SALSA-NetAuth - FWNA conference call July 28, 2005

SALSA-NetAuth - FWNA conference call July 28, 2005

*Attendees*
Kevin Miller, Duke U. (co-chair)
Philippe Hanset, U. Tennessee
Mark Linton, Penn State
Rich Cropp, Penn State
Andy Rosenzweig, ESnet
Tony Genovese, ESnet
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Rich} will send out a URL to the bookmark for the Utah EAP page.

[AI] {Kevin} will send out a URL for the FWNA wiki that he created.

[AI] {Kevin} will send out a URL for the GWG-Eduroam mailing list sign-up page.

[AI] {Group} will populate EAP and 802.1X information to the FWNA wiki.

Carry-over *Action Items*
[AI] {Chris} will notify the {SALSA-FWNA} list once a date and time has been specified for the SALSA-NetAuth / FWNA combined BOF at the upcoming Fall Internet2 Member meeting in Philadelphia, PA (19/22-Sep-05). (14-Jul-05)

[AI] {Philippe} will draft a use case focusing on shared facilities between two institutions. (24-Mar-05)

*Discussion*
{Kevin} highlighted the recent developments within the GWG-Eduroam Group. They are mainly focusing on technical efforts, and the FWNA Group could cooperate with them here. So far, they have been using RADIUS as a foundation. Radiator has implemented additional mechanisms, in-line with Diameter, to make a direct-connect style of connection and avoid hierarchy status. It can also use TLS as an encryption method between sites. If there are certificates on your server, you could use RICH certificates to verify the server to which you connect. The next steps are to test the Radiator code in a distributed fashion. All are encouraged to join in these efforts. [AI] {Kevin} will send out a URL for the GWG-Eduroam mailing list sign-up page <http://lists.grangenet.net/mailman/listinfo/gwg-eduroam>.

{Rich} and {Kevin} were the only FWNA members to attend the Summer 2005 Joint Techs Workshop <http://jointtechs.es.net/vancouver2005/Vancouver20051.htm>. The interest level from the audience was high, though most did not have the human resources to parallel the FWNA direction. A compelling argument put forward by the FWNA WG would assist those institutes already forming some kind of guest access.

{Philippe} raised the idea of FWNA taking a lead role in providing roaming and 802.1X help. The Fall 2005 Internet2 Member Meeting might be a good venue for offering assistance in these areas <http://events.internet2.edu/2005/fall-mm/>.

{Kevin} has created a wiki to aid developments in the state of EAP interoperability. Best practices would be valuable here. How can this be done effectively to make progress? One option would be to allow 802.1X questions and discussion to be heard on the FWNA mailing list. [AI] {Kevin} will send out a URL for the FWNA wiki that he created <http://fwna.oit.duke.edu:2500>.

[AI] {Rich} will send out a URL to the bookmark for the Utah EAP page, which covers some EAP authentication options, and is actually an external link off of U. Utah’s site <http://wireless.utah.edu/>: <http://www.ilabs.interop.net/LANSec/papers/13_EAP_options-LV04.pdf>.

[AI] {Group} will populate EAP and 802.1X information to the FWNA wiki.

{Kevin} detailed some of the Group’s operational aspects, including the “Goals” document and Experimental plan. Right now, efforts are being made to set up an experiment for an “eduroam.us”. A mailing list could be initiated for those participating in the experiment, acting as a form of support structure. Similar ideas will start a thread on the FWNA wiki to gather momentum.

The Next Generation Architecture proposal still needs some revision, which will incorporate RADIUS to the existing plan. Australia’s Eduroam participants are likewise interested in investigating a Radiator implementation, and there will be cooperation with the FWNA WG to resolve issues. The impending question is how to best interoperate between the various authentication schemas currently in use, and how can it be done in a feasible and scalable manner? Ideas on this topic are welcomed on the new FWNA wiki and the GWG-Eduroam mailing list.

The next SALSA-NetAuth – FWNA conference call will be on Thursday, August 11, 2005 at 11am ET.