SALSA NetAuth call 8-Dec-05

Minutes: SALSA NetAuth call 8-Dec-05

*Attendees*

Chris Misra, University of Massachusetts (chair)
Eric Gauthier, Boston University
Kevin Amorin, Harvard University
Rich Cropp, Penn State University
Robert Lowe, Lawrence University
Rodney Peterson, EDUCAUSE
Clifton Pee, Asuza Pacific University
Dave Futey, Stanford University
Renee Frost, Internet2
Lisa Hogeboom, Internet2
Lynn Little, Internet2
Steve Olshansky, Internet2
Charles Yun, Internet2
Katherine Strojny, Internet2 (scribe)

*Action Items*

New:

[AI] {Group} Proposals for the Internet2 spring member meeting are due 20-Jan-06. Chris invites anyone with suggested topics to contact him about putting together a proposal.

[AI] {Dave Futey} will send the group a revision of the ResNet survey when it's available.

[AI] When the ResNet survey goes live, {Chris} will post a notice to the list in order to encourage participation.

Carry over:

[AI] {SteveO} and {Chris} will work offline towards providing a means for public input on the wiki.

[AI] {Group} will take a look at the wiki and start populating useful links for components-related content, toward developing a repository of useful information and understanding the solution space better.

[AI] {Group} will delegate liaisons for TNC and NAC.

[AI] Chris will coordinate with the Effective Practices Guide working group at EDUCAUSE for anything this group can provide, such as written material or resources, as they revise the guide.

[AI] {SteveO} will add a new section to the NetAuth website for "Related Work" and will solicit suggestions for content from the list.

[AI] {Kevin Amorin} will send information to the list about EAP (Extensible Authentication Protocol) activity currently underway in IETF.

[AI] {Individuals} who look into the IETF Distributed Security
(distsec) mailing list are requested to provide feedback to the group on whether the activities are of interest to this group. To join the list, refer to the following link: https://www.machshav.com/mailman/listinfo.cgi/distsec

[AI] {Chris} and {SteveO} will send a note to the WG via the list soliciting suggestions for the future direction of the WG.

[AI] {Chris} will put together a few slides describing intersection points between SALSA NetAuth and SALSA NetAuth-FWNA.

[AI] {Chris} will send the list of vendor questions developed by the WG during this call to the group via the list. This will move forward in collaboration with the effective practice group at EDUCAUSE.

[AI] {Chris} will arrange vendor discussions for a subsequent call.

[AI] {Chris} will post messages to the NetAuth and FWNA lists soliciting volunteers to develop an outline of issues for NetAuth in a federated environment.

[AI] {Chris} will solicit from the WG contributions about NetAuth vendor solutions currently being used.

[AI] {Individuals} will send in case studies for potential use in the Strategies document.

*Discussion*

Intellectual Property Reminder:
The Internet2 intellectual property policy can be found here:
       http://members.internet2.edu/intellectualproperty.html

Agenda items included an update on upcoming meetings, a discussion of a ResNet survey in development, and updates on NetAuth documents and the Effective Practice Guide.

The group reviewed completed action items. Chris has posted information to the list about the upcoming NERCOMP SIG, and the link to the new SALSA-NetAuth wiki has been added to the NetAuth web page, under the "Links - Technical" section:
     http://security.internet2.edu/netauth/

Upcoming Events

Rodney provided an update on the annual Security Professionals Conference sponsored by EDUCAUSE/Internet2. The call for proposals just finished, and Rodney reported an excellent turnout. The committee will narrow the proposals down to 30-36 sessions. The announcement of the sessions as well as registration will take place around the second week in January. The conference will be held April 10-12, 2006 in Denver. Monday will be a full day consisting of seminars and half- and full-day tutorials. Chris and Kevin will run a half-day session on network registration issues and automated policy enforcement. There will also be an afternoon workshop on ethical hacking. The conference starts Tuesday with an opening keynote from an agent in the Federal Bureau of Investigation cybercrimes area who has worked with colleges and universities, speaking on legal issues of cybercrime as well as government initiatives. The conference ends at noon Wednesday with a closing keynote from Andrea Hoy, a CISO who runs cybersecurity bootcamps. There will be a post-conference seminar on incident handling and collaboration tools, running Wednesday afternoon and Thursday morning. For the latest information, see the following link:
     http://www.educause.edu/sec06

A NERCOMP SIG meeting will be held February 7, 2006, at U. Mass. in Amherst, with a topic of Automated Network Policy Enforcement. Chris posted information to the list, and the latest can be found as a link from the NERCOMP SIG calendar:
     http://www.nercomp.org/calendar.html

[AI] Renee reminded the {group} that proposals for the spring Internet2 Member Meeting are due January 20. If anyone is interested in presenting something that ties in with this group, contact Chris about putting together a proposal.

The next Joint Techs workshop will take place February 5-8 in Albuquerque, New Mexico:
     http://jointtechs.es.net/newmexico2006/

ResNet Survey

Dave Futey (Assoc. Dir. of Academic Computing at Stanford and Chair of
ResNet) lead the discussion on an upcoming ResNet security survey. Dave reported that a 2004 ResNet survey has identified security as #1 on the list of future challenges faced by the 224 institutions surveyed. Consequently, the ResNet organizations will be developing two smaller surveys for the ResNet community, one focusing on security and the other on entertainment services (which ties into security). Dave had sent the group a document listing the proposed questions on the upcoming security survey. The group provided feedback on the existing questions as well as suggesting additional questions covering areas such as wireless access points, multicast, filtering, anti-spyware, and best practices.

[AI] The group expressed interest in seeing a revision, so {Dave Futey} will send the group the revised ResNet survey once feedback has been incorporated. [AI] When the ResNet survey goes live, {Chris} will post a notice to the list in order to encourage participation.

NetAuth Documents and Effective Practices Guide

The NetAuth documents are currently in a wait state and will probably pick up speed in January. The documents will likely be re-tooled to serve as integration aids, addressing the questions: what components are available, how do we integrate with NAC/TNC/NAP, and how do we glue our components together.

Rodney reported that brainstorming is currently underway on the next generation Effective Practices Guide. The biggest challenge they face is getting case studies and campus scenarios into the guide, without the scenarios getting out of date.

The call that would have taken place 22-Dec-05 is cancelled. The next scheduled call will take place in four weeks, on 8-Jan-06. Agenda and bridge will go out to the list in advance of the call.