Salsa NetAuth call 29-Sep-05

Minutes: Salsa NetAuth call 29-Sep-05

*Attendees*

Chris Misra, University of Massachusetts (chair)
Zach Reimer, U. Nebraska - Lincoln
Eric Gauthier, Boston University
Rich Cropp, Penn State University
Kevin Amorin, Harvard University
Charles Yun, Internet2
Lisa Hogeboom, Internet2
Katherine Strojny, Internet2 (scribe)

*Action Items*

New

[AI] {SteveO} will move architecture document to final, consistent with thoughts of the working group.

[AI] {Group} The EDUCAUSE Effective Security Practices Guide is in the process of being updated. {Group} is requested to look at it from NetAuth perspective and comment on any gaps and deficiencies. Address comments to the list or to the next Salsa NetAuth conference call so that feedback can be brought to the workgroup at the EDUCAUSE annual meeting in October in Orlando . The guide can be found here: http://www.educause.edu/EffectiveSecurityPracticesGuide/1246

Carryover
[AI] {Chris} and {SteveO} will send a note to the WG via the list soliciting suggestions for the future direction of the WG.

[AI] {Chris} will put together a few slides describing intersection points between SALSA NetAuth and SALSA NetAuth-FWNA.

[AI] {Chris} will send the list of vendor questions developed by the WG during this call to the group via the list. Update: This will move forward in collaboration with the effective practice group at EDUCAUSE.

[AI] {Chris} will arrange vendor discussions for a subsequent call.

[AI] {Chris} will contact Bob Morgan to discuss whether there may be IETF activities that would be open to or in alignment with NetAuth efforts.

[AI] {Chris} will post message to the NetAuth and FWNA lists soliciting volunteers to develop an outline of issues for NetAuth in a federated environment.

[AI] {Chris} will solicit from the WG contributions about NetAuth vendor solutions currently being used.

[AI] {Individuals} will send in case studies for potential use in the Strategies document.

*Discussion*

The agenda included review of completed action items, a recap of the fall member meeting, finalization of the Architecture document, continued input on the Components document, and a request for feedback on the Effective Practices Guide.

Intellectual Property Reminder:

The Internet2 intellectual property policy can be found here:
http://members.internet2.edu/intellectualproperty.html

The minutes from the last conference call were provisionally approved.

Action item review:

Eric and SteveO have completed and posted draft four of the Architecture document. Kevin, Eric, and Chris have modified it to ensure its adherence to I2 document guidelines. A last call for comments was made. [AI] {SteveO} will move architecture document to final, consistent with thoughts of the working group. The document can be seen as a link from the NetAuth page (currently under Draft
Documents):
http://security.internet2.edu/netauth/

Regarding the list of vendor questions, there has been some progress, and it will continue move forward in collaboration with the effective practice group at EDUCAUSE.

Fall Member Meeting Recap:

At the working group meeting, the consensus was that the work we're doing is useful and worth continuing: finalize documents, start others, and keep making progress.

Kevin Amorin and Eric Gauthier presented on "Network Architecture for Automatic Security and Policy Enforcement". Slides and netcast can be found as links from this page: http://events.internet2.edu/2005/fall-mm/sessionDetails.cfm?session=2244&event=239

Components Document:

The group reviewed changes to the Components document that Kevin Amorin has been working on. This is posted as a link from the NetAuth
page:
http://security.internet2.edu/netauth/
The following changes will be made as a result of recent feedback:
- The AAA/policy query will go to a "Data Repository", not a "Policy Repository".
- "Access Requester" will be changed to "Endpoint".
- The fluffy cloud in the diagram will be renamed "federation" or "federated domain".
- It was decided that "Administrative Domain" will be renamed "Federated Domain", to reflect that queries from a policy decision point could go to a local or non-local data repository and auth decision in a federated environment. People are requested to comment if they have any objections.
- Some clarifications will be incorporated in the NetReg case.

The group is encouraged to review the Components document and to continue providing Kevin with feedback. He is considering doing case studies on Bradford and on VLAN switching.

Effective Practices Guide Review:

[AI] {Group} The EDUCAUSE Effective Security Practices Guide is in the process of being updated. {Group} is requested to look at it from NetAuth perspective and to identify and possibly address any gaps and deficiencies. Address comments to the list or to the next Salsa NetAuth conference call so that feedback can be brought to the effective practices workgroup meeting in October (at the EDUCAUSE Annual Meeting in Orlando). There will be one more call before the EDUCAUSE meeting, and a request for feedback will be on the agenda. The guide can be found here: http://www.educause.edu/EffectiveSecurityPracticesGuide/1246

Levels of assurance for NetAuth in a federated environment will be left as an agenda item, with the expectation that levels of assurance definitions will shake out as components and inter-realm communication are defined.

The next SALSA-NetAuth conference call is scheduled for Thursday, 13-October.