*Attending*
Chris Misra, U. Mass (chair)
Kevin Miller, Duke
Terry Gray, U. Washington
Mike Van Norman, UCLA
Deke Kassabian, U. Penn
Jim Pepin, Clemson
Jeff Schiller, MIT
Renee Frost, Internet2
Rodney Petersen, Educause
Ken Klingenstein, Internet2
Chas DiFatta, CMU
Mark Poepping, CMU
Steve Olshansky, Internet2 (scribe)
*Discussion*
- CAMP follow up
Attendees were roughly split 3/4 IdM and 1/4 Security. This was a very successful meeting, sold out, and attendees were very enthusiastic at the cross-pollination opportunities…
As they become available, presentations will be at http://www.educause.edu/camp081
- EDUCAUSE & Internet2 Security Professionals Conference, May 4-6, 2008,
Arlington, VA
http://www.educause.edu/sec08
Registration now open. REN-ISAC meeting will follow it, limited to 100
- Cybersecurity Summit for NSF Large Research Facilities, May 7-8, 2008,
Arlington, VA
http://www.educause.edu/cyb08
- Follow-Up to DNSSEC Panel at Net@EDU
http://www.educause.edu/NMM08/Program/13758?PRODUCT_CODE=NMM08/GS08B
Kevin presented an overview, there was a presentation about what DHS is doing and government’s role in DNSSEC, and Ken presented about higher-ed’s role.
- Commission on Cyber Security for the 44th Presidency
Congress and some think tanks have formed this commission, and Educause will be briefing them in March. They are looking to draft recommendations to the next president related to cyber security.
It was observed that balance ought to be emphasized, between security, feasibility, and interoperability – security is not a magic bullet that can be viewed in isolation.
- REN-ISAC update/business plan/etc.
This is moving forward, more to come as it develops
- Cisco Nexus
This appears to be the intersection between storage networking and data networking, and includes virtualization capabilities.
There are also indications of increased interest by Cisco in federated IdM…
- OpenID
This is gaining traction in the corporate sector, and increased buzz overall.
*Open Discussion*
- There was some discussion of some work at Princeton detailing an attack taking advantage of the fact that DRAM holds data for a brief period of time after the machine shuts off, and thus encryption keys can be retrieved and used to access encrypted disk schemes.
See http://citp.princeton.edu/memory/
- "Google Apps – Team Edition" was discussed. If your domain name is in the team edition, instead of being prompted to create a new account when invited, you instead are offered the opportunity to create an account that reaches across to all users from your domain. If your domain recycles userids, the new user can reset the password for this account and access data belonging to the departed user, and there is apparently no way to change your e-mail address to follow you when you leave. Further, data cannot be exported easily from your account.
See:
http://arstechnica.com/news.ars/post/20080207-google-releases-new-team-edition-application-suite.html
https://www.google.com/a/[YourDomain].edu/
- There is development work underway on S/MIME for GMail, utilizing your browser's keystore. More to come as it develops.