eduroam-as-a-service

Slides:

Advertisements

Similar presentations

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Advertisements

Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.

The project plan. December 16, Agenda The project plan –Risks –Language decision –Schedule –Quality plan –Testing –Documentation Program architecture.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Configuring Active Directory Certificate Services Lesson 13.

WP3 Semivirtual Campus Progress Report Petr Grygarek VSB-CZ.

Catlyn Colson. Recap of Previously Completed Work Previously I had done the following: Built the Database, started basic layout of the webpage, connected.

Module 8 Configuring and Securing SharePoint Services and Service Applications.

Assuring e-Trust always 1 Status of the Validation and Authentication service for TACAR and Grids.

Software Engineering Project: Research Expert Prabhavathi Kumarasamy Joshua Thompson Paul Varcholik University of Central Florida.

1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)

ArcGIS Server and Portal for ArcGIS An Introduction to Security

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Windows 2000 Certificate Authority By Saunders Roesser.

KFKI RMKI CA Review EUGridPMA May 26-28, Copenhagen Szabolcs Hernáth MTA KFKI RMKI pki.kfki.hu.

GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.

HSPcomplete Advanced Q&A Alex Blinov, title Dennis Sherbakov, title Tuesday, May 8, 2007.

Portal Update Plan Ashok Adiga (512)

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.

Daniele Spiga PerugiaCMS Italia 14 Feb ’07 Napoli1 CRAB status and next evolution Daniele Spiga University & INFN Perugia On behalf of CRAB Team.

Scheduler CSE 403 Project SDS Presentation. What is our project? We are building a web application to manage user’s time online User comes to our webpage.

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

Easy 802.1X Onboarding with EAPConfig files and Supplicant Configuration Automatic Discovery (SCAD) Gareth Ayres (Speaker) Stefan.

Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.

Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.

Federated Access to Storage EGI CF 2012 Luke Howard, Daniel Kouril, Michal Prochazka.

Testing and delivery Web design principles. Web development is software development.

Timeline – Standards & Requirements

eduroam Managed IdP - Roadmap

Global Search: An Introduction and Administrator Perspective

JRA3-T4 eduroam development - plan Stefan Winter Task Leader JRA3-T4

Presented By: Scott Dickman

OGF PGI – EDGI Security Use Case and Requirements

Overall Roadmap and Timeline

Module Overview Installing and Configuring a Network Policy Server

UVOS and VOMS differences

Timeline - ATIS Involvement

SOFTWARE TESTING OVERVIEW

eduTEAMS Roadmap and Timeline,

CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi

DCR ARB Presentation Team 5: Tour Conductor.

Cloud Management Mechanisms

Software Testing With Testopia

Secure communication among services

HEPiX Fall 2017 CERN project Follow-up

Timeline - ATIS Involvement

Windows Server 2012 missing WMVCore dll

The New Virtual Organization Membership Service (VOMS)

Thursday pilot session: 7-minutes

Ohio Web Portal Ohio Edison, Illuminating Company, Toledo Edison

Status of CO2 Cooling tests at CERN for Pixel phase 1

Yearly Maintenance Process (for existing messages)

NTC 328 Great Wisdom/tutorialrank.com. NTC 328 All Assignments For more course tutorials visit NTC 328 Assignment Week 1 Practice.

MyAPNIC v.1.0 Launching Presentation APNIC-14 Open Policy Meeting

Welcome Traceability Software Integrators

Certificate Revocation

Status Report #5 LYRA The Remote Accessible Automated Camera Stand

Sophos Endpoint Detection and Response Early Access Program

2017 Advantage Program Timeline Guide

System Center Configuration Manager Cloud Services – Cloud Distribution Point Presented By: Ginu Tausif.

Setting up eduroam for an IdP means …

Summary The “New Endpoint Protection Features” and “New Server Protection Features” Early Access Programs are adding AMSI Protection and Malicious Network.

Status Update: Enterprise Unemployment Insurance System and Other Workforce Initiatives Presented to Project Certification Committee New Mexico Department.

