Salsa Call 9-Aug-2007

*Attending*
Mark Poepping, CMU (chair)
Jim Pepin, Clemson
Terry Gray, U. Washington
Joe St. Sauver, Internet2/U. Oregon
Renee Frost, Internet2
Chas DiFatta, CMU
Chris Misra, U. Mass
Ken Klingenstein, Internet2
Jack Suess, UMBC
Deke Kassabian, U. Penn
Steve Olshansky, Internet2 (scribe)

*Action Items*
[AI] {Mark} will check with Educause to see if they need some help from Salsa with the illegal file sharing issue.

*Discussion*
- I2MM topics/sessions
Chris has been working with the program committee, and when it is finalized it will be sent out to the list.

Current sessions include:

• Security Topics Update
• Salsa security topics update track session - interactive, smaller venue - including REN-ISAC
• Salsa Lunch - closed, perhaps with Applications, Middleware & Services Advisory Council (AMSAC) (see below - Merger Update)
• MACE/Salsa dinner (Ken is exploring potential speakers in or close to San Diego for the MACE/Salsa dinner. Please forward suggestions to Ken...)

Potential topics:

• pandemic flu planning
• EMP
• Salsa-DR
• FWNA/eduroam/eduGAIN demo?

- eduroam/eduGAIN
Is eduroam/eduGAIN getting close to what we think we would like to see in the US? Is there institutional support in the US for deployment? *Would a working demo help increase interest?* How does the SAML profile work led by Steve Carmody fit?

Are there potential CALEA concerns surrounding eduroam/eduGAIN? The log files are an important factor? If there are logs of non-affiliated user activity are you opening your institution up to CALEA issues? If the log only shows the affiliation and not the user's identity (without further research), what are the implications?

The issue is not traceability, but rather potentially undercutting your argument that you are a private network and thus exempt from CALEA? Would this be considered deminimus use and thus not an issue?

Most large institutions have implemented a guest access system coupled with a web portal, and 802.1x is a different paradigm. This can lead to uncertainty and hesitation hindering adoption... Smaller institutions tend to use widely used and easier to manage vendor solutions. Since not all institutions will be participating in eduroam, there will still be a need for guest access systems ongoing. Eduroam complements guest access, it doesn't replace it.

De-provisioning is emerging as an important issue in the middleware space, and in turn may be an important factor as campuses evaluate eduroam.

We need to distinguish that while this is a federated use case, it isn't necessarily InCommon as THE underlying federation.

- Merger Update
The Merger Planning Team (MPT) continues their work toward a definitive agreement for the respective boards to vote on. The advisory committees have been elected. Security is not represented specifically in any one advisory committee, but the most likely home for it is the Applications, Middleware & Services Advisory Council (AMSAC). http://www.internet2.edu/elections/

- Storm Worm DDoS Threat to the EDU Sector
Reference the recent mail to the CIO and Security lists. REN-ISAC is working to educate the .edu sector about this

- Security, IdM and Tempe camp - begin planning next week?
The next middleware camp in Tempe (Feb 2008) will link IdM and security. Who is the target audience - security people or IdM people? This will be fleshed out as the meeting is planned, Chris is on the program committee. There is a conflicting meeting that would likely keep most of the security people away from this, thus the target audience will probably be the IdM community.

- Illegal File Sharing - ToDo? run its course?? If there is value we can offer we should do so. Mark will check with Educause to see if they need some help.