6/9/2000 poepping@cmu.edu 2

IBM Transarc OpenAFS

http://www.transarc.com/News/press/opensource.html

OpenAFS Board Kickoff meeting end of October Members still being settled

Laura Stentz IBM-Transarc Craig Everhart IBM-Transarc Peter Honeyman Umich Ted McCabe MIT Derrick Brashear CMU Commercial customer nominations under consideration

6/9/2000 poepping@cmu.edu 3

6/9/2000 poepping@cmu.edu 4

Drop In connections

Authorized Access to the NetUser interface issues Which authn to present? Pre-authz access (to get authn)?

6/9/2000 poepping@cmu.edu 5

Wireless Access Control

Layer 1 - Network name or WEP keys Scale a secret to 10,000 people?

Layer 2 - MAC-based filtering Policy applied by AP Manage the list – where? MAC address is spoof-able

6/9/2000 poepping@cmu.edu 6

Ethernet Access Control

PPPOE (EAPOE) Tunneling over bridged Ethernet Dialup client interface RFC2516 - http://www.ietf.org/rfc/rfc2516.txt

802.1x (EAPOL) Port-based (association-based) access control Requires system and device support Dynamic session key management EAP (RFC2284 - www.ietf.org/rfc/rfc2284.txt) Some connectivity before authentication http://grouper.ieee.org/groups/802/1

6/9/2000 poepping@cmu.edu 7

IP Access Control

DHCP based on MAC registration IP addresses can be stolen, MAC is

spoof-able

Authenticated DHCPwww.ietf.org/internet-drafts/draft-ietf-dhc-authentication-12.txt

Gating function VPN technology (one-hop) ‘Firewall’ for external access