Presentation transcript:

eduroam-as-a-service Roadmap Stefan Winter Task Leader GN4-2 JRA3-T4 R&D Engineer, RESTENA Foundation Last update: 02 nov 2016

Overall product development timeline Overall system design specified – DONE Implement first prototype – ONGOING finalize first prototype for the service – Dec 2016 [COMMITED] launch pilot for the service – Jan 2017 [COMMITED] -> functional except credential revocation; preliminary UI; see “Pilot Features” stop the pilot – May 2017 [PLANNED] eaas beta version – June 2017 [PLANNED] -> fully functional, near-final UIs; see “Beta Features” eaas v1.0 – July 2017 [PLANNED] documentation and acceptance testing – Sep 2017 [POSSIBILITY] service launch and handover to production – Oct 2017 [POSSIBILITY]

Pilot Features (1) – JAN 2017 NRO Administrator interface Functionality: FINISHED NRO can mark a future IdP as eligible for the service Invitations for IdP management are sent to the designated IdP administrators Issued invitation tokens can be consumed, IdP created and activated Designated IdP admin can use IdP user provisioning interface, below User Interface: PRELIMINARY will need polishing IdP user provisioning interface Functionality: 80% FINISHED IdP admin can log into the system Can add and remove users Can issue new vouchers Can NOT revoke issued credentials yet (button exists, without function) Will need polishing

Pilot Features (2) – JAN 2017 End-user interface Functionality: 90% FINISHED Provisioning Able to consume vouchers Detect operating system of end user Creates customised installer based on voucher validity and operating system Possible limitation: installers not yet ready for some operating systems Status Page Able to inform user about status of his account, based on voucher code or client cert Possible limitation: … „based on client cert“ possibly not functional yet User Interface: PRELIMINARY will need polishing Certification Authority for client certificates 50% FINISHED PHP-based stub implementation of CA signatures Unable to handle revocation

Pilot Features (3) – JAN 2017 RADIUS server implementation OCSP server IdP part (account validation) – 90% FINISHED EAP-TLS termination point for @*.hosted.eduroam.org Presents per-NRO server certificate Validates client certificates against root and (stub) intermediate Does not verify revocation status with OCSP yet SP part (on-site proxy) – 50% FINISHED Basic functionality available Recommended features as per eduroam Service Definition may not be fully implemented yet OCSP server Not in place yet due to missing revocation functionality

Beta Features (1) – JUNE 2017 NRO Administrator interface Functionality: FINISHED NRO can mark a future IdP as eligible for the service Invitations for IdP management are sent to the designated IdP administrators Issued invitation tokens can be consumed, IdP created and activated Designated IdP admin can use IdP user provisioning interface, below User Interface: FINISHED Following input and consensus from pilot testers IdP user provisioning interface IdP admin can log into the system Can add and remove users Can issue new vouchers Revocation working (button functional)

Beta Features (2) – JUNE 2017 End-user interface Functionality: FINISHED Provisioning Able to consume vouchers Detect operating system of end user Creates customised installer based on voucher validity and operating system installers available for all supported operating systems (pending OS bugs preventing actual use) Status Page Able to inform user about status of his account, based on voucher code or client cert Possible limitation: … „based on client cert“ possibly not functional yet User Interface: FINISHED Following input and consensus from pilot testers Certification Authority for client certificates FINISHED CA operation moved to dedicated VM with HSM Regulary issues OCSP revocation status responses Sends OCSP status responses to OCSP server for public consumtion

Beta Features (3) – JUNE 2017 RADIUS server implementation IdP part (account validation) – FINISHED EAP-TLS termination point for @*.hosted.eduroam.org Presents per-NRO server certificate Validates client certificates against root and HSM-based intermediate Checks revocation status against OCSP server SP part (on-site proxy) – FINISHED Basic functionality available Recommended features as per eduroam Service Definition implemented OCSP server FINISHED Two worker VMs and load-balancing front-end deployed simplistic web server to hand out OCSP responses (low load)

Stefan Winter <stefan.winter@restena.lu>