NetAuth FWNA Conference Call 14-July 2005

SALSA-NetAuth - FWNA conference call
July 14, 2005

*Attendees*
Kevin Miller, Duke U. (co-chair)
Philippe Hanset, U. Tennessee
Mark Linton, Penn State
Mike Helm, ESnet
Dennis Ward, U. Michigan
Mike Griego, U. Texas - Dallas
Chris Misra, U. Mass
Klaas Wierenga, SURFnet
Steve Olshansky, Internet2
Jessica Bibbee, Internet2

New *Action Items*
[AI] {Philippe} will gather a list of names of those who would be interested in joining the experiment.

[AI] {Group} will gather ideas for the drafting of a 1-2 page summary, outlining the operational and developmental aspects of the experiment – who may join, how it will run, etc.

[AI] {Kevin} will give a brief presentation at the upcoming Joint Techs Workshops (17/20-Jul-05), with the intent of raising interest and encouraging participation in FWNA-related efforts.

[AI] {Chris} will notify the {SALSA-FWNA} list once a date and time has been specified for the SALSA-NetAuth / FWNA combined BOF at the upcoming Fall Internet2 Member meeting in Philadelphia, PA (19/22-Sep-05).

Carry-over *Action Items*
[AI] {Kevin} will contact {Mike Griego} to determine the status of the RADIUS text/experiment document. (16-June-05)

[AI] {Philippe} will draft a use case focusing on shared facilities between two institutions. (24-Mar-05)

*Discussion*
FWNA WG will participate in two upcoming events – the Summer 2005 Joint Techs Workshop (17/21-Jul) and the Fall 2005 Internet2 Member Meeting (19/22-Sep). [AI] {Kevin} will give a brief presentation at the upcoming Joint Techs Workshops (17/20-Jul-05), with the intent of raising interest and encouraging participation in FWNA-related efforts. [AI] {Chris} will notify the {SALSA-FWNA} list once a date and time has been specified for the SALSA-NetAuth / FWNA combined BOF at the upcoming Fall Internet2 Member meeting in Philadelphia, PA. For details, please refer to the two respective links: <http://jointtechs.es.net/vancouver2005/Vancouver20051.htm> and <http://events.internet2.edu/2005/fall-mm/>.

The Group discussed the recent developments within the Eduroam Global Working Group <http://www.eduroam.edu.au/gwg-eduroam/index.html>. It is likely that GWG will emphasize the continuation of regional activities, which will eventually shape the policy of global activities. There are still many questions to be answered – how do we move forward, should a steering committee be formalized, how do we make connections between various countries, what is the policy behind who and how many can join, etc.

The Group discussed the Next Generation Architecture proposal which Kevin had written, putting forth DIAMETER as a strategy for Eduroam. While there are many benefits, DIAMETER is not deployable in a reasonable timeframe. Using Radius is still another possibility. Whichever route is taken, the focus should rest on the functionalities of the technology. It should have the flexibility of covering requirements such as AuthZ, peer-to-peer – while operating autonomously, and with the capability of connecting to Radius servers. There is a need for consensus on whether to implement on a large or a lightweight scale. One of the considerations is that regions have varied levels of technology in which to tap into, and this will affect the lateral growth in general. Ideally, all regions will work towards coordinating strategies, so as to create interoperability on a global level.

{Philippe} stressed the prevalence of roaming devices (sensors, etc), in addition to roaming scientists. There is a different set of constraints governing the policies of “people vs. hardware” How can we make an anonymous connection? The Dutch Railroad is one example of using an external box in front, to oversee activity and monitor potential threats. {Dennis} suggested that vendors be encouraged to build 802.1X into devices such as VoIP phones, etc, which would solve subsequent technology problems – however, it might present a financial drawback initially. How can we enable the AuthN of hardware – by storing a certificate?

The experiment is still in the initial phases, and {Kevin} suggested that the operational component be addressed independently of, yet parallel to, the developmental component of the work. As this work is still experimental. {Chris} cautioned the Group against setting expectation levels, or being too explicit in terms of developing stand-alone servers and allowing attribute passing. It should be clearly stated that having production quality is indeed a goal of the experiment, even if it is not available immediately. The Group should also clarify what the experiment is for, in addition to how it is being done; this ensures that marketing aspects are covered. While the Group has not fully defined which services they will offer, it is not critical at this stage in the experiment. Currently, the way in which users connect is network-dependent, which has not been standardized. How can Eduroam offer something of value, beyond a simple visitor network? [AI] {Group} will gather ideas for the drafting of a 1-2 page summary, outlining the operational and developmental aspects of the experiment – who may join, how it will run, etc.

{Mike Helm} confirmed interest in the experiment, on behalf of the ESnet community. Gaining feedback from users will be an important resource for determining which components are necessary for providing a production-level server that is capable of operating between regions. [AI] {Philippe} will gather a list of names of those who would be interested in joining the experiment.

The next SALSA-NetAuth – FWNA conference call will be on Thursday, July 28, 2005 at 11am ET.