SALSA NetAuth Conference Call August 18, 2005
*Action Items*
New
[AI] {SteveO} and {Eric} will work together on revising draft four of
the Architecture document to ensure its adherence to I2 document
guidelines. [AI] {Chris} will send a note to the group via the list
about sessions of interest at the Fall Internet2 Member Meeting. [AI]
{Chris} and {Eric} will talk with Kevin to begin drafting the first
version of the Components document. [AI] {Chris} and {SteveO} will send
a note to the WG via the list soliciting suggestions for the future
direction of the WG.
Carry Over
[AI] {Chris} will put together a few slides describing intersection
points between SALSA NetAuth and SALSA NetAuth-FWNA. [AI] {Kevin, Eric
and Chris} will add text to the Architecture document and republish the
document as draft 4, ensuring conformance with the newly released
Internet2 document guidelines. [AI] {Chris} will send the list of
vendor questions developed by the WG during this call to the group via
the list. [AI] {Chris} will arrange vendor discussions for a subsequent
call. [AI] {Chris} will contact Bob Morgan to discuss whether there may
be IETF activities that would be open to or in alignment with NetAuth
efforts. [AI] {Chris} will post message to the NetAuth and FWNA lists
soliciting volunteers to develop an outline of issues for NetAuth in a
federated environment. [AI] {Chris} will solicit from the WG
contributions about NetAuth vendor solutions currently being used. [AI]
{Individuals} will send in case studies for potential use in the
Strategies document.
*Participants*
Chris Misra, University of Massachusetts (chair)
Kevin Miller, Duke University
Rich Cropp, Penn State University
Randy Hagerty, Penn State University
Tony Genovese, ESnet
Eric Gauthier, Boston University
Terrie Clark, Internet2 (scribe)
Renee Frost, Internet2
Steve Olshansky, Internet2
*Discussion*
The Joint Techs workshop was held in Vancouver, British Columbia from
July 17 – 21, 2005. The efforts of SALSA, including those of the
NetAuth and the FWNA working groups were of interest to attendees. Also
of interest was the potential deployment of Eduroam in the United
States. Participants at the Joint Techs meeting discussed the need for
integrated network management tools. Should Internet2 address this?
Consensus was that a feature rich set of integrated network management
tools should include NetAuth capabilities.
The WG could develop standards for institutions to use when deploying
NetAuth. The standards could include recommendations about managing
routers, firewalls, edge ports, data caches, bridges, caching, VLANs,
and synchronized configurations. Since many institutions have networks
built with disparate vendor components, it was decided to narrow the
focus of the recommendations to NetAuth-related activities. The WG
discussed building a reference model portraying a fully functional
NetAuth system and the accompanying requirements for the system. The
upcoming Components document will address the requirements for a
NetAuth solution and serve as a reference model for institutions
implementing a NetAuth solution.
The schedule for the Fall 2005 Internet2 Member Meeting to be held
September 19
- 22 in Philadelphia, PA is now online at:
http://events.internet2.edu/2005/fall-mm. The WG will present NetAuth
efforts as well as hold a joint NetAuth/FWNA BoF. Individuals can
search the posted program for sessions discussing topics of interest.
The group discussed SALSA and SALSA-NetAuth future efforts to be
evaluated at the Fall I2 Member Meeting. Two possible future efforts
are NetAuth in a federated environment and developing software tools
necessary for NetAuth solutions. Perhaps a useful effort would be
developing case studies, use cases or guidelines and recommended
practices for NetAuth.
MIT will hold a security camp Monday, August 22, 2005. For more
information please see: http://websurvey.mit.edu/scamp/agenda.html
During the most recent FWNA call the FWNA group discussed a framework
for deploying Eduroam in the US. The current Eduroam model is thought
to be the most effective for early adopters. The FWNA group has a Wiki
for the effort, linked from the WG page
http://security.internet2.edu/fwna/. For more information please see:
http://security.internet2.edu/fwna/minutes/NetAuth-FWNA-28-July-2005.html
The group also discussed past and future efforts of SALSA,
SALSA-NetAuth and SALSA-NetAuth/FWNA. It was discussed that perhaps
Eduroam.US efforts may consume the majority of the FWNA WG’s efforts.
The FWNA WG may choose to focus on operational issues and technical
design/architecture for Eduroam deployment in the US.
The group discussed efforts necessary for the start of the fall
semester and the impact of recently announced Microsoft
vulnerabilities. Most institutions will scan students’ computers during
network pre-registration. Faculty and administrative computers that
have remained inactive over the summer will be scanned and remediated.
It is hoped that students with newer computer systems will have
appropriate protection, if not, then remediation can be required before
allowing them onto the network.
Some institutions are considering migrating from open source solutions
to solutions developed by commercial vendors. The ones that are
considering this that we are aware of do not have a specific timeframe
established for the migration. One strong argument for continuing to
use open source solutions is the high cost of the technology and
retraining of network engineers/managers/administrators. Some
institutions are also considering deploying an 802.1x network.
The next call is Thursday, September 1, 2005 at 12:00 PM EDT. An agenda
with the call in number will be sent out to the WG via the list prior
to the call.