Minutes: SALSA NetAuth call 2-Mar-06

Minutes: SALSA NetAuth call
2-Mar-06

*Attendees*
Chris Misra, U. Massachusetts (chair)
Kevin Amorin, Harvard U.
Rich Cropp, Penn State U.
Lisa Hogeboom, Internet2
Lynn Little, Internet2
Steve Olshansky, Internet2
Charles Yun, Internet2
Katherine Strojny, Internet2 (scribe)

*Action Items*

New:

[AI] {Anyone} with ideas for getting publicity at upcoming meetings, contact Chris.

[AI] {Anyone} interested in creating a document for the info table at Security Professionals, send a note to the list or to Chris.

[AI] {Kevin} volunteered to do a first draft of the NetAuth FAQ, with the goal of sending it out to the list before the end of March.

[AI] {Charles} will send a summary to the list about the security sessions at the Spring Internet2 Member Meeting, once the sessions are finalized (mid-March).

[AI] {Charles and SteveO} will coordinate to get out an announcement at the end of March regarding rollout of the Internet2 wiki platform.

Carry Over:

[AI] {Individuals} are requested to send in case studies for potential use in NetAuth documents.

[AI] {Chris} will clean up the action item list.

[AI] {Chris} will send a notice about upcoming meetings with Netauth discussions.

[AI] Once content is more complete and the wiki is in a permanent location, {Chris and Kevin} will get a note out to some of the lists announcing the wiki.

[AI] {Group} is invited to take a look at the NetAuth wiki and add content, toward developing a repository of useful information and understanding the solution space better. In particular, Kevin is seeking input on isolation methods and Frequently Asked Questions.

[AI] {Kevin} will email the list and see if anyone wants to join the case studies project.

[AI] The following individuals volunteered to write case studies, with a soft deadline of March 30:
- {Chris Misra}: Layer 2 & 3 isolation using NetReg and a homegrown switching system
- {John Moore}: Lockdown Networks and VLAN switching
- {Kevin Amorin}: PacketFence (ARP manipulation and VLANs)

[AI] People are sought who can draft case studies for Cisco Clean Access. If anyone knows of candidates, please contact Chris.

[AI] When the ResNet survey goes live, {Chris} will post a notice to the list in order to encourage participation.

[AI] {Group} will delegate liaisons for TNC and NAC.

[AI] {Kevin Amorin} will send information to the list about EAP (Extensible Authentication Protocol) activity currently underway in IETF.

[AI] {Individuals} who look into the IETF Distributed Security (distsec) mailing list are requested to provide feedback to the group on whether the activities are of interest to this group. To join the list, refer to the following link: https://www.machshav.com/mailman/listinfo.cgi/distsec

[AI] {Chris} and {SteveO} will send a note to the WG via the list soliciting suggestions for the future direction of the WG.

[AI] {Chris} will put together a few slides describing intersection points between SALSA NetAuth and SALSA NetAuth-FWNA.

[AI] {Chris} will send the list of vendor questions developed by the WG during this call to the group via the list. This will move forward in collaboration with the effective practice group at EDUCAUSE.

[AI] {Chris} will arrange vendor discussions for a subsequent call.

[AI] {Chris} will post messages to the NetAuth and FWNA lists soliciting volunteers to develop an outline of issues for NetAuth in a federated environment.

[AI] {Chris} will solicit from the WG contributions about NetAuth vendor solutions currently being used.

*Discussion*

Intellectual Property Reminder:
The Internet2 intellectual property policy can be found here: http://members.internet2.edu/intellectualproperty.html

The call included updates on upcoming conferences, wiki activity, use cases, and the components guide. The group discussed how to leverage upcoming meetings to promote NetAuth interest. Action items were reviewed and the minutes from the last call were provisionally approved.

The Security Professionals conference will take place April 10-12, 2006 in Denver. A NetAuth BoF is tentatively planned for Monday night (schedule unconfirmed). Also on Monday, there will be a pre-conference NetAuth seminar (1-4), plus focus sessions on RINGS and a few other topics.
http://www.educause.edu/sec06

The Spring 2006 Internet2 Member Meeting will take place April 24-26 in Arlington, Virginia. A NetAuth session is planned as well as an 802.1x BoF. FWNA activities will be promoted and they will have test servers running. If anyone is going and wants to speak on NetAuth, contact Chris. [AI] {Charles} will send a summary to the list about the security sessions at the Spring Internet2 Member Meeting, once the sessions are finalized (mid-March).
http://events.internet2.edu/2006/spring-mm

Kevin reported that the wiki is up to 35 commercial vendor links. [AI] {Kevin} volunteered to do a first draft of the NetAuth FAQ, with the goal of sending it out to the list before the end of March. [AI] {Charles and SteveO} will coordinate to release an announcement toward the end of March regarding rollout of the Internet2 wiki platform.

Chris plans to get his effective practices use case ready for discussion during the next conference call, with the intention of ramping up the review process as the March 30 soft deadline approaches.

The components document continues to be on hold. Future direction is likely to depend on wiki activity and on feedback received during upcoming meetings.

How can we use upcoming meetings to drum up interest in NetAuth? Suggestions included putting together a paper document for the info table, and creating slips to put in the folders given out when people register. [AI] {Anyone} with more ideas for getting publicity at upcoming meetings, contact Chris. [AI] {Anyone} interested in creating a document for the info table at Security Professionals, send a note to the list or to Chris.

The next biweekly call will take place on 16-Mar-06. Schedule and bridge will go out to the list prior to the call.