Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.

Slides:



Advertisements
Similar presentations
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.
Advertisements

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary Status Report IDS Working Group August 4, 2010 Bagsværd, Denmark- PWG F2F Meeting.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary and IDS WG TCG Activity Summary August 2010 Bagsvaerd, Denmark – PWG Meeting.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 10 June 2010 Rochester, NY – PWG F2F Meeting Ira McDonald.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 7 April 2010 Camas, WA – PWG F2F Meeting Ira McDonald (High.
1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary May 2011 Webster, NY – PWG Meeting Ira McDonald (High North.
TCG Confidential Copyright© 2007 Trusted Computing Group. Picture Copyright© Jyrki Kallinen, Nokia. - Other names and brands are properties of their respective.
MExE - SMG4/3GPP T2 SWG1 - April Mobile Station Application Execution Environment (MExE) Java and WAP ETSI/SMG4 and 3GPP.
Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
High Performance Computing Course Notes Grid Computing.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
A SOLUTION: 2X REMOTE APPLICATION SERVER. 2X REMOTE APPLICATION SERVER.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.
5th Edition, Irv Englander
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
Starfish/Motorola Confidential 1 September 8, 2015 Starfish/Motorola Confidental Overview Starfish Software, Inc. Bob Koche (Ko-chee) Director of Partner.
Network Access Control for Education
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.
Disaster Management - Open Platform for Emergency Networks (DM OPEN)‏ Introduction to the Interoperability Environment.
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
Shibboleth: An Introduction
Lecture 24 Wireless Network Security
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:
Connect. Communicate. Collaborate Universität Stuttgart A Client Middleware for Token- Based Unified Single Sign On to eduGAIN Sascha Neinert, University.
CLOUD COMPUTING. What is cloud computing ??? What is cloud computing ??? Cloud computing is a general term for anything that involves delivering hosted.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Network Access Control
DICE: Authorizing Dynamic Networks for VOs Jeff W. Boote Senior Network Software Engineer, Internet2 Cándido Rodríguez Montes RedIRIS TNC2009 Malaga, Spain.
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Managing Network Threat Information  Giri Raichur, Network Services.
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
Servelite - Complete IT Solutions. Servelite IT solutions specialize in providing Home solutions and Business solutions. We focus upon delivering quality.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Office 365 Upsell Paths.
Systems Analysis and Design
Access Policy - Federation March 23, 2016
5th Edition, Irv Englander
Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.
Data and Applications Security Developments and Directions
European AFS & Kerberos Conference 2010
Cryptography and Network Security Chapter 16
University of Technology
TCG’s Embedded System and IoT Focus
draft-fitzgeraldmckay-sacm-endpointcompliance-00
The DAMe’s First Steps: eduroam and NAS-SAML
Systems Analysis and Design
Tim Bornholtz Director of Technology Services
The Anatomy and The Physiology of the Grid
Presentation transcript:

Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.

Trusted Computing Group Confidential What is the Trusted Computing Group?

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #3 Who is TCG? The Trusted Computing Group (TCG) is an international industry standards group The TCG develops specifications amongst it members  Upon completion, the TCG publishes the specifications  Anyone may use the specifications once they are published The TCG publicizes the specifications and uses membership implementations as examples of the use of TCG Technology The TCG is organized into a work group model whereby experts from each technology category can work together to develop the specifications  This fosters a neutral environment where competitors and collaborators can develop industry best capabilities that are vendor neutral and interoperable

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #4 TCG: Standards for Trusted Systems Mobile Phones Authentication Storage Applications Software Stack Operating Systems Web Services Authentication Data Protection Infrastructure Servers Desktops & Notebooks Security Hardware Network Security Printers & Hardcopy Virtualized Platform

Trusted Computing Group Confidential What is Trusted Network Connect?

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #6 TNC Architecture

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #7 TNC status  TNC standards-based products are available  TNC-enabled solutions have been implemented by customers  The number of TNC adopters (vendor and client) continue to grow  TNC-based IETF standards (NEA) expected to reach RFC status in 2009

Trusted Computing Group Confidential What is Federated TNC?

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #9 Some history, and acknowledgements  Federated TNC builds on previous work  The GN2 JRA5 ‘DAMe’ project  The Internet2 RADIUS-SAML profile

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #10 Conceptual model

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #11 What does it specify?  Network Assessment Profile  Assess an endpoint as it connects to an IEEE 802.1X protected network.  Web Assessment Profile  Assess an endpoint as it connects to a SAML protected web application.  SAML Attribute Profile  Defines how TNC attributes can be expressed as SAML attributes.  SAML Name Identifier Formats  Defines Name Identifier formats for NAIs and MAC addresses.

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #12 The Assessment Profiles  Both profiles use a common message exchange pattern  For SAML 1.1, uses the Shibboleth Attribute Exchange Profile.  For SAML 2.0, uses the Assertion Query/Request Profile.  Both profile support the request of attributes about endpoints and users.  “Is the firewall on this machine turned on?”  “Is the user who authenticated using this computer a student?”

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #13 Network Assessment Profile

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #14 Web Assessment Profile

Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #15 Conclusions  Federated TNC provides a mechanism to represent and transport information about users and machines between domains.  Federated TNC should be compatible with IETF NEA standards.  Technology was tricky; policy will be harder.  Specification available from the TCG website: 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.