Minutes: SALSA NetAuth call
30-Mar-06
*Attendees*
Chris Misra,
U. Massachusetts (chair)
Kevin Amorin, Harvard U.
Rich Cropp,
Penn State U.
Eric Gauthier, Boston U.
Steve Olshansky, Internet2
Charles Yun, Internet2
Katherine Strojny, Internet2 (scribe)
*Action Items* New:
[AI] {Kevin} will solicit the list for
questions to include in the FAQ and for people to edit the
wiki.
[AI] {Chris} will propose to the list that the next scheduled
call (13-Apr-06) be cancelled due to Security Professionals.
[AI] {Anyone} who has slides or content related to NetAuth
use cases or case studies, send them to SteveO for posting
on the NetAuth website.
Carry Over:
[AI] {Individuals} are
requested to send in case studies for potential use in NetAuth
documents.
[AI] {Chris} will clean up the action item list.
[AI] {Chris} will send a note to Lisa prior to April 10 informing
her of a NetAuth document for the information table at Security
Professionals.
[AI] {Kevin} will write up the challenges of
going from theoretical to deployed 802.1X.
[AI] {Group} will
re-evaluate the finalized documents to determine whether the
term "host posture assessment" should
be included.
[AI] {Chris} will make sure the 802.1X session information
goes out to the FWNA, NetAuth, and Wireless lists.
[AI] {Anyone}
interested in creating a document for the info table at Security
Professionals, send a note to the list or to Chris. The document
will be needed by 6-Apr-06.
[AI] {Kevin} volunteered to do a
first draft of the NetAuth FAQ, with the goal of sending it out
to the list before the end of March.
[AI] {Chris} will send a
notice about upcoming meetings with Netauth discussions.
[AI]
Once content is more complete and the wiki is in a permanent
location, {Chris and Kevin} will get a note out to some of the
lists announcing the wiki.
[AI] {Group} is invited to take a
look at the NetAuth wiki and add content, toward developing a
repository of useful information and understanding the solution
space better. In particular, Kevin is seeking input on isolation
methods and Frequently Asked Questions.
[AI] {Kevin} will email
the list and see if anyone wants to join the case studies project.
[AI] The following individuals volunteered to write case studies,
with a soft deadline of March 30:
- {Chris Misra}: Layer 2 & 3
isolation using NetReg and a homegrown switching system
- {John
Moore}: Lockdown Networks and VLAN switching
- {Kevin Amorin}:
PacketFence (ARP manipulation and VLANs)
[AI] People are sought
who can draft case studies for Cisco Clean Access. If anyone
knows of candidates, please contact Chris.
[AI] When the ResNet
survey goes live, {Chris} will post a notice to the list in order
to encourage participation.
[AI] {Group} will delegate liaisons
for TNC and NAC.
[AI] {Kevin Amorin} will send information to
the list about EAP (Extensible Authentication Protocol) activity
currently underway in IETF.
[AI] {Individuals} who look into
the IETF Distributed Security (distsec) mailing list are requested
to provide feedback to the group on whether the activities are
of interest to this group. To join the list, refer to the following
link: https://www.machshav.com/mailman/listinfo.cgi/distsec
[AI]
{Chris} and {SteveO} will send a note to the WG via the list
soliciting suggestions for the future direction of the WG.
[AI]
{Chris} will put together a few slides describing intersection
points between SALSA NetAuth and SALSA NetAuth-FWNA.
[AI] {Chris}
will send the list of vendor questions developed by the WG during
this call to the group via the list. This will move forward in
collaboration with the effective practice group at EDUCAUSE.
[AI] {Chris} will arrange vendor discussions for a subsequent
call.
[AI] {Chris} will post messages to the NetAuth and FWNA
lists soliciting volunteers to develop an outline of issues for
NetAuth in a federated environment.
[AI] {Chris} will solicit
from the WG contributions about NetAuth vendor solutions currently
being used.
*Discussion*
Intellectual Property Reminder: The
Internet2 intellectual property policy can be found here: http://members.internet2.edu/intellectualproperty.html
Discussion included updates on the NetAuth wiki, upcoming events, case studies, terminology impact on documents, and PANA and NEA activity. Action items were reviewed and previous minutes were approved. A proposal was made that the next scheduled call be cancelled due to Security Professionals.
Security Professionals will take place the week of 10-Apr-06. A NetAuth BoF is likely to take place, though it may be informal.
A spreadsheet was recently circulated to the list, concerning sessions at the Spring 2006 Internet2 Member Meeting (Arlington, VA, April 24-26). Information about the event can be found at the following link: http://events.internet2.edu/2006/spring-mm
The NetAuth wiki has moved to the new Internet2 platform from its temporary location, and an announcement was posted to the list. The wiki is open; people can view it anonymously and register themselves in order to edit. Many thanks to Kevin Amorin for hosting the wiki in its temporary location. The NetAuth site has updated links to the wiki in its new location: http://security.internet2.edu/netauth/ The wiki may also be viewed directly via the following link: https://wiki.internet2.edu/confluence/display/NetAuthWG/Home
Kevin has a boilerplate FAQ available and is seeking input from anyone who has questions for the NetAuth FAQ. [AI] {Kevin} will solicit the list for questions to include in the FAQ and for people to edit the wiki. Direct editing is encouraged, rather than having to go through Kevin.
[AI] {Anyone} who has slides or content related to NetAuth use cases or case studies, send them to SteveO or Chris for posting on the NetAuth website. No use case content has been submitted yet for review, but work is progressing, and the topic will remain an agenda item.
Should the finalized documents be revised to include the term "host posture assessment" as a phase of host identification? One suggestion was that it might be more efficient to get an idea of where the documents are going before expending effort. For instance, if current efforts such as NEA or PANA supersede, revisions might be irrelevant. NEA stands for Network Endpoint Assessment, and PANA is Protocol for carrying Authenication for Network Access.
Do we try to influence NEA work or follow? On one hand, NetAuth could have a role by presenting overall architecture, and showing where NEA fits. On the other hand, NEA is moving quickly and it's more likely that we'll have to follow. NEA and PANA will remain agenda items.
What is PANA? PANA (Protocol for carrying Authentication for Network Access) is a non-802-specific protocol for authenticating IP-based devices over a variety of networks other than just Ethernet. For more information, refer to RFCs 4016 and 4058. An overview can be found in the PANA charter: http://www.ietf.org/html.charters/pana-charter.html
[AI] {Chris} will propose to the list that the next call (13-Apr-06) be cancelled due to Security Professionals. In the event this proposal is approved, the next call is scheduled to take place 27-Apr-06. Agenda and bridge will go out to the list in advance of the call.