SALSA-NetAuth - FWNA conference call June 2, 2005

SALSA-NetAuth - FWNA conference call June 2, 2005

*Attendees*
Kevin Miller, Duke U. (co-chair)
Mike Griego, U. Texas, Dallas
Dennis Ward, U. Michigan
Rich Cropp, Penn State
Nick Lewis, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Kevin} will send an email to SteveO about the diagrams for the Eduroam Architecture document.

[AI] {Kevin} will send an email to Mike and Philippe about establishing an experimental connection.

[AI] {Kevin} will contact Philippe about the shared-facilities use case.

[AI] {Dennis} will repost the use case detailing an academic visitor at a host institution.

Carry-over *Action Items*
[AI] {Philippe} will draft a use case focusing on shared facilities between two institutions. (24-Mar-05)

[AI] {Chris} will discuss with Bluesocket the integration capabilities of web authentication gateways with 802.1x authentication. (24-Feb-05)

*Discussion*
{Kevin} reviewed the FWNA Project Plan <http://www.duke.edu/~kcmiller/fwna-plan-1-0.pdf> which was sent out over the FWNA list. He is looking for comments and suggestions to tailor the document such that it closely follows the activities and goals of the Group. An offline comment from Chris Misra pertained to ongoing work about NetAuth in a federated environment.

{Kevin} will keep an updated timeline of the FWNA task list, which will be posted on the FWNA site.

The FWNA Group will be working alongside the Eduroam Global Working Group as new developments arise. {Kevin} suggests feeding into their activities, as opposed to collaborating after efforts have made independently. How can the FWNA WG work towards solutions for a next generation architecture? How well can most campuses connect using Diameter, and is this a feasible implementation option? To view the Next Generation Eduroam Architecture Proposal document, see <http://www.duke.edu/~kcmiller/ng-eduroam-prop-1-0.pdf>. [AI] {Kevin} will send an email to SteveO about the diagrams for this document.

Connections using the RADIUS server are being implemented on an experimental basis. There are basically 2 ways to approach this - 1) changing the RADIUS encryption itself and 2) putting a wrapper around the RADIUS connection, such as with SSL/TLS. [AI] {Kevin} will send an email to Mike and Philippe about establishing an experimental connection. {Mike} will take the lead in developing a plan to test the connection and conduct experiments using the system.

Use cases are still being developed, in an effort to capture the broad range of opportunities where FWNA work will be useful. Philippe is still working on a shared-facilities networking use case. [AI] {Kevin} will contact Philippe about the shared-facilities use case. [AI] {Dennis} will repost the use case detailing an academic visitor at a host institution. Still, volunteers are needed to develop profiles for other scenarios - please contact {Kevin} if you would like to participate in this area.

Which approach are campuses most inclined to take - direct or hierarchical? There may be a need to support both, and provide a means of moving between them - a smart proxy could be set up for those using Radius. {Dennis} mentioned that U of M is using a direct approach, as delays present a noticeable timing issue in hierarchical approaches.

The next SALSA-NetAuth - FWNA call will be on June 16, 2005 at 11am ET.