Salsa Call: 20-Mar-08

**Salsa Call: 20-Mar-08**

**Attending**
Chris Misra, U. Mass (chair)
Joe St. Sauver, Internet2
Doug Pearson, REN-ISAC/Indiana U.
Ken Klingenstein, Internet2
Chas DiFatta, CMU
Jim Pepin, Clemson
Jack Suess, UMBC
Rodney Petersen, Educause
Renee Frost, Internet2
Jeff Schiller, MIT
Kevin Miller, Duke
Steve Olshansky, Internet2 (scribe)

**Action Items**
[AI] (Ken and Doug) will organize a call to discuss potential federated use cases for REN-ISAC.

[AI] (Chas, Doug, Joe, and Chris) will meet and draft language for the new funding proposal

[AI] (Rodney) will send the Large Site Security meeting URL to the list.

[AI] (All) Identify and prioritize those RFCs and/or standards that would benefit best from a trust mechanism to meet needs

**Discussion**
- Internet2 strategic planning
Feedback from the community in general, and MACE and Salsa in particular, to documents posted in the strategic planning wiki is encouraged. Please review ASAP. While Salsa may respond as a group, individual comments are also encouraged. Also please encourage your CIOs to review and comment.

Comments can be added publicly in the wiki, or sent by mail to the strategic planning group at <strategicplanning AT internet2 DOT edu>.

Jack will follow up to the list with more information as it becomes available. A draft of the plan will be available in advance of the Spring Internet2 Member Meeting, and after the meeting a draft incorporating input received at the member meeting will be released. Ultimately this will be submitted to the board as the formal recommendation of the strategic planning committee by 1-July-2008.

https://wiki.internet2.edu/confluence/display/I2SP/2008+INTERNET2+STRATEGIC+PLANNING

- New grant funding
Similar to past funding used for Salsa-CSI2/RENOIR, it appears that a new round of funding may be available to support some security work. The range of acceptable activities is fairly broad. What would we want included?

Some possibilities discussed were:
1. continuing the earlier work on RENOIR, possible expanding to include APHIDS
2. following up on discussions at NetGuru on developing best-of-breed generalized open source network management/security tools
3. expanding earlier middleware diagnostics work into something that would work for distributed network security.

It was observed that efforts to improve communication between the ISP community and law enforcement agencies would be useful. Perhaps a workshop could be considered as part of this...

A collaborative framework based on federated access to support REN-ISAC was also suggested as something to consider, that could serve as a model for similar activities elsewhere.

[AI] (Ken and Doug) will organize a call to discuss potential federated use cases for REN-ISAC.

[AI] (Chas, Doug, Joe, and Chris) will meet and draft language for the proposal

- NEA, TNC (from TCG), Radius+SAML, etc...
There is interest among the Eduroam community in using SAML assertions for representing the posture of devices, in addition to attributes about users.

- Security Professionals Conference/REN-ISAC
Hotel space is tight, so please register ASAP.
http://www.educause.edu/sec08

- Internet2 Member Meeting
Salsa lunch on Tuesday 22-April, and the MACE/Salsa dinner is Tuesday night. There will be several security-related sessions. Full schedule is online:
http://events.internet2.edu/2008/spring-mm/agenda.cfm

- NSF Large Site Security meeting
Agenda is online, please register ASAP.
[AI] (Rodney) will send the URL to the list

- ISOC "Trust, Identity, and the Internet"
ISOC is looking at how can trust services be leveraged in protocol development. DKIM is of high interest, as an example.

Salsa thoughts about areas of interest in this context would be welcomed, particularly referencing specific RFCs. We will discuss this on the next Salsa call.

[AI] (All) Identify and prioritize those RFCs and/or standards that would benefit best from a trust mechanism to meet needs

- REN-ISAC update
they are adding new services and looking to members to help develop business models for them.