group. BoF session went full house even before the session starts. Morteza and Trey explained "the what" & "the how" of SCIM to the IETF community. The session was chaired by two Area Directors.
Security is a key aspect discussed in all the above types of IETF meetings and and there is a separate Area (out of 8 focus areas mentioned above) dedicated to security.

Since my area of focus at WSO2 and also my personal interest and passion lies in the area of security, I decided to attend the Working Group meetings under Security focus area of IETF which I have listed below.
You can find the slides of these sessions here under Security Area.
  • Web Security WG
  • Public Key Infrastructure
  • Kerberos WG + KITTEN
  • Java Script Object Signing
  • OAuth
  • Security Area Open Meeting
It is interesting to see the process of how the security related standards that we implement and use are being formed at IETF.


Above are pics of IETF crew during the tea break...

I also attended two informal meetings organized by other organizations/communities.
  • Authentication and Authorization: Next steps for OpenID and OAuth: this was organized by Internet Society Trust & Identity Initiatives. The panel discussed about OAuth, building security tokens based on JSON data/JWT, OpenID, ID token, adding identity layer to OAuth & Web cryptography working group. You may find the full audio of the session at the above link.
Out of the meetings from IRTF, I attended to:
  • Crypto Forum Research Group : this was the last session I attended in IETF meetings. You can find the slides here under IRTF -> CFRG.
Out of the two plenary sessions, I attended the Technical Plenary session which discussed about Implementation Challenges for Browser Security which was a very fruitful discussion with lot of involvement from audience as well.
You may find the slides of this session here under Plenary Sessions -> Technical Plenary.


Above is a pic taken during the technical plenary session...

Remarks:
- There were many people involving in developping standards - not only from Universities, but also from different companies.
- There were only 2 other Sri Lankans - one from a German University and the other from Cisco.
- I believe it will be great if there is more involvement/impact from Sri Lankan Universities/Companies also.
- It was a very valuable opportunity have participated in IETF meeting and witness how the standards that we implement are actually formed and which in fact was a great community meet up as well.