*Attendees*
Kevin Miller, Duke U. (co-chair)
Philippe Hanset, U. Tennessee (co-chair)
Chris Misra, U. Mass
Mike Griego, UT, Dallas
Brian McElroy, UT, Dallas
Gary Buhrmaster, Stanford
Mark Linton, Penn State
Rich Cropp, Penn State
Lisa Hogeboom, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Chris} will email the {SALSA-NetAuth} and {SALSA-FWNA} lists with information regarding the upcoming March NERCOMP Annual Meeting (EDUCAUSE Regionals). {Chris} will place a couple slides into his presentations to raise awareness about FWNA.

[AI] {Chris} will discuss with Bluesocket the integration capabilities of web authentication gateways with 802.1x authentication.

[AI] {Kevin} will post a link to the WIKI for the Phase 1 engineering plan.

[AI] {Mike Griego} will contact individuals at UT Austin to gain insight on web portal Shib integration.

Carry-over *Action Items*
[AI] {Kevin} will reformat the Project Plan document and re-post to the <SALSA-FWNA> mailing list.

[AI} {Kevin} and {Philippe} will continue to work together on updating documents for engineering efforts.

[AI] {Kevin} will continue revisions on the project plan, engineering, and architecture documents and will repost as a draft to the list. {All} are encouraged to directly send him comments and suggestions
regarding content, etc, or to the <salsa-fwna@internet2.edu> mailing list, as is appropriate.

*Discussion*
{Philippe} and {Kevin} shared positive feedback from their time spent at Joint Techs in Salt Lake City <http://jointtechs.ornl.gov/SLC2005.html>. People at JT seemed interested in the direction and development of wireless projects, with additional concern about AuthZ. While the Group is primarily focused on identity provisioning and determining the identity for the AuthN component, the Group should keep in mind that others have motivation in the area of AuthZ. It seems there is reluctance for people to get involved if the policies are not strongly set; another concern was not being able to disconnect someone with ease. People are already overloaded with IT deployment; a turnkey solution with well-established policies would appeal to them - without having to get too involved in that process. Overall, the feedback from JT was positive and very valuable, in terms of exposing federated wireless ideas and also hearing the needs and interests of those not already working towards these efforts.

The University of Texas at Austin has been using Shib for their wireless AuthN, while UT Dallas has been using .1X through Radius. {Brian} explained that at UT Dallas, they are doing purely AuthN, and are not actually making role-based policy decisions for the AuthZ component. There is desire to set up roaming on campus, but they are doing different things concerning the wireless security. UT, Austin is using a Shibbolized web portal. By having a Shib portal on top of everything, you could also do .1x - though this concept would be a challenge to actually materialize. Speaking in terms of integration, it has been difficult for those who have web-based AuthN and are looking to .1X - how will these two work together? Shib is easier to work with, but .1X provides more security in the future; a decision might be best made based on the type of technology will eventually be utilized. The Group should continue to think about ways to come up with a unified model for integration that the FWNA WG can put its momentum behind. [AI] {Mike Griego} will contact individuals at UT Austin to gain insight on web portal Shib integration. [AI] {Chris} will discuss with Bluesocket the integration capabilities of web authentication gateways with 802.1x authentication.

{Mike} took an FWNA slide to the EDUCAUSE SW Regionals, and again, there proved to be quite a bit of interest coming from the audience. These slides will be posted on the FWNA website. In finding solutions to meet the needs of people, the Group should seek to assemble the right technology that people can deploy without fear.

Possible side developments might include options for people to store their credentials - in a safe way. The Group should work to identify that problem space. People are not sure who they can trust, and this is critical to deployment of new technologies. Policies need to be in place so that campuses have trust surrounding information that other institutions can access. Is it a possibility to package FWNA architecture in such a way that it appeals to the campus level. Rather than try to solve every problem immediately, identify the problem space and proceed from there. The policy space could be addressed from elsewhere, and the Group could focus on the technical aspects. If others can be assured that we are aware of the federation, policy, and trust issues - we can make headway on .1X, pilot Radius servers, identifying obstacles to federated work - ultimately working towards integration.

The Middleware EuroCAMP 2005 is going to be a good venue to advocate FWNA work; {Kevin} will be going, as will {Klass} and {Michael Gettes}. This will be a good place to present and make progress on architecture issues <http://www.terena.nl/tech/eurocamp/>.

Another upcoming event is the EDUCAUSE Regionals - the NERCOMP Annual meeting <http://www.educause.edu/NERCOMPAnnualConference/1452>. Though technically, there will not be an FWNA presence there, a NetAuth BoF will be held. {Chris} will be attending. [AI] {Chris} will email the {SALSA-NetAuth} and {SALSA-FWNA} lists with information regarding the upcoming March NERCOMP Annual Meeting (EDUCAUSE Regionals). {Chris} will place a couple slides into his presentations to raise awareness about FWNA.

Current approach to build awareness has been from the bottom up - talking with peers, etc. In what ways could the Group present FWNA work from the top down - working with senior executives to dissolve any disconnect from the IT and science folks. Issues that would directly interest them include policy and management. We should address existing problems, our current work, and how this hooks back into federation. - It might be worthwhile for everyone to approach their respective CIOs with ideas about what is going on and what should be done in the wireless world.

The Group discussed AuthZ as an important component for deployment; it might be a topic better addressed from elsewhere, though most certainly will be within Internet2. An example could be the case of a visiting professor - who is trusted by the host campus. However, it might not be in the campus' mind frame to trust the accompanying students of the professor - but by default, they are in the same system. How can this situation be accommodated to satisfy everyone involved? We could start by addressing this as relevant in the architecture document - the federation needs to provide appropriate credentials for attributes, in terms of AuthN providers.

{Kevin} and {Philippe} have continued to work on project involvement. If anyone is interested in working with {Kevin} to move the documents along to a useful state, please contact him. The Group will maintain an up-to-date set of slides that address FWNA work, such that at any point, people will have access to the current focus on issues. Let us keep in mind which audience we are targeting, and this will shape the content of those slides, as well as other information on the FWNA site. [AI] {Kevin} will post a link to the WIKI for the Phase 1 engineering plan.

{Philippe} is looking to do some testing of the Radius server, to make sure it is operating as planned. {Mike} and {Rich} will be working with {Philippe} to start that testing on their campuses.

The next SALSA-NetAuth - FWNA call will be Thursday, March 10, 2005 at 11am ET.