Eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint.

Slides:



Advertisements
Similar presentations
Inter WISP WLAN roaming
Advertisements

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
eduroam Delegate Authentication System with Shibboleth SSO
Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
Southampton Open Wireless Network The Topology Talk.
Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,
TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.
Omniran IEEE 802 Enhanced Network Detection and Selection Date: Authors: NameAffiliationPhone Max RiegelNSN
Philippe Hanset ANYROAM LLC
Copyright JNT Association 2006 The JANET Roaming Service.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia,
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
TC2-Computer Literacy Mr. Sencer February 4, 2010.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
What computers talk about and how. (Networking & the Internet.) COS 116: 4/3/2008 Sanjeev Arora.
Wireless Security and Accounting with 802.1X. Introduction Background Why 802.1X? What is 802.1X? Implementing 802.1X at UTD The future of 802.1X and.
Lecture 12: WLAN Roaming Communities EDUROAM TM. eduroam TM eduroam (education roaming) is the secure, world-wide roaming access service developed for.
Omniran OmniRAN Wi-Fi Hotspot Roaming Use Case Date: Authors: NameAffiliationPhone Max RiegelNSN
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
Wireless ambitions Frans Panken I2 Spring meeting 24 april 2012.
EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.
AARNet Copyright 2010 Network Operations The eduroam project group
Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.
Altai Certification Training Backend Network Planning
Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.
Education roaming Secure Wireless Service for Research and Education.
SALSA-FWNA Activity Update Kevin Miller Duke University Internet2 Member Meeting May 2005.
High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.
Michal Procházka, Jan Oppolzer CESNET.
A Practical Guide for Joining EduRoam EuroCAMP Torino A Practical Guide for Joining EduRoam 4 March 2005 Version 1.6.
Module 11: Remote Access Fundamentals
Doc.: IEEE /751r0 Submission July 2004 Max Riegel, SiemensSlide 1 Selling network access Views from a business perspective Max Riegel Siemens.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
OpenDSN Revisited: The Open, Distributed Social Networking Protocol By Zach Broderick and Tim Hickey.
Eduroam JP and development of UPKI roaming Yoshikazu Watanabe*, Satoru Yamano* Hideaki Goto**, Hideaki Sone** * NEC Corporation, Japan ** Tohoku University,
AIMS’99 Workshop Heidelberg, May 1999 P805: Internet Roaming Giuseppe Sisto - Telecom Italia / CSELT Project participants:
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.
EDUROAM Michael Helm ESnet/LBL 26 Mar EduroamTAGPMA 27 Mar What Is Eduroam? The Roaming Scholar vs the Restricted Wireless Network –I am in.
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
May 17, 2006TNC 2006, Catania1 eduroam.us: past, present, future Philippe Hanset University of Tennessee, Knoxville.
Connect. Communicate. Collaborate TERENA Networking Conference, 7 june 2005 Eduroam: past, present, and future.
Workshop roaming services: eduroam / govroam
7.4 Update - ISE Session.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
Govroam Belnet – 19/11/2015 Els Lemmens, Belnet Federation Manager Nicolas Loriau, Belnet Technical Advisor.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
 Full scale audit of all their current network environment  Examination of the current security policy and physical security  Full scale audits will.
Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Introduction to Networking. What is a Network? Discuss in groups.
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
Chapter 1 Introduction to Networking
Mark Spencer - James Dickerson
Presentation transcript:

eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint Techs Workshop February 2006

Federated Wireless Auth Vision Enable members of one institution to authenticate to the wireless network at another institution using their home credentials –Reduce the need for guest IDs –Simplify authentication when roaming The “roaming scholar” problem

Potential Users Multi-campus college/university School with decentralized authN School system Regional consortia: GigaPoP, state network Etc…

FWNA Project Progress Determined basic specs –RADIUS hierarchy modeled after current European eduroam network –Requires use of 802.1x Experimental service in place –Top level servers at UTK, Merit –Connecting servers to Europe, Asia Finalizing “registration” system –Web-based service that will allow new institutions to easily connect

Building blocks 802.1x required as wireless access method (no captive portal) Home institutions selects EAP methods appropriate for them RADIUS used to transport auth requests from visited to home site Top-level servers route RADIUS requests between sites

Top-Level Server 1 Top-Level Server 2 RADIUS server at visited institution RADIUS server at home institution Wireless net at visited institution Userid store at home institution eduroam.us RADIUS routing

802.1x, RADIUS and EAP Top-Level Server 1 RADIUS server at visited institution RADIUS server at home institution Userid store at home institution EAP client AP

802.1x, RADIUS and EAP 802.1x and RADIUS serve as transport mechanisms for EAP authentication 1x and RADIUS facilitate a conversation between two items controlled by the user and his organization: EAP client and campus RADIUS server

Top-level server interaction Top-Level Server 1 Top-Level Server 2 RADIUS configuration and routing data Top-level servers draw configs from a central store of data, based on registration Thus they remain in synch, but do not otherwise directly communicate

Connections to others US Top-Level Server 2 US Top-Level Server 1 Europe Top-Level Server Austr. Top-Level Server Etc.. Top-Level Server Each top-level server knows the top-level realms handled by the others

FWNA Policy work How are visiting users notified of eduroam.us service availability? What if the home institution’s policies vary from the visited institution? How do we notify the user if they are a guest? What kinds of federations need to be built? What information is logged, by whom?

Things to consider Can your campus adopt 802.1x? Would your wireless authentication structure allow for authenticating foreign realms? Would you allow visiting users onto your normal wireless network? …or onto a segregated virtual network if authenticated? Would doing so solve a problem, or enhance learning?

How to take part If you want to be an experiment site, send to: Must be willing to experiment; nothing is plug and play Important for experimenters to give feedback by way of pointers, local cookbooks, EAP trial info, etc.

Join the FWNA Group Project website: Biweekly Conference Calls – Thursdays 11am-12pm –Next on 2/23/06 internet2 list –“subscribe salsa-fwna” to internet2

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.