1 RESTENA Foundation TF-MNM 16 feb 2011 eduroam “next gen” Stefan Winter -

Slides:

Advertisements

Similar presentations

INFN CA1 active since July manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.

Advertisements

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

SAFE Implementation Toolkit How to use it. Implementation toolkit Overview Log-in Contents Search Toolkit Use Log-out.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Extending the Discovery Environment: Tool Integration and Customization.

Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

CONNECT: Install Webinar for Code-A-Thon April 20th, 2010.

Community Services WI TF-EMC2 VC Meeting 29 June, 2011 Licia Florio

CONNECT: Install Webinar for Code-A-Thon September 7 th, 2010.

Leveraging ArcGIS Online Elevation and Hydrology Services

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

CONNECT: Install Webinar for Code-A-Thon April 22nd, 2010.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.

Connect. Communicate. Collaborate Place your organisation logo in this area The PERT – Evolution from a Centralised to a Federated Organization Toby Rodwell.

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.

High-quality Internet for higher education and research TF-Mobility, Zagreb, 2 February 2006 eduroam-ng architecture Test results and way forward

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

Thomas Deml Principal Program Manager Microsoft Corporation SESSION CODE: WSV317.

Discovery Environment Tool Integration High Level Overview.

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

Strategy Summary Steering Committee. Discussion Discussion around and adoption –Sharing test results –Shorten deployment time –Build use cases.

0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.

Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010

Extending the Discovery Environment: Tool Integration and Customization.

INFSO-RI Enabling Grids for E-sciencE NPM Security Alistair K Phipps (NeSC) JRA4 Face To Face, CERN, Geneva.

Easy 802.1X Onboarding with EAPConfig files and Supplicant Configuration Automatic Discovery (SCAD) Gareth Ayres (Speaker) Stefan.

FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

| Presenters: Chris Phillips – CANARIE, Canada Stefan Winter – RESTENA, Luxembourg Looking into the Future:

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

7/8/2016 OAF Jean-Jacques Gras Stephen Jackson Blazej Kolad 1.

Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.

eduroam-as-a-service

OASIS Next Generation Project Summary

Accessing the VI-SEEM infrastructure

Integration with External Applications: General View

Jens Jensen EU Grid PMA, Berlin Jan 2015

Applying eduGAIN to network operations The perfSONAR case

Essentials of UrbanCode Deploy v6.1 QQ147

JRA3-T4 eduroam development - plan Stefan Winter Task Leader JRA3-T4

Mechanisms of Interfederation

Federation made simple

AEGIS Certification Authority

eduTEAMS Roadmap and Timeline,

University of Stuttgart University of Murcia

UGRID CA Sergii Stirenko, Oleg Alienin

Identity Federations - Overview

Ian Bird GDB Meeting CERN 9 September 2003

Tweaking the Certificate Lifecycle for the UK eScience CA

Organized by governmental sector (National Institute　of information )

RESTENA Foundation TF-MNM 16 feb 2011

Development and Deployment with WSGI in Django

AARC2 JRA1 Nicolas Liampotis

11/9/2018 9:03 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

What’s changed in the Shibboleth 1.2 Origin

Health Ingenuity Exchange - HingX

Department of Licensing HP 3000 Replatforming Project Closeout Report

Introduction to VSTS Database Professional

Leveraging ArcGIS Online Elevation and Hydrology Services

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

1 RESTENA Foundation TF-MNM 16 feb 2011 eduroam “next gen” Stefan Winter -

2 Deliverables DJ3.1.2,1 about to be published  hidden somewhere deep in the bowels of the GN3 review process  Summary report about JRA3-T1 actions in the first 18 months of the project (Sep 2010)  Will announce to TF-MNM as soon as published Current work will be reported on in DJ3.1.2,2

3 RADIUS/TLS A PKI PMA, CA and RA have been established  Any CA can apply for being accredited to issue “eduroam Trust Profile” certificates  The CA will be assessed by eduPKI PMA  To get started, one CA has been created as a “catch-all” for eduroam participants (mostly FLR level)  This CA uses the eduroam database to check authorisation (FILL. YOUR. DATA. IN. NOW!!!)  We are already issuing certificates.

4 How to use? Radiator  Product is ready  Full template configuration is being prepared on the “new cookbook” wiki  Caveat: needs Net::SSLeay 1.37 – which isn't released yet; would need to use SVN code :-( radsecproxy  Dynamic discovery needs love  Rest is ready  Config template will also go into cookbook

5 When is.edu not a problem any more? When all FLRs which host a.edu domain have RADIUS/TLS + all.edu domains have set a NAPTR record for eduroam  Then the domains can announce their authoritative FLR via DNS  And TLRs can have a separate Handler for.edu: AuthBy DNSROAM  That way, all.edu request are DNS-discovered either by an FLR or by the TLR Need to get eduroam Trust Profile certificates to U.S. and other non-EUs

6 eduroam Trust Profile PKI “One Sentence” Policy  (paraphrased) A conforming CA will only issue certificates with the policy OID ….foo.1 for authorised eduroam IdP ….foo.2 for authorised eduroam SP  Proxy servers are IdP+SP A well-managed CA would need to put authorisation checks in place which ensure the above.

7 GN3 Year 3 Generic description of work in the “Technical Annex” One (hopefully) particularly interesting project:  Assemble IdP settings in eduroam DB  Create scripted installers for all these IdPs  Hassle-free supplicant deployment for all!  These installers could even be signed for platforms which think they need that  Potential to save thousands of work hours for IdPs and as added “sales” argument for eduroam