SALSA-NetAuth - FWNA conference call

SALSA-NetAuth - FWNA conference call
February 23, 2006

*Attendees*
Kevin Miller, Duke U. (co-chair)
Philippe Hanset, U. Tennessee (co-chair)
Chris Misra, U. Massachusetts
Bill Bulley, Merit
John Vollbrecht, Merit
Dennis Ward, U. Michigan
Rich Cropp, Penn State
Renee Frost, Internet2
Lynn Little, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*

[AI] {Andy} will send a copy of the Joint Techs presentation to the mailing list.

[AI] {Philippe} will send network access requirements for the Spring Internet2 Member Meeting to {SteveO}.

[AI] {Philippe} will put together a diagram with logs, and send to the list in demonstration of their current progress with the top-level servers.

[AI] {Kevin} will connect the local RADIUS administration folks at Duke to the FWNA-Ops list.

[AI] {John and Philippe} will set up a time to discuss the authenticating of the Merit server.

[AI] {Philippe} will draft agenda items on wiki for a future FWNA meeting; the Group is encouraged to contribute items.

Carry-over *Action Items*
[AI] {Kevin and Philippe} will document the decisions made during the campus connection process, including test accounts. (5-Dec-05)

[AI] {Group} will think of local site requirements for security, logging, and access to utilization of information in the context of Eduroam, where non-local users are involved. (3-Nov-05)

*Discussion*
{Andy, Kevin, and Chris} attended the Joint Techs Workshop; the presentation went well and served as another chance to publicize the work of FWNA. [AI] {Andy} will send a copy of the Joint Techs presentation to the mailing list.

The Spring Internet2 Member Meeting in DC will have an 802.1x focused BOF on Monday. There will be a joint NetAuth and FWNA BOF, as well as an FWNA track session. A theme will be to raise awareness of current issues on both the policy and experiment sides. The Group would like to see some testing opportunities at the meeting, providing a RADIUS server with access point. [AI] {Philippe} will send network access requirements for the Spring Internet2 Member Meeting to {SteveO}.

The Group discussed the status of current Global Eduroam work. Though Europe is working on several parallel issues, this gives some freedom to FWNA for developing their own projects/direction, in terms of policy space, etc.

{Andy Rosenzweig} of Merit emailed the FWNA-Ops sub-group (23-Feb) regarding the operational status of the Merit top-level server; the basic RADIUS proxy is functional. [AI] {Philippe} will put together a diagram with logs, and send to the list in demonstration of their current progress with the top-level servers. Next steps are to move beyond a hypothetical connection, such as giggles.edu, and gain feedback from real experiences on real campuses. [AI] {Kevin} will connect the local RADIUS administration folks at Duke to the FWNA-Ops list.

If campuses can only join by running 802.1x, there may be some resulting friction; however, this can be countered with the argument that 802.1x is becoming the standard space, and thus compliance is inevitable. Vendors and industry also need to understand common concerns, though it may be harder to push if it is not a direct component they can sell in a product. [AI] {John and Philippe} will set up a time to discuss the authenticating of the Merit server.

{Kevin} expressed interest in the feasibility of leveraging 802.1x as a tunneling mechanism. In addition to the need for software to be written up, what are the major technical challenges of leaving the encryption of the data to the home site, rather than doing a description locally? What policy does this introduce, and how can it be enforced across sites with varying levels of access regarding content?

Data packets are sent home to an access point – a level 2 connection from the client to home access point. The Group discussed whether one or two access points were necessary to route to the home server, for EAP and also data. Policy about how data is encrypted and put on the network can become complicated, though it raises many good issues and possibilities. [AI] {Philippe} will draft agenda items on wiki for a future FWNA meeting; the Group is encouraged to contribute items.

The next SALSA-NetAuth – FWNA WG conference call will take place on March 9, 2006 at 11am ET.