Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 RESTENA Foundation TF-MNM 16 feb 2011 eduroam “next gen” Stefan Winter -

Published byLawrence McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "1 RESTENA Foundation TF-MNM 16 feb 2011 eduroam “next gen” Stefan Winter -"— Presentation transcript:

1 1 RESTENA Foundation TF-MNM 16 feb 2011 eduroam “next gen” Stefan Winter -

2 2 Deliverables DJ3.1.2,1 about to be published  hidden somewhere deep in the bowels of the GN3 review process  Summary report about JRA3-T1 actions in the first 18 months of the project (Sep 2010)  Will announce to TF-MNM as soon as published Current work will be reported on in DJ3.1.2,2

3 3 RADIUS/TLS A PKI PMA, CA and RA have been established  Any CA can apply for being accredited to issue “eduroam Trust Profile” certificates  The CA will be assessed by eduPKI PMA  To get started, one CA has been created as a “catch-all” for eduroam participants (mostly FLR level)  This CA uses the eduroam database to check authorisation (FILL. YOUR. DATA. IN. NOW!!!)  We are already issuing certificates.

4 4 How to use? Radiator  Product is ready  Full template configuration is being prepared on the “new cookbook” wiki  Caveat: needs Net::SSLeay 1.37 – which isn't released yet; would need to use SVN code :-( radsecproxy  Dynamic discovery needs love  Rest is ready  Config template will also go into cookbook

5 5 When is.edu not a problem any more? When all FLRs which host a.edu domain have RADIUS/TLS + all.edu domains have set a NAPTR record for eduroam  Then the domains can announce their authoritative FLR via DNS  And TLRs can have a separate Handler for.edu: AuthBy DNSROAM  That way, all.edu request are DNS-discovered either by an FLR or by the TLR Need to get eduroam Trust Profile certificates to U.S. and other non-EUs

6 6 eduroam Trust Profile PKI “One Sentence” Policy  (paraphrased) A conforming CA will only issue certificates with the policy OID ….foo.1 for authorised eduroam IdP ….foo.2 for authorised eduroam SP  Proxy servers are IdP+SP A well-managed CA would need to put authorisation checks in place which ensure the above.

7 7 GN3 Year 3 Generic description of work in the “Technical Annex” One (hopefully) particularly interesting project:  Assemble IdP settings in eduroam DB  Create scripted installers for all these IdPs  Hassle-free supplicant deployment for all!  These installers could even be signed for platforms which think they need that  Potential to save thousands of work hours for IdPs and as added “sales” argument for eduroam

Download ppt "1 RESTENA Foundation TF-MNM 16 feb 2011 eduroam “next gen” Stefan Winter -"

Similar presentations

INFN CA1 active since July 1998 manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.

INFN CA1 active since July manager: –Roberto Cecchini types of certificates released: –personal –server –object signing.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
SAFE Implementation Toolkit How to use it. Implementation toolkit Overview Log-in Contents Search Toolkit Use Log-out.

SAFE Implementation Toolkit How to use it. Implementation toolkit Overview Log-in Contents Search Toolkit Use Log-out.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Extending the Discovery Environment: Tool Integration and Customization.

Extending the Discovery Environment: Tool Integration and Customization.
Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.

Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
CONNECT: Install Webinar for Code-A-Thon April 20th, 2010.

CONNECT: Install Webinar for Code-A-Thon April 20th, 2010.
Community Services WI TF-EMC2 VC Meeting 29 June, 2011 Licia Florio

Community Services WI TF-EMC2 VC Meeting 29 June, 2011 Licia Florio
CONNECT: Install Webinar for Code-A-Thon September 7 th, 2010.

CONNECT: Install Webinar for Code-A-Thon September 7 th, 2010.
Leveraging ArcGIS Online Elevation and Hydrology Services

Leveraging ArcGIS Online Elevation and Hydrology Services
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
CONNECT: Install Webinar for Code-A-Thon April 22nd, 2010.

CONNECT: Install Webinar for Code-A-Thon April 22nd, 2010.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.

Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.
Connect. Communicate. Collaborate Place your organisation logo in this area The PERT – Evolution from a Centralised to a Federated Organization Toby Rodwell.

Connect. Communicate. Collaborate Place your organisation logo in this area The PERT – Evolution from a Centralised to a Federated Organization Toby Rodwell.

Similar presentations

Ads by Google