IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Slides:

Advertisements

Similar presentations

RadSec – A better RADIUS protocol

Advertisements

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Project Moonshot February Background Project Moonshot 2.

John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.

Research on Networks Report on session on Grids & access Klaas Wierenga SURFnet Middleware Services Utrecht, 29 April 2004.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.

Project Moonshot update TF-EMC2 & TF-MNM 14 & 16 February 2011.

Copyright JNT Association 2006 The JANET Roaming Service.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

Password?. Project CLASP: Common Login and Access rights across Services Plan

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

Insight Consulting Siemens Identity Management Survey Conducted April – June 2007 Info

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Multihop Federations & Trust Router draft-mrw-abfab-multihop-fed-02.txt draft-mrw-abfab-trust-router-01.txt Margaret Wasserman

Project Moonshot TF-MNM. Use cases Project Moonshot 2.

Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Michal Procházka, Jan Oppolzer CESNET.

High-quality Internet for higher education and research AAI from the NREN perspective Schiphol, October 17, 2005

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Introduction Moonshot workshop

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.

Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Innovation through participation eduGAIN policy: A worm report TF-EMC2 Vienna Mikael Linden, CSC The worm farmer.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Image © Viatour Luc ( Project Moonshot TNC 2010 Vilnius, 1 June 2010 Josh Howlett, JANET(UK)

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.

Deploying Authorization Mechanisms for Federated Services in eduroam Klaas Wierenga, EuroCAMP Helsinki, 17&18th April 2007.

EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.

Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Federated Wireless Network Authentication Kevin Miller Duke University Internet2 Joint Techs Salt Lake City February, 2005.

Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.

Extensions to the Emergency Services Architecture for dealing with Unauthenticated and Unauthorized Devices draft-ietf-ecrit-unauthenticated-access-03.txt.

TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt Yoav Nir Yaron Sheffer (presenter) Hannes Tschofenig Peter Gutmann IETF-70, Vancouver, Dec.

Moonshot-enabled Federated Access to Cloud Infrastructure Terena Networking Conference, Reykjavik. May 2012 David Orrell, Eduserv.

Project Moonshot Daniel Kouřil EGI Technical Forum

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Utrecht.

Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.

August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.

Draft-howlett-abfab-trust-router-ps ABFAB, IETF83 Josh Howlett & Margaret Wasserman.

The Umbrella Project Authentication The minimum user information possible is stored centrally to avoid Data Protection issues. The Authentication is done.

CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López

Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.

Federated Access to Storage EGI CF 2012 Luke Howard, Daniel Kouril, Michal Prochazka.

Moonshot, in a nutshell SAML IdP Client Server AAA EAP RADIUS.

WLCG Update Hannah Short, CERN Computer Security.

The Jisc Moonshot Primer

OGSA-WG Basic Profile Session #1 Security

HMA Identity Management Status

Data and Applications Security Developments and Directions

Federated IdM Across Heterogeneous Clouding Environment

European AFS & Kerberos Conference 2010

The DAMe’s First Steps: eduroam and NAS-SAML

GN2 JRA5 Roaming and Authorisation Jürgen Rauschenbach, DFN-Verein

Presentation transcript:

IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Background Rapid development of trust and identity infrastructure and services Campus: LDAP & IdM, 802.1X, EAP, RADIUS, X.509, SAML, Kerberos… National: JANET Certificate Service (X.509) JANET Roaming Service (AAA / EAP / 802.1X) (eduroam) UK Access Management Federation (SAML). International: eduroam eduGAIN Grid Increasingly complex technical landscape. Increasingly demanding user requirements.

Project Moonshot in a slide Phase 1-3 (Jan  Mar 2010) Independent technical Feasibility Analysis. EAP GSS and other initial drafts (IETF & OASIS). Bar IETF 77. Phase 4 (April  May 2010) Draft of project plan. Request IETF 78. Phase 5 (June  July 2010) Detailed project plan. Prepare for IETF 78. Phase 6 (August 2010  August 2011)

Technology choices SAML provides authorisation and attributes. GSS-API mechanism for application integration. EAP authentication encapsulated in GSS-API to gain existing credential support. RADIUS transport provides federation.

Supplicant EAP lower Layer (e.g., i) AAA EAP lower Layer (e.g., i) AAA EAP server PeerAuthenticatorEAP server Network access EAP method EAP MSK

Supplicant AAA EAP server ClientServerEAP server GSS-API Client application GSS-API Server application Moonshot: non-Web SSO EAP MSK

Supplicant AAA EAP server ClientServerEAP server GSS-API Client application GSS-API Server application Moonshot: non-Web SSO draft-howlett-radius saml-attr sstc-saml-binding- aaa-draft draft-howlett-eap-gss draft-hartman-gss-eap-naming IETF architecture document sstc-saml-eapgss-sso-draft

Project Moonshot Goals Standardised technical architecture. Production-quality open-source implementation. Packaged and shipped with Debian Linux. A test-bed for interoperability testing. High quality documentation. An active community of users and developers.

Discuss!