Presentation is loading. Please wait.

Presentation is loading. Please wait.

EAP-TLS in eduroam using TCS Personal Certificates José Manuel Macías Luna, RedIRIS Juan C. Sánchez-DelBarrio, BSC TF-MnM Lyon, 16 Feb 2011.

Published byCalvin Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "EAP-TLS in eduroam using TCS Personal Certificates José Manuel Macías Luna, RedIRIS Juan C. Sánchez-DelBarrio, BSC TF-MnM Lyon, 16 Feb 2011."— Presentation transcript:

1 EAP-TLS in eduroam using TCS Personal Certificates José Manuel Macías Luna, RedIRIS Juan C. Sánchez-DelBarrio, BSC TF-MnM Lyon, 16 Feb 2011

2 1. what... ? Use of TCS Personal Certificates in eduroam Id P SIR attributes CSR

3 2. how... ? FreeRADIUS 2.1.10 added extended validation of client certificates see verify { client } in eap.conf we made a proof-of-concept validation script: validates client certificate and attributes CN,O,UID against our LDAP directory Radiator also supports this kind of validation EAPTLS_CertificateVerifyHook additional checks possible too... CRL checking, expiration,...

4 2. how... ? FreeRADIUS 2.1.10 added extended validation of client certificates See verify { client } in eap.conf We made a proof-of-concept validation script: Validates client certificate attributes CN,O,UID against our LDAP directory Radiator also supports this kind of validation EAPTLS_CertificateVerifyHook Additional checks possible... CRL checking, expiration,... common name home organization My OpenID, yes... ;-) user identifier Attributes that can be validated Ho me IdP SIR 2 X.509 X.509 2 LDAP LDAP 2 SIR

5 3. what for...? ok, it's not rocket science, but... remember EAP-TLS is included in Windows by default an alternative (or complement) to EAP-GTC too easy recipe for the server side it would promote other services: TCS, SIR drawbacks... a fail-over authentication method? it seems easy to deploy but... easier than others? (EAP-EKE is not yet there...) how well does it scale?

6 ...any questions?

Download ppt "EAP-TLS in eduroam using TCS Personal Certificates José Manuel Macías Luna, RedIRIS Juan C. Sánchez-DelBarrio, BSC TF-MnM Lyon, 16 Feb 2011."

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
P u t y o u r h e a d o n m y s h o u l d e r.

P u t y o u r h e a d o n m y s h o u l d e r.
REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys.

REFEDS. Rome, October 2009 The OpenID Case Why It’s Not a Bad Idea to Play with The Big Guys.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Senior Technical Writer

Senior Technical Writer
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
February 2006Colby College ITS Using FTP. February 2006Colby College ITS Topics FTP Options at Colby For Mac Users For Windows Users.

February 2006Colby College ITS Using FTP. February 2006Colby College ITS Topics FTP Options at Colby For Mac Users For Windows Users.
2009-11-171Creative Commons Share Alike Attribution 3.0 Active Directory on ARM Running an Embedded Active Directory Domain Controller on the BeagleBoard.

Creative Commons Share Alike Attribution 3.0 Active Directory on ARM Running an Embedded Active Directory Domain Controller on the BeagleBoard.
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
5 Copyright © 2008, Oracle. All rights reserved. Configuring the Oracle Network Environment.

5 Copyright © 2008, Oracle. All rights reserved. Configuring the Oracle Network Environment.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Goals 

5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Penn State/Napster 2.0 Trial Russell S. Vaught Associate Vice Provost Information Technology.

Penn State/Napster 2.0 Trial Russell S. Vaught Associate Vice Provost Information Technology.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Similar presentations

Ads by Google