Minutes: SALSA NetAuth call 10-Nov-05

Minutes: SALSA NetAuth call 10-Nov-05

*Attendees*

Chris Misra, University of Massachusetts (chair)
Rich Cropp, Penn State University
Randy Hegarty, Penn State University
Kevin Amorin, Harvard University
Renee Frost, Internet2
Lynn Little, Internet2
Steve Olshansky, Internet2
Charles Yun, Internet2
Katherine Strojny, Internet2 (scribe)

*Action Items*

New:

[AI] {SteveO} and {Chris} will work offline towards providing a means for public input on the wiki.

[AI] {SteveO} will add a link for the wiki to the NetAuth web page.

[AI] {Group} will take a look at the wiki and start populating useful links for components-related content, toward developing a repository of useful information and understanding the solution space better.

[AI] {Group} will delegate liaisons for TNC and NAC.

[AI] Chris will coordinate with the Effective Practices Guide working group at EDUCAUSE for anything this group can provide, such as written material or resources, as they revise the guide.

Carry Over:

[AI] {SteveO} will add a new section to the NetAuth website for "Related Work" and will solicit suggestions for content from the list.

[AI] {Group} Send suggestions for presentations or BoF sessions to be held during the upcoming Security Professionals conference April 10-12, 2006. Proposals are due by November 28. More conference information is available at the following link: http://www.educause.edu/sec06

[AI] {Kevin Amorin} will send information to the list about EAP (Extensible Authentication Protocol) activity currently underway in IETF.

[AI] {Chris} will publish information about the NERCOMP SIG to be held February 7, 2006, concerning the topic of Automated Network Security Policy.
     http://www.nercomp.org/calendar.html

[AI] {Individuals} who look into the IETF Distributed Security
(distsec) mailing list are requested to provide feedback to the group on whether the activities are of interest to this group. To join the list, refer to the following link: https://www.machshav.com/mailman/listinfo.cgi/distsec

[AI] {Chris} and {SteveO} will send a note to the WG via the list soliciting suggestions for the future direction of the WG.

[AI] {Chris} will put together a few slides describing intersection points between SALSA NetAuth and SALSA NetAuth-FWNA.

[AI] {Chris} will send the list of vendor questions developed by the WG during this call to the group via the list. This will move forward in collaboration with the effective practice group at EDUCAUSE.

[AI] {Chris} will arrange vendor discussions for a subsequent call.

[AI] {Chris} will post message to the NetAuth and FWNA lists soliciting volunteers to develop an outline of issues for NetAuth in a federated environment.

[AI] {Chris} will solicit from the WG contributions about NetAuth vendor solutions currently being used.

[AI] {Individuals} will send in case studies for potential use in the Strategies document.

*Discussion*

Intellectual Property Reminder:
The Internet2 intellectual property policy can be found here:
       http://members.internet2.edu/intellectualproperty.html

The agenda included discussion of upcoming events, the new wiki, the Components document, and the question of how CALEA compliance impacts NetAuth. Minutes from the last call were provisionally approved.

The next Security Professionals conference will be held April 10-12, 2006 in Denver. Proposals are open until November 28. Chris Misra and Kevin Amorin will hold a pre-conference seminar. More conference information is available here:
     http://www.educause.edu/sec06

Also, a NERCOMP SIG meeting will be held February 7, 2006, at U. Mass. in Amherst, Massachusetts, with a topic of Automated Network Policy Enforcement. More information can be found as a link from the NERCOMP SIG calendar:
     http://www.nercomp.org/calendar.html

A new NetAuth wiki is available, thanks to Kevin Miller. The intent is that the wiki will serve as a dynamic repository for the group and others to document open source solutions and link to new technologies, with an eye toward identifying commonalities and areas to support as a working group. Currently, the wiki is password-restricted. In response to concerns, [AI] {SteveO} and {Chris} will work offline towards providing a means for public input. [AI] {SteveO} will also add a link to the wiki from the NetAuth page. [AI] {Group} will take a look at the wiki and start populating useful links for components-related content, toward developing a repository of useful information and understanding the solution space better. Currently, the wiki can be found at the following site:
     http://fwna.oit.duke.edu:2500/netauth/show/HomePage

Internet2 is working toward providing a wiki platform, since several working groups have indicated a need. Access will be given to schools that are members of InCommon. Renee encouraged anyone with questions to contact her or to go through the general contact email on the InCommon website:
     http://incommonfederation.org

The group discussed implications of NAC (Network Admission Control) Phase 2, which includes protocols such as HCAP and GAME. It was agreed that, in the area of network node validation, using API-oriented technology makes more sense than data scraping, which is what many sites use to tie together various products. The group should keep an eye this area and see whether there's either a space for deploying something or writing up a document explaining how these protocols fit and how you would plug them together.

The topic of creating TNC (Trusted Network Connect) and NAC liaison positions was revisited and made into a group action item.

Regarding the recent Reconnections workshop (see previous minutes for background), Charles and Steve reported that the document is still in progress, and the submitted presentations are now available, through a link from the main security page: http://security.internet2.edu/

In discussing the Components document, it was agreed that there may be a need to reframe it as a reference document for NetAuth protocol suites, addressing the questions: what components are available, what do they do, and how would you plug them together if you had to. This might also be a good use for the wiki.

[AI] Chris will coordinate with the Effective Practices Guide working group at EDUCAUSE for anything this group can provide, such as written material or resources, as they rewrite the Effective Practices guide.

The group opened the question of whether NetAuth components fit in with CALEA (Communications Assistance for Law Enforcement Act) compliance. CALEA data requirements ask for a specific device, port, or person, and NetAuth maps devices to people. There are more questions than answers at this point, and EDUCAUSE is an organization we can look to for policy interpretation. Charles invited people to contact him if interested in informal CALEA discussion at the upcoming Joint Techs workshop, or elsewhere. If sufficient interest is generated, more formal activities may follow.

The call that would have taken place in two weeks is cancelled since it coincides with the U.S. Thanksgiving holiday. The next scheduled call will take place in four weeks, on 8-December. Agenda and bridge will go out to the mailing list prior to the call.

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.1/204 - Release Date: 12/15/2005