Salsa Call: 30-Nov-2006

Salsa Call
30-Nov-2006

*Attendees*
Mark Poepping, CMU (chair)
Ken Klingenstein, Internet2
Deke Kassabian, U. Penn
Jack Suess, UMBC
Chas DiFatta, CMU
Rodney Petersen, Educause
Renee Frost, Internet2
Doug Pearson, REN-ISAC/Indiana
Joe St. Sauver, U. Oregon
Chris Misra, U. Mass
Jeff Schiller, MIT
Steve Olshansky, Internet2 (scribe)

*Discussion*
Ken is soliciting more comments on the slide deck he sent out earlier today, for presentation at the Community Leadership Forum (aka CIO constituent group) session on Tuesday at the Internet2 Member Meeting. The subject is generally security topics they should be looking at, which they are likely not hearing from the major analysts and which they could/should be looking to the R&E community for guidance.

It may be useful to distinguish between things they need to watch, and things they can can should be doing in the near/mid-term.

DNS is a potential threat vector in the future, including the need for effective tools to manage problems and detect attacks, and is thus worth paying attention to more than they may be currently. Some coverage of DNSSEC is probably appropriate in this context.

It was observed that IdM building into federation is a good approach for this audience, rather than jumping too quickly into federation... Covering the issues of AuthN and AuthZ will likely resonate well as a foundation for this area, leading into the linkage to IdM as effective tools for managing privacy and security. E.g. IdM done wrong or badly is a security problem.

A pitch for joining InCommon would be appropriate here as well. The closing plenary session will include a demo of a campus accessing FastLane using Shibboleth. It was observed that federated IdM has critical mass issues, which hopefully will decline over time.

Management of sensitive information (including both enterprise data and research data) was suggested as a useful focus area to build around. While the analysts are covering this to some extent there are also areas they are neglecting. The STF is working on this area as well.

- DKIM/SPF - time to push something (or not)?
Domain assurance seems to be a complementary topic to DKIM, part of a comprehensive approach to spam control? See e.g. http://www.domain-assurance.org/

SPF doesn't address reputation, e.g. spammers can use it but it doesn't provide any assurance of good intent. DKIM appears better positioned to be useful, coupled with domain assurance.

Is this an area that Salsa should be working on? Is there a valuable role for us to play here - influencing direction?

- WG Updates
FWNA: Good progress in RADIUS+SAML discussions
CSI2: RENOIR development is making good progress

- Joint Techs
Doug will forward an update to the list. High level topic areas include:
-- Security - esp. hybrid internetworking, VoIP, DNS
-- campus issues
-- optical internetworking

Should appliances and their performance be included?