Minutes: SALSA NetAuth call 5-Jan-06

*Attendees*

Chris Misra, University of Massachusetts (chair)
Kevin Amorin, Harvard University
Rich Cropp, Penn State University
Eric Gauthier, Boston University
John Moore, University of Pennsylvania
Renee Frost, Internet2
Lynn Little, Internet2
Steve Olshansky, Internet2
Katherine Strojny, Internet2 (scribe)

*Action Items*

New: [AI] {SteveO} will coordinate offline discussion toward organizing security sessions for the spring Internet2 Member Meeting.

[AI] The following individuals volunteered to write case studies, with a soft deadline of March 30:
- {Chris Misra}: Layer 2 & 3 isolation using NetReg and a homegrown switching system
- {John Moore}: Lockdown Networks and VLAN switching
- {Kevin Amorin}: ARP manipulation and VLANs

[AI] People are sought who can draft case studies for Bradford or Cisco Clean Access. If anyone knows of candidates, please contact Chris.

[AI] {Kevin Amorin} volunteered to set up a secondary wiki with open access.

[AI] {Chris and SteveO} will work with EDUCAUSE to see that the case study work can be fit into the Effective Practices Guide.

Carry Over:

[AI] {Individuals} are requested to send in case studies for potential use in NetAuth documents. [Renewed]

[AI] {Group} Proposals for the Internet2 spring member meeting are due 20-Jan-06. Chris invites anyone with suggested topics to contact him about putting together a proposal.

[AI] {Dave Futey} will send the group a revision of the ResNet survey when it's available.

[AI] When the ResNet survey goes live, {Chris} will post a notice to the list in order to encourage participation.

[AI] {SteveO} and {Chris} will work offline towards providing a means for public input on the wiki.

[AI] {Group} will take a look at the wiki and start populating useful links for components-related content, toward developing a repository of useful information and understanding the solution space better.

[AI] {Group} will delegate liaisons for TNC and NAC.

[AI] Chris will coordinate with the Effective Practices Guide working group at EDUCAUSE for anything this group can provide, such as written material or resources, as they revise the guide.

[AI] {SteveO} will add a new section to the NetAuth website for "Related Work" and will solicit suggestions for content from the list.

[AI] {Kevin Amorin} will send information to the list about EAP (Extensible Authentication Protocol) activity currently underway in IETF.

[AI] {Individuals} who look into the IETF Distributed Security (distsec) mailing list are requested to provide feedback to the group on whether the activities are of interest to this group. To join the list, refer to the following link: https://www.machshav.com/mailman/listinfo.cgi/distsec

[AI] {Chris} and {SteveO} will send a note to the WG via the list soliciting suggestions for the future direction of the WG.

[AI] {Chris} will put together a few slides describing intersection points between SALSA NetAuth and SALSA NetAuth-FWNA.

[AI] {Chris} will send the list of vendor questions developed by the WG during this call to the group via the list. This will move forward in collaboration with the effective practice group at EDUCAUSE.

[AI] {Chris} will arrange vendor discussions for a subsequent call.

[AI] {Chris} will post messages to the NetAuth and FWNA lists soliciting volunteers to develop an outline of issues for NetAuth in a federated environment.

[AI] {Chris} will solicit from the WG contributions about NetAuth vendor solutions currently being used.

*Discussion*

Intellectual Property Reminder:
The Internet2 intellectual property policy can be found here: http://members.internet2.edu/intellectualproperty.html

Agenda included discussion of action items, upcoming meetings, wiki plans, and the group's focus for the new year.

Chris reviewed action items and reminded the group that proposals are due Jan 20 for the spring Internet2 Member Meeting. [AI] {SteveO} will organize offline discussion toward putting together security sessions for the spring Internet2 Member Meeting. The group decided to leave DISTSEC as an ongoing action item, though members who are monitoring the list have not seen recent activity. The remaining items stand as well. The case study action item gained renewed focus, as discussed later in the meeting.

A quick reminder was given for upcoming events, which were covered in more detail during prior calls:
- NERCOMP SIG February 7, 2006 at U. Mass. (Amherst):
http://www.nercomp.org/sigs/0506/020706Network/NetworkSched.html
- Security Professionals conference April 10-12, 2006 in Denver:
http://www.educause.edu/sec06

Renee also noted the upcoming Enterprise 2006, which is an EDUCAUSE conference focused on enterprise technology. Enterprise 2006 will take place May 24-25 in Chicago.
http://www.educause.edu/ent06

Chris opened a discussion of where the group's efforts should best be spent in the new year. The group agreed that drafting a collection of general case studies covering various technologies would benefit institutions as they try to address network registration needs.

[AI] The following individuals volunteered to write case studies for network registration, with a soft deadline of March 30:
- {Chris Misra}: Layer 2/3 isolation using NetReg and a homegrown switching system
- {John Moore}: Lockdown Networks and VLAN switching
- {Kevin Amorin}: ARP manipulation and VLANs

The group also agreed that to be complete, the collection should include case studies for Bradford Networks and for Cisco Clean Access. [AI] If anyone knows of candidates who can assist with Bradford or Clean Access case studies, please contact Chris. In addition, if anyone has other case studies they'd like to draft, covering technologies that may or may not overlap with the list above, multiple perspectives are valuable.

Possible lengths and formats for the case studies were discussed. The conclusion was that case study authors should to do whatever makes sense, and the format and length can be adjusted later if necessary. Since implementation details frequently change, it was agreed that a high-level "technology how-to" approach would be more helpful than a detailed "implementation how-to". If authors include an overview, it would be well-received. If the material this group develops becomes broadly applicable, and if anyone is interested in presenting the work at upcoming EDUCAUSE regional conferences in order to develop interest, let Chris Misra know. The call is still open for the EDUCAUSE southeast regional approaching in June (Atlanta).

The group discussed how the wiki could be used to support the case study work, for instance by linking to available packages. There is still a concern about password protection preventing the public from contributing to the current wiki. [AI] Kevin volunteered to work on a secondary wiki to alleviate the concern, and he will address spam issues. Steve reported that plans for an Internet2-provisioned wiki continue to develop. Confluence is likely to be the product selected, though this choice is not finalized.

The group agreed to put the components document on hold and focus efforts on the wiki and on case studies, use studies, and effective practices. [AI] {Chris and SteveO} will work with EDUCAUSE (Joe, Gary, Rodney) to see that the case study work can be fit into the Effective Practices Guide.

The next call will take place in two weeks, on 19-Jan-06. Agenda and bridge will go out to the list in advance of the call.