Programme ›TERENA ›Overview of the middleware initiatives in the European Higher Education ›What is eduroam: the technology and how to set up eduroam ›eduroam-in-a-box: a tool to ease eduroam deployment ›eduroam federation

Overview of Middleware Developments in Europe Eduroam MiniCAMP April 5, 2007 Licia Florio, Paul Dekkers, Rok Papež TERENA, SURFnet, ARNES

Outline ›What is TERENA ›European landscape in higher education ›TERENA’s role ›Why Federated Identity ›Federation concepts ›A quick look at the future

TERENA Organisation ›A not-for-profit association of European National Research & Education Networks (since 1986) ›NRENs ›Secretariat located in Amsterdam (The Netherlands) ›33 National Members ›2 International Members: ›CERN, ESA ›10 Associate Members ›including DANTE, NORDUnet, equipment vendors and telecoms operators

TERENA Mission ›Collaborate ›Innovate ›Share knowledge ›TERENA does not run a network!

TERENA Mission ›Represent common interests and opinions of membership ›Make political and industrial contacts ›Lobby European Union and national governments ›Liaise with other continents (e.g. APAN, Internet2, CLARA) ›Knowledge Transfer ›Conferences TNC: Copenhagen 21 to 24 May 2007 ›Vendor demonstrations, new technologies, NREN showcase ›Workshops & Seminars ›eduroam Minicamp and others ›Developing informational, best-practice and training material. ›TERENA activities are open to everyone ›TERENA community is wider than the TERENA membership ›Activities span over different field ›See htttp://

TERENA Support to Middleware Deployment ›TERENA provides support for the middleware activities: ›Via Task Forces (open to anybody) ›TF-Mobility ›TF-EMC2 ›Via services like ›Server Certificate Service (SCS) ›Schema HArmonisation Committee (SCHAC) ›TERENA Academic CA Repository (TACAR) ›Workshops ›EuroCAMP (Apirl 16-17, Helsinki) ›NREN-Grids (June, date and location tbc)

Services: SCS ›What is it about? ›SCS= Server Certificate Service ›To issue server certificates - popup free - unlimited number - Very low price (price is not per certificate) -Already 1400 certificates issued ›For whom? ›For the National Research and Education Network community in Europe ›How did we get there? ›Example of Terena interaction with industry for benefit of research networks

What is TACAR ›TACAR: TERENA ACAdemic Repository ›Offers a way for building a PKI-based web of trust within the European academic community ›And beyond ›>25 root CA certificates (root of trust for IGTF) ›Conceived as a collection of trust-anchors ›Based on the principle: ›Keep it simple ›TACAR is open to: ›All NRENs; › National Academic PKI ’ s in the TERENA member countries; › Non-profit research projects (Grid CA ’ s)

EuroCAMP ›Workshops to promote the use of middleware technologies in the Campuses ›Three EuroCAMP workshops took place already ›Topics covered: IdM systems and Federations mainly ›Very successful ›Since June 06 MiniCAMPs ›Organised as part of GEANT2/NA4 project ›Focused on eduroam ›So far three events have been organised

Services: ›TF-EMC2 ›Harmonise schemas in the field of high education ›Complements eduPerson schema from Internet2 ›Mainly concerned for inter-institutional data exchange ›Needed for interoperability ›Which data ›What format of data

What is Identity Management ›From a global perspective: ›Identity Management ›Giving each user an electronic identity ›Set of technologies and policies to control users access to resources ›Can be anything ›SQL database ›passwd file ›LDAP/AD ›More needs, more complexities ›Kerberos ›Web based SSO

The Needs For Federated Identity ›Increasing dynamics in the education system ›Students can access courses outside their organisation ›On-line courses are more common ›Users want to access the same services no matter where they are ›Grid: example of access to distributed resources ›Centralized login ›More institutions dealing with the same users means: ›Multiple registration of users ›Overhead to manage guest users › Increased possibility of error in managing the users ’ records ›Sharing of user identity ›Institutional borders ›International borders ›User logs in with the same credentials on the same page for every resource

Federations ›Enable the sharing of educational resources ›Network ›Wireless and/or not ›Applications ›Online learning systems ›Require agreement on: ›Legal Framework and Policies ›Trust ›Technology ›Security ›Common Language ›Interoperability

Example of Not Federated Access User from Inst X InstX Y Institution Y X Institution X Learning Material Network

Example of Federated Access User Inst X Learning Material Network Institution Y Federated Access Others Resources… Institution X

The Building Blocks of Federations Identity ProviderService Provider publisher webmail

Federated Access to (Web) Applications ›Federations are being developed at national level by the NRENs ›Different (open source) solutions are used ›Shibboleth: UK, Finland, Switzerland ›PAPI: Spain ›A-Select: the Netherlands ›Sun Federation Manager based upon Liberty Alliance specification: Norway ›All these solutions are now inter-operable ›eduGain › They all recognize Security Assertion Markup Language (SAML) as “ the standard ” to transfer information (assertions) among each other

Federated Network Access ›Eduroam tests started in TF-Mobility ›Excellent example of a confederation

Conclusions ›Federations are the future ›Campuses/universities need to be involved ›Deploying IdMs is the first step to make life easier ›The campuses need to talk to their NRENs ›There will not be one unique multipurpose federation ›Different federations to fit different communities ›TERENA wants to promote cooperation and help the campuses to deploy middleware