SALSA-NetAuth - FWNA conference call April 6, 2006

SALSA-NetAuth - FWNA conference call
April 6, 2006

*Attendees*
Kevin Miller, Duke U. (co-chair)
Philippe Hanset, U. Tennessee (co-chair)
Mike Coffey, U. Tennessee
Rich Cropp, Penn State U.
Mark Linton, Penn State U.
Dennis Ward, U. Michigan
Andy Rosenzweig, Merit
John Vollbrecht, Merit
Bill Bulley, Merit
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Group} should email {SteveO} to register and gain write-access to the new FWNA wiki.
[AI] {John} will email the Group with a link to the EMU, NEA, etc. groups from the last IETF meeting.
[AI] {Group} will gather material towards a presentation at the next IETF meeting.
[AI] {Andy} will email the SALSA-FWNA-Ops list with notes once the connection between Merit and UTK has been made.
[AI] Group will discuss attributes and experimentation around a contact # attribute.
[AI] {Kevin} will coordinate the hardware setup for the I2MM meetings.

Carry-over *Action Items*
[AI] {Andy} will forward materials from the grant submission towards documentation purposes. (23-Mar-06)
[AI] {Philippe} will contribute thoughts on distributed authorization. (23-Mar-06)
[AI] {Mike} will work up a script to provide a useful log output for the Group to view in real time. (9-Mar-06)
[AI] {Chris} will send out an agenda to confirm I2MM session times relevant to the FWNA WG. (9-Mar-06)
[AI] {Kevin} will email the list in hopes of recruiting individuals to present their experience using 802.1x, etc. (9-Mar-06)
[AI] {Kevin} will connect the local RADIUS administration folks at Duke to the FWNA-Ops list. (23-Feb-06)

Long-term *Action Items*
[AI] {Group} will develop use cases regarding AuthN of human users, sensors, platforms, etc. (6-Mar-06)
[AI] {Group} will think of local site requirements for security, logging, and access to utilization of information in the context of Eduroam, where non-local users are involved. (3-Nov-05)

*Discussion*
{Kevin} and {SteveO} successfully moved the FWNA wiki over to the Internet2 wiki area <https://wiki.internet2.edu/confluence/display/FWNAWG>. [AI] {Group} should email {SteveO} to register and gain write-access to the new FWNA wiki.

{Mike and Philippe} are organizing the demo for the FWNA session at the Spring 2006 Internet2 Member Meeting (April 24-26) in Arlington, VA <http://events.internet2.edu/2006/spring-mm/>. {Philippe} plans to demonstrate with U. Tennessee through the Eduroam top-level server, along with Merit. Anyone who is registered at that point may connect at that time. Another item of discussion will be EAP tunneling. [AI] {Kevin} will coordinate the hardware setup for the I2MM meetings.

{John} provided an update of the recent IETF meeting, saying there was a good reception and the next meeting may be a good venue to share FWNA efforts in the future. He also learned of a few WGs of interest to FWNA efforts:
– EMU – EAP Method Update <http://www3.ietf.org/proceedings/05nov/emu.html>, working on standardizing one or more EAP methods.
– NEA – Network Endpoint Assessment <http://www3.ietf.org/proceedings/06mar/agenda/nea.txt>, working on ways to validate clients prior to permitting access, using tunneled EAP as at least an initial approach.
- Hoakey Bof – looking at how to use keys generated during EAP to support "fast roaming" and to support other applications.

For more information regarding the presentations that these groups made at the IETF, search for each group on the Proceeding Notes: <https://datatracker.ietf.org/public/meeting_materials.cgi?meeting_num=65>. [AI] {John} will email the Group with a link to the EMU, NEA, etc. groups from the last IETF meeting. [AI] {Group} will gather material towards a presentation at the next IETF meeting.

{Rich} has worked with {Mike} to register (PSU) and create a test account. {Mike} said they are close to getting Merit’s server up, and can then register others with FWNA. The Group agreed to document the processes of joining and registering as the connections are finalized. [AI] {Andy} will email the SALSA-FWNA-Ops list with notes once the connection between Merit and UTK has been made.

{Kevin} reported a thread regarding SAML, and whether it makes sense to carry attributes directly into RADIUS, rather than try to embed in SAML. Attributes that can be shared between both SAML and RADIUS have potential, but which ones? The Group will continue discussion and flesh out why and when to use SAML with alternative architectures, possibly even validating some of the ideas or exposing issues through trial.

Policy regarding network access could benefit this work from a network management perspective. How might alternative contact information, e.g., in addition to a phone # – allow for smoother AuthN practices? [AI] Group will discuss attributes and experimentation around a contact # attribute.

{Philippe} raised discussion of designing around sensors, where people are not on the network. How to do platform AuthN, while avoiding confusion? [AI] {Group} will develop use cases regarding AuthN of human users, sensors, platforms, etc. (6-Mar-06)

The next SALSA-NetAuth FWNA WG conference call will be on Thursday, April 20, 2006 at 11am ET.