Minutes: SALSA NetAuth call 22-June-06

Minutes: SALSA NetAuth call
22-June-06

*Attendees*
Chris Misra, U. Massachusetts (chair)
Kevin Amorin, Harvard U.
Rich Cropp, Penn State U.
Eric Gauthier, Boston U.
Philippe Hanset, U. Tennessee
Mihir Mohanty, McAfee Associates
Steve Olshansky, Internet2
Katherine Strojny, Internet2 (scribe)

*Action Items* New: (Revised)
[AI] {Kevin Amorin} will send NEA and NetAuth links to the mailing list in order to get feedback.
[AI] {Group} will send comments to the mailing list on NEA requirements by 6-July-06 (next NetAuth call). The requirements document can be found here: http://www1.ietf.org/mail-archive/web/nea/current/msg00185.html
[AI] {Chris and Kevin} will compile group comments on NEA documents by 11-July-06 (IETF conference).
[AI] {Chris and Kevin} will talk to Kevin Miller about how to link the NetAuth and FWNA wikis in order to facilitate development of 802.1X content.
[AI] {Chris} will talk to John Vollbrecht about starting the 802.1X document. Carry Over:
[AI] {Group} will collaborate to draft 802.1X deployment documents via wiki.
[AI] It was proposed that the {group} think about placing registration data in LDAP as a canonical storage method, so that, for example, DHCP can access the data in LDAP instead of having an internal database.
[AI] {Kevin} will solicit the list for questions to include in the FAQ and for people to edit the wiki.
[AI] {Anyone} who has slides or content related to NetAuth use cases or case studies, send them to SteveO for posting on the NetAuth website.
[AI] {Kevin} will write up the challenges of going from theoretical to deployed 802.1X.
[AI] {Group} will re-evaluate the finalized documents to determine whether the term "host posture assessment" should be included.
[AI] {Kevin} volunteered to do a first draft of the NetAuth FAQ, with the goal of sending it out to the list before the end of March.
[AI] {Chris} will send a notice about upcoming meetings with Netauth discussions.
[AI] Once content is more complete and the wiki is in a permanent location, {Chris and Kevin} will get a note out to some of the lists announcing the wiki.
[AI] {Group} is invited to take a look at the NetAuth wiki and add content, toward developing a repository of useful information and understanding the solution space better. In particular, Kevin is seeking input on isolation methods and Frequently Asked Questions.
[AI] {Kevin} will email the list and see if anyone wants to join the case studies project.
[AI] The following individuals volunteered to write case studies, with a soft deadline of March 30:
- {Chris Misra}: Layer 2 & 3 isolation using NetReg and a homegrown switching system
- {John Moore}: Lockdown Networks and VLAN switching
- {Kevin Amorin}: PacketFence (ARP manipulation and VLANs)
[AI] People are sought who can draft case studies for Cisco Clean Access. If anyone knows of candidates, please contact Chris.
[AI] {Group} will delegate liaisons for TNC and NAC.
[AI] {Kevin Amorin} will send information to the list about EAP (Extensible Authentication Protocol) activity currently underway in IETF.
[AI] {Individuals} who look into the IETF Distributed Security (distsec) mailing list are requested to provide feedback to the group on whether the activities are of interest to this group. To join the list, refer to the following link: https://www.machshav.com/mailman/listinfo.cgi/distsec
[AI] {Chris} and {SteveO} will send a note to the WG via the list soliciting suggestions for the future direction of the WG.
[AI] {Chris} will put together a few slides describing intersection points between SALSA NetAuth and SALSA NetAuth-FWNA.
[AI] {Chris} will send the list of vendor questions developed by the WG during this call to the group via the list. This will move forward in collaboration with the effective practice group at EDUCAUSE.
[AI] {Chris} will arrange vendor discussions for a subsequent call. [AI] {Chris} will post messages to the NetAuth and FWNA lists soliciting volunteers to develop an outline of issues for NetAuth in a federated environment.
[AI] {Chris} will solicit from the WG contributions about NetAuth vendor solutions currently being used.

*Discussion*
Intellectual Property Reminder: The Internet2 intellectual property policy can be found here: http://members.internet2.edu/intellectualproperty.html

The minutes of the prior meeting were approved.Discussion included the 802.1X documentation effort, EduDevice status, a call for feedback on NEA documents, and a proposed change to the regular call time.

The group discussed the 802.1X documentation project, which addresses the lack of decision documentation for 802.1X architecture and deployment. The wiki will be used to enable content development and collaboration.

The existence of an 802.1X chapter on the FWNA wiki was noted. Should the NetAuth and FWNA documentation evolve separately and then be consolidated, or should it be consolidated now and then evolve? The preference was voiced to consolidate now, since the NetAuth effort has just started. [AI] {Chris and Kevin} will talk to Kevin Miller about how to link the NetAuth and FWNA wikis in order to facilitate consolidated development of 802.1X content.

Will there still be a difference in focus between the FWNA and NetAuth 802.1X documentation efforts, and how will the content reflect this? The though was to focus the NetAuth effort on the non-federated side but to make it federated-aware, for example, the EAP method you choose today may impact your ability to do roaming in the future. It was pointed out that roaming should not be seen only as a gigantic federation. There can be repetition between the two efforts, for example, detail in one, summary in the other.

[AI] {Chris} will talk to John Vollbrecht about starting the 802.1X architecture document.

EduDevice is currently tabled because there are no pressing use cases. EduDevice is a formative idea involving the canonicalization of educational devices for use in LDAP. Anyone with an interest in using the results of this project may wish to provide input, since a use case provided by an end user may serve to focus and remobilize the effort.

Kevin reported on the IETF Network Endpoint Assessment (NEA) group. NEA is relevant to NetAuth since it involves defining standards for communicating assertions about network endpoints to different NetAuth components. NetAuth has an interest in ensuring that the current/future capabilities deployed in higher education are compatible with the protocol environment the NEA group is proposing.

In preparation for the upcoming IETF conference in Montreal, on 11-July-06, the NEA group is working on three documents: requirements (revision 1), problem statement (revision 4), and charter (for full working group instead of just a group). Feedback is requested on the requirements document: http://www1.ietf.org/mail-archive/web/nea/current/msg00185.html

[AI] {Kevin Amorin} will send links to the mailing list, and the {group} is requested to send comments to the mailing list on NEA requirements by a target dates of 6-July-06 (next NetAuth call). [AI] {Chris and Kevin} will compile group comments on NEA documents by July 11 (IETF conference). Additional background on NEA can be found in the problem statement and charter:
http://www1.ietf.org/mail-archive/web/nea/current/msg00184.html
http://www1.ietf.org/mail-archive/web/nea/current/msg00182.html

It was proposed that the regular call time be changed to 1 p.m. Eastern Time on the same Thursdays, due to a conflict with the IETF NEA call. The list will be polled for feedback. Contact Chris Misra or Steve Olshansky in the event of conflicts with this time.

The next call is scheduled to take place 6-July-06, at the new time of 1 p.m. E.T., if approved. Agenda and bridge will go to the list in advance of the call.