*Action Items*
New
[AI] {Kevin} will send ARP isolation addition to the group for the Strategies document.
[AI] {Jeff} will send the presentation for EDUCAUSE Mid-Atlantic regional meeting in January and review it for possible case study possibility
[AI] {Kevin and Eric} will modify Futures document figures (diagrams) incorporating the groups’ comments.
[AI] {Robert} will develop additional diagrams to be used as comparison models for the figures in the Futures document.
[AI] {Robert} will send HTMLWDIFF information to the group via the list.

Carry Over
[AI] {Chris} will post message to the NetAuth and FWNA lists soliciting volunteers to develop an outline of issues for NetAuth in a federated environment.
[AI] {Chris} will solicit from the WG contributions about NetAuth vendor solutions currently being used.
[AI] {Mike} will provide a brief summary of ESnet collaborative trust domain commonalities.
[AI] {Individuals} will send in case studies for potential use in the Strategies document.
[AI] {Group} will review slides posted for EDUCAUSE regional group meeting.
[AI] {Group} will review information to be used as the appendix for the Strategies document.
[AI] {Chris} will find editors to help with the appendix of the Strategies document.
[AI] {Chris and Mark} will develop the NetAuth approach to NAT devices as a discussion topic for submission to the Effective Practices WG.
[AI] {SteveO} will post I2 document standard links to the WG’s website.

*Participants*
Mark Poepping, Carnegie Mellon University
Phil Rodrigues, New York University
Kevin Amorin, Harvard University
Jeff Murphy, University of Buffalo
Eric Gauthier, Boston University (stand-in chair)
Rich Cropp, Penn State University
Robert Lowe, Lawrence University
Terrie Clark, Internet2 (scribe)
Lynn Freshour, Internet2
Renee Frost, Internet2
Lisa Hogeboom, Internet2
Steve Olshansky, Internet2

*Discussion*
There are several upcoming meetings of interest to the WG:

The Security Professionals Conference will be held April 4 – 5, 2005 in Washington, DC. For more information please see: http://www.educause.edu/sec05. There are numerous sessions discussing automated policy enforcement that may be of interest to group members.

There are NetAuth WG sessions at the Spring Internet2 Member Meeting, May 2 – 4, 2005 in Washington, DC. The NetAuth/FWNA BoF is currently scheduled for 3:00PM Monday, May 2, 2005. There will also be a combined NetAuth/FWNA session at 4:00PM the same day. For more information please see: http://events.internet2.edu/2005/spring-mm/.

The EDUCAUSE Security Professionals Conference is an appropriate venue to socialize the Strategies document. The Strategies document will be revised to include ARP strategies and published to the WG’s website as draft 4.

Several diagrams have been incorporated into the Futures document. The group discussed the first draft of the diagrams and decided to further vet the diagrams with the WG and other interested parties. Current changes to the diagrams include adding protocol layers to manage host based IPS, IDS and other network/gateway transition steps. These changes will further reflect policy determination. The diagrams will clarify proactive network monitoring and reactive network remediation. The diagram will reflect steps for detection of anomalous device behaviors. Detection of anomalous behavior can result in several outcomes; transition to a lower state, VLAN quarantine, session termination, notification or other remediation. The appropriate network outcome is determined by policy. Policy will determine whether a device transitions to the next layer. Policy will also determine the remediation for detection of anomalous behavior.

The group decided that use cases should be developed to facilitate communication of the concepts discussed in the Futures document. The group also decided to solicit input about the document so that it clearly communicates WG members’ comments and thoughts. The group desires to share the Futures document with vendors.
The group discussed the possibility of an additional document discussing policy enforcement at different network layers. This document will be developed once the Future document is complete.

The next call is Thursday, April 14, 2005 at 12:00 PM ET. An agenda with the call in number will be sent out to the WG via the list prior to the call.