SALSA-NetAuth - FWNA conference call January 26, 2006

SALSA-NetAuth - FWNA conference call
January 26, 2006

*Attendees*
Kevin Miller, Duke U. (co-chair)
Philippe Hanset, U. Tennessee (co-chair)
Klaas Weirenga, SURFnet
Andy Rosenzweig, Merit
Bill Bulley, Merit
Tom Zeller, Indiana U.
Dennis Ward, U. Michigan
Mark Linton, Penn State
Rich Cropp, Penn State
Renee Frost, Internet2
Lynn Little, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*

[AI] {Kevin, Philippe, Mike, Andy, and Bill} will schedule a call to discuss operational obstacles of the top-level servers, and will follow up on a call with {Klaas}.

Carry-over *Action Items*

[AI] Andy & Kevin will work collectively on presentation for the ESCC/Internet2 Joint Techs by the next call. (12-Jan-06)

[AI] {Andy, Philippe, and Mike} will exchange design recommendations, prepare questions, and schedule a call with {David and Klaas} from Eduroam. (12-Jan-06)

[AI] {Kevin} will send out a list of issues stemming from initial experiments, and requests feedback from {Group} to gather other ideas. (15-Dec-05)

[AI] {Andy and Philippe} will email {SteveO} with a list of those from Eduroam, etc. whom {SteveO} will then invite to a discussion of the configuration of the top-level servers in late December or early January. (5-Dec-05)

[AI] {Kevin and Philippe} will document the decisions made during the campus connection process, including test accounts. (5-Dec-05)

[AI] {Group} will think of local site requirements for security, logging, and access to utilization of information in the context of Eduroam, where non-local users are involved. (3-Nov-05)

[AI] {Philippe} will draft a use case focusing on shared facilities between two institutions. (24-Mar-05)

*Discussion*

Merit has confirmed that their server is up, and is now working out communication details, how to configure multiple servers, etc (cf. Andy's email 25-Jan.) {Klaas} said that there are few, if any, institutions in the Netherlands that have 2 servers connected; however, doing so for redundancy may be a logical, if not worthwhile, measure. There was a suggestion to focus on the .edu domain in the short-term, as opposed to multiple.

Other critical issues to the experiment moving on include how to share source configuration information – the peering method seems better than the cron method. Where will the data reside once it is collected? How to update both servers – perhaps via a daily/hourly synching? Are there scaling issues to address?

{Philippe} is still working on the web implementation, and will pass on updates as they are available. {Klaas} said Eduroam folks were moving away from web-based AuthN, as there are legacy problems. If folks have trouble joining, it will eventually enforce the adoption of 802.1x.

What happens to the AuthN systems when an Eduroam.us person tries to join Eduroam while in Europe? It depends on the guidelines – WEP, EAP AuthN. In most RADIUS implementations, plain AuthN will work. It may just be a matter of asking users to not leave their credentials. Details of authenticating users still need to be fleshed out. [AI] {Kevin, Philippe, Mike, Andy, and Bill} will schedule a call to discuss operational obstacles of the top-level servers, and will follow up on a call with {Klaas}.

Due to an overlap in schedule with the ESCC/Internet2 Joint Techs, the following conference call on February 9 will be cancelled. Therefore, the next conference call will take place on February 16, 2006 at 11am ET.