SALSA NetAuth Conference Call May 26, 2005
*Action Items*
[AI] {Chris} will send the list of vendor questions developed by the WG
during this call to the group via the list.
[AI] {Chris} will post the Futures document draft 2A to the WG's
website.
Carry Over
[AI] {Eric and Kevin} will revise the diagram in the Futures
(architecture) document and send the document to the WG as version 3.
[AI] {Chris} will arrange vendor discussions for a subsequent call.
[AI] {Chris} will contact Bob Morgan to discuss whether there may be
IETF activities that would be open to or in alignment with NetAuth
efforts.
[AI] {Jeff} will send the presentation for EDUCAUSE Mid-Atlantic
regional meeting in January and review it for possible case study
possibility
[AI] {Chris} will post message to the NetAuth and FWNA lists soliciting
volunteers to develop an outline of issues for NetAuth in a federated
environment.
[AI] {Chris} will solicit from the WG contributions about NetAuth
vendor solutions currently being used.
[AI] {Mike} will provide a brief summary of ESnet collaborative trust
domain commonalities.
[AI] {Individuals} will send in case studies for potential use in the
Strategies document.
[AI] {Group} will review slides posted for EDUCAUSE regional group
meeting.
[AI] {Group} will review information to be used as the appendix for the
Strategies document.
[AI] {Chris} will find editors to help with the appendix of the
Strategies document.
[AI] {Chris and Mark} will develop the NetAuth approach to NAT devices
as a discussion topic for submission to the Effective Practices WG.
[AI] {SteveO} will post I2 document standard links to the WG's website.
*Participants*
Chris Misra, University of Massachusetts (chair)
Klaas Wierenga, SURFnet
Kevin Miller, Duke University
Phil Rodrigues, New York University
Rich Cropp, Penn State University
Robert Lowe, Lawrence University
Terrie Clark, Internet2 (scribe)
Steve Olshansky, Internet2
*Discussion*
The ResNet 2005 conference will be held in June, 2005 at Georgia
Institution of Technology. For more information please see:
http://resnet2005.gatech.edu/.
A Joint Techs workshop will be held in Vancouver, British Columbia from
July 17 - 21, 2005. The efforts of the SALSA, including those of the
NetAuth working group, will be of interest to attendees and will be
presented at the workshop. For info on Joint Techs see
http://jointtechs.es.net/Vancouver20051.htm. It is possible that this
will be an appropriate forum for a face-to-face discussion with network
architects and engineers about the NetAuth WG's Strategies and Futures
documents.
The Call for Participation for the Fall 2005 Internet2 Member Meeting,
scheduled for September 19 - 22 in Philadelphia, PA is now
available for response
at:http://events.internet2.edu/2005/fall-mm/calls.cfm.
Many vendors are working on approaches to enhancing network security.
The two most notable in our context are Cisco Network Admission Control
(NAC) and Microsoft Network Access Protection (NAP). While these
companies differ in network security approaches, the group agreed that
it would be useful to solicit input and provide feedback to vendors
wishing to serve the Research and Education community. To that end, the
group has developed a list of questions for the vendors, including but
not limited to:
1. Does their solution interoperate with competitors' solutions in an
institutional environment?
2. Does their solution interoperate with competitors' solutions in a
federated environment?
3. Where/how does their system enforce policy decisions?
4. Does their system provide open APIs?
5. What components do they require for interoperability in
institutional and federated environments?
6. If their solution is proprietary and not interoperable, do they
suggest that their solution will become the open solution standard?
The Futures document will undergo a few minor changes. It will be sent
to the list, reviewed by the group and published as draft 3. Once
published it will be vetted among other groups such as SALSA, ResNet
and FWNA. Hopefully, the document as draft 3 will be completed by
the end of June.
The group discussed the revived interest of NetAuth efforts in a
federated environment. Most institutions have not yet addressed
federated requirements. It was discussed that perhaps by understanding
what levels of service/assurance are required for various applications,
and how they are provided to local users (hosts), then that
understanding would provide a broader context for discussions about
NetAuth in a federated environment. It was agreed that policy decisions
per institution would determine requirements for credentials and levels
of service/assurance per institution. What technical solutions are
required to provide NetAuth in a federated environment?
A user's credentials will imply/reflect a level of service/assurance,
and an application will have required credentials for levels of
service/assurance. If these credentials and applications are similar
across institutions, then development of a federated solution may be
closer at hand, although it is unlikely that one institution's
credentials and levels of service/assurance will perfectly match those
of another institution. The group would like to understand Eduroam's
efforts in this area.
Efforts to collaborate with the EDUCAUSE Effective Practices group for
case study development have been suspended for now.
The next call is Thursday, June 9, 2005 at 12:00 PM EDT. An agenda with
the call in number will be sent out to the WG via the list prior to the
call.