Salsa Call - Thu 20-Sep-2007

Salsa Call
Thu 20-Sep-2007

*Attending*
Chris Misra, U. Mass (acting chair)
Joe St. Sauver, Internet2/U. Oregon
Jeff Schiller, MIT
Mike Van Norman, UCLA
Terry Gray, U. Washington
Deke Kassabian, U. Penn
Ken Klingenstein, Internet2
Greg Travis, Indiana U.
Jim Pepin, Clemson U.
Rodney Petersen, Educause
Steve Olshansky, Internet2 (scribe)

*Discussion*
- Internet2 Fall Member Meeting
http://events.internet2.edu/2007/fall-mm/
A list of Middleware and Security sessions was sent to the Salsa list, The Salsa lunch will be Tuesday, and the MACE/Salsa dinner will be Tuesday evening.

- Applications, Middleware & Services Advisory Council (AMSAC)
http://www.internet2.edu/about/governance/advisorycouncils.html
AMSAC will hold its first meeting at the Fall Internet2 Member Meeting. This is the Advisory Council which will direct security and middleware activities.

We expect that Salsa and MACE will be asked to provide input as they consider their prioritization of activities ongoing.

Potential areas of discussion that will be raised with them include:

- How funding is allocated in the security area
- Engaging researchers - how best to move forward
- Long term ("throw it long") - followup to the Reconnections workshop. This may include GENI, the ISOC trust in the internet activity, and the NSF CyberSecurity summit
- CSI2 activities ongoing after current funding expires

- CAMP: Bridging Security and Identity Management
February 13–15, 2008, Tempe, AZ
http://www.educause.edu/CAMP081

- RADIUS-SAML and TNC
Eduroam has recently engaged in the TNC working group, which bodes well for revisiting the RADIUS-SAML work done recently by the Salsa-FWNA working group. There has been some recent activity tackling user interface and deployment issues, more on this to come as it develops.

- Google hacking
This topic arose on the last CSI2 call (using google to find badness on campus and/or blog spam, etc). Possibly building tools?

Engaging with EDUCAUSE (probably Effective Practice) to develop 'how to get stuff (usually spilled data)out of the search engine cache(s). Even though this is documented on the google website, it isn't all that straight forward. Having some docs on it for the community would make sense. There seems to be some resonance from the Effective Practices co-chairs. Trying to figure this out in the middle of a data incident is not fun...

There had been some discussion of whether Salsa might (or should) help in a more specific and directed effort for tool-coordination or -building.

Would this be an appropriate topic for REN-ISAC to take on? This seems to be outside the traditional scope of R&E policy groups, but it may be ripe for consideration in that context.

It is important to consider other search engines or archives beyond Google, e.g. AOL proxy cache and the archive.org Wayback Machine.

- filtering traffic based on content
There has been some recent discussion in various forums about whether it is viable and/or practical for ISPs or organizations to evaluate traffic and filter out "bad" v. "good" as defined by various motivated interest groups - e.g. P2P file sharing. There will likely be more to come on this topic, it appears to be gaining traction in some public arenas. Dealing with false positives and the expected frequent tuning will likely be a large burden, not to mention the capital and support costs involved.