1. Agenda bashing

2. E2ED Early Adopter Focus Group Identification Process
a. Target identification
Chas opened discussion raising the question who we could get as soon as possible for interviewing and that we need to get an action plan in place. Russ suggested that we should be able to involvement from UC-Berkeley, UC-Irvine, and UC-Riverside. Chas asked if Russ thought we could get an action plan to get things setup quickly? Russ said he thought so. Mark pointed out that it makes sense to follows up with Cliff Rost just in case he wants to include anyone else. Chas then talked about dividing up scheduling in order to get things done quicker.

b. Participation identification
Chas described the setup for each of the sessions. That the players would include a facilitator, a scribe, the interviewees and other people in back channel. We'll have experts in back channel for networks (Russ or Matt), security (Charles Yun or Mark), applications / systems (Mark).

c. Scheduling
Chas suggested that he and Russ will work out of band on the scheduling.

3. EDDY Progress

Chas said there has been good progress on EDDY. They have solidified the base framework and are now producing Common Event Records (CER's) on high rate networks.

Two things:
1) There is one CER for flow records. If you put a flow probe on the wire it will produce records of flows. Now they're able take raw CER and transform it and make it more useful for analysis.
 
2) The groups. The CMU security group plans to feed their intrusion detection system with this output. They are a little behind. The Dragnet folks at CMU Computer Science are looking at studying intrusion and other security anomalies. They're excited about the possibilities of having real time access to anonymous flow records as well as other EDDY sources.

Four development machines and Eddy production machines will be on online this week to work with the Dragnet folks in order to build stub for anonymization. They don't want researchers to be able to infer any information from this. JAVA will be used in the anonymization process.

Chas is also working closely with the CMU Architecture School. The area of interest is having various remote sensors with IP gateways to monitor things like temperature, building security, luminescence (light levels), and other environmental conditions. They are implementing EDDY in their environment with grad student so that environmental events will extend the CER set.

Chas then briefly mentioned other activates that will be coming soon. They are planning to hire work study student for summer and a part time developer for visualization to dove tail Dragnet into EDDY for Internet2 Spring Member Meeting.

Chas said that there has been good progress on EDDY and that he hopes to begin distribution to other groups in the near future. Hopefully by the Internet2 Fall Member Meeting there will be a package in place for others to work with.

Mark asked if there was a plan to go back to other collaborators or other outreach. Chas said not right now. He said let's complete the focus groups and get EDDY running. Then we should re-visit the other groups. Chas said that he will be visiting Penn State Univ in May to talk with the Shibboleth folks again. The Penn State folks would like to take Shibboleth and Apache servers records and do some forensics on them.

The meeting concluded.