SALSA-NetAuth - FWNA - February 22, 2007

SALSA-NetAuth - FWNA Working Group conference call
February 22, 2007

*Attendees*
Kevin Miller, Duke U. (co-chair)
Philippe Hanset, U. Tennessee (co-chair)
Steve Carmody, Brown U.
Rich Cropp, Penn State U.
Mark Linton, Penn State U.
Walt Reynolds, U. Michigan
Lisa Haanpaa, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Kevin} will gather focal points and questions from the RADIUS/SAML discussion for sharing with {Ken} and continuing discussions.

Carry-over *Action Items*
[AI] Group will begin a search for someone who is willing to do an implementation of the proposed RADIUS/SAML integration. (8-Feb-07)
[AI] Group will review John’s presentation (PPT, cf. 25-Jan) and send feedback to the list. (8-Feb-07)
[AI] {Kevin} will address the EDUCAUSE-WLAN list to get feedback on the RADIUS-SAML document by the end of February. (11-Jan-07)
[AI] {Steve C.} will review the draft RADIUS-SAML document and update with conversations with {Bob Morgan and Scott Cantor} and forward to the list for feedback from an operational perspective. (11-Jan-07)
[AI] {John} will contribute questions towards identifying and compiling trust issues for a document(s).
[AI] {Chris} will forward a link regarding developments in the NEA working group.

Future *Agenda Items*
- Group will consider holding an additional call to further discuss 802.1x and Microsoft (re: Vista). (25-Jan-07)
- Spring Internet2 Member Meeting – Group will discuss RADIUS/SAML Integration. (8-Feb-07)

*Agenda*
1. Internet2 IPR Framework
- http://members.internet2.edu/intellectualproperty.html
- IPR/FWNA status update?
2. Post-Mortem: I2 Joint Techs
3. Guest access survey
4. FWNA Next General - RADIUS/SAML

*Discussion*

-Joint Techs Workshop-

{Kevin and Rich} gave an update on their impressions from the recent Joint Techs Workshop. Most of the sessions focused on networking, as opposed to security. The NetGuru session was the only session that touched on FWNA-related topics.

Side discussions to follow up on include possible improvements to the 802.1x space at PSU; {Shuman ?} is interested in the EAP Kerberos supplicant. Though folks are becoming more knowledgeable in this space, no one has yet addressed the infrastructure side from the RADIUS/SAML perspective.

-Guest Access Survey-

The Guest Access Survey, drafted by {Mark}, can be found in its draft form at: <https://wiki.internet2.edu:443/confluence/x/YCc>. He has received input by working group members either by the mailing list or through his combing the list archives. {Kevin} suggested that some of the answer choices be extended beyond yes/no, in order to provide insight into what are often ‘gray’ areas.

The approximate time-line for the survey has been updated to the following:
22-Feb – last call for suggestions/changes to text of draft questions
1-Mar – completed survey given to review by the Group
5-Mar –final review of survey
12-Mar – announce Guest Access Survey
30-Mar – close survey
2-20-Apr – begin analysis of survey and prepare presentation
23-25-Apr – present Guest Access Survey results at Spring 2007 Internet2 Member Meeting
Please refer to the To Do list in the wiki (link above.)

Of the attendees on the call, only {Philippe and Kevin} said their campuses were handling a visitor network in production. {Kevin} said Duke allows it, though it uses the same SSID. {Mark} said their process is changing, and has motivated his interest in how others are handling guest access.

-RADIUS/SAML Integration-

{Rich} asked why the Group chose to pursue a SAML path, as opposed to an attribute certificate – though the meaning of the latter was not especially clear to anyone on the call. {Rich} suggested it might be a difference between the complexity of PKI versus the elegance of privacy and SAML.

The Group further discussed a desire for an actual implementation of the proposed RADIUS/SAML integration. In order for an implementation to happen, they will need to find a willing programmer who is familiar with Shibboleth and SAML and who is also up to the task. A second and equally important item is to identify the source of funding to support the work. [AI] {Kevin} will gather focal points and questions from the RADIUS/SAML discussion for sharing with {Ken} and continuing discussions.

The next SALSA-NetAuth - FWNA WG call will be held on Thursday, March 8, 2007 at 11am EST.