Salsa call 12-July-2007

*Attending*
Mark Poepping, CMU (chair)
Greg Travis, Indiana
Jeff Schiller, MIT
Deke Kassabian, U. Penn
Chas DiFatta, CMU
Renee Frost, Internet2
Terry Gray, U. Washington
Mike Van Norman, UCLA
Rodney Petersen, Educause
Chris Misra, U. Mass
Jack Suess, UMBC
Steve Olshansky, Internet2 (scribe)

*Discussion*
- Salsa membership
Chris Cramer is leaving Duke and higher ed, and thus will be leaving Salsa. There is another candidate that Mark is intending to talk to, and he will report back to the list after he does that.

- Internet2/NLR Merger update
The merger planning team is proceeding with their work, but there is no recent news of note. Refer to the front page of the Internet2 website for the latest ongoing.

- Joint Techs Meeting, July 15-19 at Fermilab
The agenda is online: http://jointtechs.es.net/Illinois2007/ Joe St. Sauver will be attending, representing Internet2 Security

- Fall Internet2 Member Meeting
http://events.internet2.edu/2007/fall-mm/
Session proposals are due at the end of July. Chris is leading the security area. Plans currently include NetAuth/FWNA and DNSSEC BoFs.

- Illegal File Sharing - what's been done, what's to do? This topic has been bubbling in various forums lately, leading to the question of what if anything may be appropriate for Salsa to do in this area? E.g. best practices? Or providing technical reasons why these efforts at filtering are ultimately mistaken and destined to be unsuccessful? Or create some documentation to help the higher-ed community better understand the issues?

Educause held a workshop a couple months ago at the urging of the entertainment industry/RIAA, a report will be forthcoming. Some campuses are testing some of the devices, and finding shortcomings. Charter of the workshop was to define the requirements for a successful network based copyright enforcement technology. Terry sent a URL to the list with his notes from recent discussions in this area.

One question is, does the higher-ed community have the real desire to proceed down this road (e.g. blocking P2P traffic) since it seems that doing so would hinder legitimate access in some meaningful way. Which is more important, educating our students or preventing some student activity which they can pursue easily off campus anyway? Ultimately the core mission of the university must take priority.

Making large investments in network devices and other capital-intensive enforcement approaches is ultimately a wasted effort given how quickly the technologies and tactics of the infringers change in response to advances.

There may well be legislation forthcoming, it remains to be seen what form(s) it will take.

We need to change the perception that students are learning how to steal when they come to our campuses, on the contrary we take strong action when they are caught. It would be helpful to draw more attention to this.

In general, it seems that copyright owners tend to prevail whenever they come to trial. It also seems that the RIAA is choosing its battles carefully, sticking to cases it feels it can easily prove and win.

"Trying to make digital media uncopyable is like trying to make water un-wet..."

Has anyone considered putting their resnets on a .com, outside your .edu domain? Or even outsourcing them totally? In general the entertainment industry has been reluctant to tackle commercial ISPs since they are bigger and better-funded targets. This approach probably would not be very effective since most abuse is coming from the wireless network these days, not so much from the wired networks.

Some campuses are even considering creating a separate holding company for their network operations, to insulate the university from liability.

- Do you have (or want) a [documented] security architecture?
- Is it principle/practice/control or something else?
- Is there a repository of such things?

What guidance do you try to provide your institution about the "right" things to do?

Educause produced a document a few years ago containing some relevant information.

Jack's Security Architecture Chapter in Security Book http://www.educause.edu/ir/library/pdf/pub7008j.pdf

EDUCAUSE Resource Page on Security Architecture http://connect.educause.edu/term_view/Security+Architecture

Chris will be coordinating some related presentations for upcoming NERCOMP meetings, and will be looking for feedback and review as people are willing and able.

Note that there is a new Educause IT architecture constituent group, ITANA (IT Architects in Academia)

• http://itana.org/
• https://spaces.internet2.edu/display/itana/Home