SALSA-NetAuth - FWNA calll: September 21, 2006

SALSA-NetAuth - FWNA Working Group conference call
September 21, 2006

*Attendees*
Kevin Miller, Duke U. (co-chair)
Steve Carmody, Brown U.
Chris Misra, U. Massachusetts
Walt Reynolds, U. Michigan
Richard Conto, Merit
Rich Cropp, Penn State U.
Mark Linton, Penn State U.
Renee Frost, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Kevin} will propose a call to resume recent discussion of investigating SAML/Shibboleth integration with RADIUS (or Diameter).

Carry-over *Action Items*
[AI] {John} will send his questions regarding the Internet2 Intellectual Property Framework to the list. (7-Sep-06)
[AI] {Kevin} will initiate the documentation of additional requirements for a relay/proxy server. (24-Aug-06)
[AI] {Philippe, Mike and John} will create a summary of the path that a request makes, for the sake of troubleshooting. (24-Aug-06)
[AI] {Kevin} will connect the local RADIUS administration folks at Duke to the FWNA-Ops list. (23-Feb-06)

*Discussion*
There are no updates regarding the discussion from the last conference call regarding Internet2 Intellectual Property framework, however these concerns were passed on to the legal team at Internet2 for review. Refer to <http://members.internet2.edu/intellectualproperty.html>. {Kevin} suggested that that the FWNA working group might consider a default clause for the matters pertaining directly to this working group.

{John} shared a document on combining RADIUS and SAML capabilities with the list (cf. email 7-Sep.) {Klaas} responded with shared interest, though there seem to be a few differences between what he suggested and what they are already working on doing in Europe. {Steve C.} provided the Group with a summary of the area he is currently working on, regarding working out potential problems of using RADIUS with SAML. He foresees ongoing discussion to address these issues raised, as well as continuing to investigate a possible relationship with concurrent work being done in Europe.

The guest access issue will likely lead to the creation of a larger policy framework, encompassing the capabilities of network access in the larger sense. While the scope for federated guest access may not extend to the likes of Europe, {Chris} commented that dealing with attribute release in the context of authentication may be dependent on whether it is needed for use in broad regions or just in collectives.

{Steve C.} mentioned ProtectNetwork <http://protectnetwork.org/>, an open Identity Provider, which he suggested might easily serve the purpose for sites having substantial guest access. {Chris} said the key component was the idea of making authentication a generalization for network access.

{Kevin} provided an example regarding Duke and two other neighboring universities. While there is interest in leveraging identities across the three campuses, they continually face challenges in unifying policy controls.

The next call will be dedicated addressing the above issues and narrowing the solution space. [AI] {Kevin} will propose a call to resume recent discussion of investigating SAML/Shibboleth integration with RADIUS (or Diameter).

The next SALSA-NetAuth - FWNA WG call will be held on Thursday, October 5 at 11am EDT.