SALSA NetAuth Conference Call July 7, 2005
*Action Items*
New
[AI] {Chris} will review carry over action items and remove completed
and obsolete action items from the list.
[AI] {Chris} will put together a few slides describing intersection
points between SALSA NetAuth and SALSA NetAuth-FWNA.
[AI] {SteveO} will send the revised Internet2 document guidelines to
the group via the list.
[AI] {Kevin, Eric and Chris} will add text to the Architecture
document and republish the document as draft 4, ensuring conformance
with the newly released Internet2 document guidelines.
Carry Over
[AI] {Chris} will send the list of vendor questions developed by the WG
during this call to the group via the list.
[AI] {Chris} will arrange vendor discussions for a subsequent call.
[AI] {Chris} will contact Bob Morgan to discuss whether there may be
IETF activities that would be open to or in alignment with NetAuth
efforts.
[AI] {Chris} will post message to the NetAuth and FWNA lists soliciting
volunteers to develop an outline of issues for NetAuth in a federated
environment.
[AI] {Chris} will solicit from the WG contributions about NetAuth
vendor solutions currently being used.
[AI] {Individuals} will send in case studies for potential use in the
Strategies document.
*Participants*
Chris Misra, University of Massachusetts (chair)
Kevin Miller, Duke University
Rich Cropp, Penn State University
Wes Young, University of Buffalo
Kevin Amorin, Harvard University
Tony Genovese, ESnet
Klaas Wierenga., SURFnet
Eric Gauthier, Boston University
Terrie Clark, Internet2 (scribe)
Lisa Hogeboom, Internet2
Steve Olshansky, Internet2
*Discussion*
The ResNet 2005 conference was held in June, 2005 at Georgia
Institution of Technology. The conference was well attended. Some
sessions focused on NetAuth activities. Georgia Institute of
Technology’s presentation provided some good ideas about administrative
Graphical User Interfaces. Conference info at
http://resnet2005.gatech.edu/
A Joint Techs workshop will be held in Vancouver, British Columbia from
July 17 – 21, 2005. The efforts of the SALSA, including those of the
NetAuth FWNA working group, will be of interest to attendees and will
be presented at the workshop. For info on Joint Techs see
http://jointtechs.es.net/Vancouver20051.htm. It is possible that this
will be an appropriate forum for a face-to-face discussion with network
architects and engineers about the NetAuth WG’s Strategies and
Architecture documents.
The Call for Participation for the Fall 2005 Internet2 Member Meeting,
scheduled for September 19 - 22 in Philadelphia, PA is now available
for response at:http://events.internet2.edu/2005/fall-mm/calls.cfm. The
call for proposal’s deadline has been extended to July 8, 2005. The
SALSA NetAuth WG has requested a working group session for the meeting
The “NetAuth Architecture for Automating Network Policy Enforcement
(Futures Document)” has been revised. Since institutional and site
policies vary widely, the group decided to revise the document to
reflect user device compliance as fitting into a range of policy
classes. Devices in isolation, targeted for remediation or having
limited connectivity, are considered non-compliant. The revisions also
accommodate institutions where compliance and non-compliance are
enforced by connectivity, for example, a compliant device is connected
to the network and a non- compliant device is either disconnected from
a network session or is denied access to the network. Compliance
policies will also consider roles and network access with respect to
those roles. E.g. a compliant guest’s level of network access may
differ from a compliant network manager’s level of access.
In the future the group desires to address the end user experience with
respect to policy compliance. How will a non-compliant user be notified
of their device’s non-compliance? How will an end user be notified of a
potential remediation? Is notification of either remediation or
isolation required? The group decided that the Architecture document
should be revised to more completely define notification, isolation and
remediation. Once these revisions have been made, then draft four of
the Architecture document will be more widely vetted. Subsequently, the
upcoming Components document will address solutions including vendor
solutions for isolation, remediation and notification.
The group decided to modify the Architecture document to comply with
the Internet2 document standards and to include a copyright notice in
the document.
The group will discuss applying the Architecture document to a
federated environment on the next call. The document is not designed to
provide an immediate solution to NetAuth in a federated environment,
however, the group agrees that the document should not be designed to
preclude any NetAuth developments for a federated environment.
The next call is Thursday, July 21, 2005 at 12:00 PM EDT. An agenda
with the call in number will be sent out to the WG via the list prior
to the call.