Untitled Document

SALSA call 7-Sep-2006

*Attending*
Mark Poepping, CMU (Chair)
Joe St. Sauver, U. Oregon
Gary Dobbins, Notre Dame
Ken Klingenstein, Internet2
Rodney Petersen, Educause
Deke Kassabian, U. Penn
Chris Misra, U. Mass
Jim Pepin, USC
Greg Travis, Indiana
Terry Gray, U. Washington
Jeff Schiller, MIT
Kevin Miller, Duke
Chas DiFatta, CMU
Steve Olshansky, Internet2 (scribe)

*Discussion*
- Salsa/GENI - recent call and next steps Facilities-based interactions were a focus. Discussion was wide-ranging, covering management, inter-campus v. edge connection issues, and the resulting semantic implications. There will be followup meetings to include campus, Quilt, NLR, GigaPoP and GENI folks to discuss campus security-related issues.

They are targeting development of a L1 testbed with connections to ~150 schools (due to the fact that researchers are so dispersed), wide range, thus need to think about different connectivity strategies for large and well-connected institutions v. smaller less-connected schools. There were differing views about what constitutes a "production" network...

[AI] Mark has notes from the call which he can share with the list.

The GENI Program Office solicitation was released 1-Sep: http://www.nsf.gov/publications/pub_summ.jsp?ods_key=nsf06601

It appears to be the case that the awardee will in turn dispense subsequent GENI grant funding

- optical bypass and firewall traversal - link/delink and next steps - Internet2 is now ready to address optical bypass in an activity. This will cover both static and dynamically provisioned links, as appropriate, and independent of any particular network. Outputs may be whitepapers or best practices, or similar. Would firewall traversal (>L3) seem to be logically coupled with optical bypass (<L3), at least enough to be included in the same activity? How would IdM infrastructure fit as part of this picture?

Would this fit into OCI or CyberTrust? Or into the upcoming Educause-sponsored NSF CyberSecurity Summit? OCI does not appear to be addressing security in the near future, and CyberTrust doesn't appear to be looking at this either in the near term. GENI may possibly be interested in this, hard to tell so far.

It was noted that policy issues for firewall traversal should be considered a distinctly different discussion from technology issues for optical bypass. How could/would trust-mediated transparency fit into this? How might this dovetail into network management?

Next steps: This will slot under Salsa. CFP forthcoming, the participants will more formally scope the activity as a first task, more to come on this...

- upcoming meetings -
Fall Internet2 Member Meeting - there will the the open Salsa lunch, as in the past, and a MACE/Salsa dinner.

NSF CyberSecurity Summit has been postponed, it will likely happen late Feb 07, planning is under way. 2005 Proceedings: http://www.educause.edu/cyb05

- SOX -
There seems to be a lot of movement toward Sarbanes-Oxley compliance, IT has a substantial role, and a lot of this apparently winds up taking the form of RBAC.

The STF Risk Assessment group covers this to some degree, as it has a number of auditors involved, but there hasn't really been much focus to date on how the research community fits. Putting IT into the position of having to certify access compliance is causing some discomfort.

- Disaster Planning/Recovery -
An ad hoc group is forming, likely not under Salsa or MACE, but input is welcome. Along this line there has been some recent work on developing NFS on a national scale. There will be an Educause Business Continuity Summit coming up soon, Rodney will report on it on a subsequent call. More to come on this as it develops.

- Fall Internet2 Member Meeting proposals recap/review -
A number of security sessions have been proposed, but suggestions are welcome (directed to Chris). Deadline is looming, so sooner is better. So far:\
- Route Injection (Joe)
- Salsa update
- 802.1x session
- TNC
- REN-ISAC (Doug and Mark B.)
- FWNA/SAML (maybe)

- Next AbOSE?
The first one was largely theoretical. Euro and Asian networks have expressed interest in participating in a next one, if/when it happens, is there carrying capacity and critical mass to make the next AbOSE international?

CSI2 WG input? They are more tactical than strategic in focus, so maybe not the right forum in which to raise this question. Ken will take this up with some key stakeholders offline and come back to Salsa on this question later.

- Value Proposition for Security?
Are we doing well overall, or have we just been very lucky? The high profile incidents have been largely when infrastructure goes down, or critical data is compromised, but what about the "middle ground"? How should we address this? More on this topic next call....

Since a CSG travel day is overlapping with the next call it may be cancelled, update will go out to the list early that week.