*Action Items*
New
[AI] {Chris} will post message to the NetAuth and FWNA lists soliciting volunteers
to develop an outline of issues for NetAuth in a federated environment.
[AI] {Eric} will update the Strategies document to include IDS and IPS remediation
and NAT device detection.
Carry Over
[AI] {Chris} will post changes to Strategies document to the list.
[AI] {Kevin} will incorporate WG comments into the next draft of the Futures
document and submit it to group.
[AI] {Chris} will solicit from the WG contributions about NetAuth vendor solutions
currently being used.
[AI] {Mike} will provide a brief summary of ESnet collaborative trust domain
commonalities.
[AI] {Individuals} will via the list send proposed topics for the Spring I2
member meeting in response to the call for proposal to the group.
[AI] {Individuals} will send in case studies for potential use in the Strategies
document.
[AI] {Group} will review slides posted for EDUCAUSE regional group meeting.
[AI] {Group} will review information to be used as the appendix for the Strategies
document.
[AI] {Chris} will find editors to help with the appendix of the Strategies document.
[AI] {Chris and Mark} will develop the NetAuth approach to NAT devices as a
discussion topic for submission to the Effective Practices WG.
[AI] {Group} via the list will send suggestions for use cases augmenting the
Strategies document.
[AI] {SteveO} will submit the Strategies document to the Internet2 document
library once it is considered draft three.
[AI] {SteveO} will post I2 document standard links to the WG’s website.
*Participants*
Chris Misra, U. Massachusetts (chair)
Robert Brentrup, Dartmouth College
Dhivakaran Muruganantham, ESnet
Mike Wiseman, University of Toronto
Kevin Miller, Duke University
Eric Gauthier, Boston University
Tom Zeller, Indiana University
Rich Cropp, Penn State University
Robert Lowe, Lawrence University
Terrie Clark, Internet2 (scribe)
Lisa Hogeboom, Internet2
Steve Olshansky, Internet2
*Discussion*
There are several upcoming meetings with sessions discussing NetAuth related efforts:
The NERCOMP Conference held from March 6 - 8 2005 in Worcester, Massachusetts
will have a SALSA-NetAuth Session Birds-of-a-Feather discussion on Monday, March
07, 2005 from 12:05PM - 12:55PM. For more information please see: http://www.educause.edu/content.asp?SECTION_ID=37
NetAuth WG members will hold an informal meeting to discuss the Futures document
at the Security Camp at Boston University held on March 11, 2005 in Boston,
MA. For more information please see: http://www.bu.edu/security/camp/
The Security Professionals Conference held from April 3 – 5, 2005 in Washington, DC will have sessions that might be of interest to NetAuth WG members.
There will be a joint NetAuth-FWNA track session at the Spring I2 Member Meeting held from May 2 – 5, 2005 in Arlington, VA. For more information please see: http://events.internet2.edu/2005/spring-mm/
The group discussed IDSs and IPSs as remediation tools. While IDSs and IPSs are somewhat generic tools and are not universally extensible, they are useful components of incident handling and host remediation systems. Prior to now, these topics have not been addressed in terms of using a single data source for the multiple purposes of remediation and notification. The group views notification as a separate process from remediation because in certain circumstances notification is the only required action.
The group also discussed NAT devices in network registration. When MAC addresses are used to identify devices, the NAT device registers its MAC address to the network rather than the user’s and the registering end user remains ‘anonymous’ to the network. This presents further challenges with end user notification and remediation.
The group decided to expand the Strategies document to address IDSs and IPSs as remediation tools, and NAT devices.
The Futures document is in pre-draft outline format. The group will begin developing the outline format into a text draft format.
Along with the Effective Practices WG, the NetAuth WG still seeks case studies to augment the Strategies document.
The group discussed implementing NetAuth in a federated environment. It was decided that the group will develop a web-based document addressing what it means to deploy NetAuth in a federated environment. This document will discuss remediation, notification, authentication and authorization with regards to visiting scholars. This will allow the group to focus on the more current issue of how existing NetAuth systems might work in federated environment and (for now) not the long-term issue of how to deploy a federated NetAuth system.
The next call is Thursday, March 17, 2005 at 12:00 PM ET. An agenda with the
call in number will be sent out to the WG via the list prior to the call.