EDUROAM Michael Helm ESnet/LBL 26 Mar 2006. EduroamTAGPMA 27 Mar 20062 What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Joining eduroam Wireless Roaming for Education and Research.

RadSec – A better RADIUS protocol

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.

Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.

TERENA: European Collaboration in Research and Education Networking Belarus-Poland NREN Cross Border Link Inauguration Event Minsk, Belarus,

Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Why eduroam sucks, and how to fix it.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.

Copyright JNT Association 2006 The JANET Roaming Service.

EduRoam ESA workshop 17 December 2004 Utrecht.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Deploying eduroam Deyan Stoykov, BREN E-infrastructure Autumn Workshops 8 September, 2014.

ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Lecture 12: WLAN Roaming Communities EDUROAM TM. eduroam TM eduroam (education roaming) is the secure, world-wide roaming access service developed for.

Wireless ambitions Frans Panken I2 Spring meeting 24 april 2012.

EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.

John Dyer Business & Technology Strategist TERENA Business & Technology Strategist December 2013 European NRENs Evolution.

Connect. Communicate. Collaborate Combining RADIUS with Secure DNS for Dynamic Trust Establishment between Domains Henk Eertink †, Arjan Peddemors †, Roy.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Education roaming Secure Wireless Service for Research and Education.

SALSA-FWNA Activity Update Kevin Miller Duke University Internet2 Member Meeting May 2005.

High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.

Michal Procházka, Jan Oppolzer CESNET.

Module 11: Remote Access Fundamentals

Eduroam JP and development of UPKI roaming Yoshikazu Watanabe*, Satoru Yamano* Hideaki Goto**, Hideaki Sone** * NEC Corporation, Japan ** Tohoku University,

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

Application Policy on Network Functions (APONF) G. Karagiannis and T.Tsou 1.

ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.

Eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint.

May 17, 2006TNC 2006, Catania1 eduroam.us: past, present, future Philippe Hanset University of Tennessee, Knoxville.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Workshop roaming services: eduroam / govroam

NRENs, Grids and Integrated AAI In Search For the Utopian Solution Christos Kanellopoulos AUTH/GRNET October 17 th, 2005 skanct at physics.auth.gr 2nd.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.

6 June 2004TF-Mobility meeting 6 June TF-Mobility meeting Agenda TF-Mobility Meeting, June Welcome and Update on TF-Mobility to date Discussion.

Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box:

San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.

IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

Introduction to Networking. What is a Network? Discuss in groups.

RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.

OGF 43, Washington 26 March FELIX background information Authorization NSI Proposed solution Summary.

Wi-Fi: opportunities & deployments Frans Panken:

OGF PGI – EDGI Security Use Case and Requirements

The DAMe’s First Steps: eduroam and NAS-SAML

Mark Spencer - James Dickerson

Presentation transcript:

EDUROAM Michael Helm ESnet/LBL 26 Mar 2006

EduroamTAGPMA 27 Mar What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in a strange place, and I need to log in to your network; you want me to do this, but how can you permit it? –Need locally-usable credentials to authorize network services –Typical application is wireless networking Evolution of approaches  > 802.1x –Web-based authentication (eg Hotels) –Distributed VPNs

EduroamTAGPMA 27 Mar What Is Eduroam? (2) EU – Terena Mobility WG Hierarcy of RADIUS servers –RADIUS = RFC 2865 –Widely deployed in campuses & industry –Eduroam root at SURFnet in NL –EU NRENs have national roots &c –Non EU – AU, US*, maybe other Asia

EduroamTAGPMA 27 Mar Eduroam - current

EduroamTAGPMA 27 Mar Eduroam - Current

EduroamTAGPMA 27 Mar eduroam.us FWNA – I2 Determined basic specs –RADIUS hierarchy modeled after current European eduroam network –Requires use of 802.1x Experimental service in place –Top level servers at UTK, Merit –Connecting servers to Europe, Asia Finalizing “registration” system –Web-based service that will allow institutions to connect easily

EduroamTAGPMA 27 Mar x, RADIUS and EAP Top-Level Server 1 RADIUS server at visited institution RADIUS server at home institution Userid store at home institution EAP client Access Point

EduroamTAGPMA 27 Mar x, RADIUS and EAP 802.1x and RADIUS serve as transport mechanisms for EAP authentication 1x and RADIUS facilitate a conversation between two items controlled by the user and his organization: EAP client and campus RADIUS server

EduroamTAGPMA 27 Mar Top-level server interaction Top-Level Server 2 RADIUS configuration and routing data Top-level servers draw configs from a central store of data, based on registration Thus they remain in synch, but do not otherwise directly communicate Top-Level Server 1

EduroamTAGPMA 27 Mar Eduroam Development Many instances, but not yet ubiquitous City-State of CERN? EU eduroam success leads to eduroam- NG –Need to exchange attributes –Service discovery –Weaknesses of RADIUS in these areas + security concerns (Teaser for KW & PH slide decks)

EduroamTAGPMA 27 Mar Outlook Grid application? (Other networks?) PKI support –EAP clients –RADIUS router & ID Provider support Useful for our collaboration Acknowledgements: Most of the material in this deck is from Klaas Wierenga (at one remove) and Kevin Miller & Philippe Hanset (FWNA-I2)