Presentation is loading. Please wait.

Presentation is loading. Please wait.

eduroam-as-a-service

Published byByron Powell Modified over 7 years ago

Similar presentations

Presentation on theme: "eduroam-as-a-service"— Presentation transcript:

1 eduroam-as-a-service
Roadmap Stefan Winter Task Leader GN4-2 JRA3-T4 R&D Engineer, RESTENA Foundation Last update: 02 nov 2016

2 Overall product development timeline
Overall system design specified – DONE Implement first prototype – ONGOING finalize first prototype for the service – Dec 2016 [COMMITED] launch pilot for the service – Jan 2017 [COMMITED] -> functional except credential revocation; preliminary UI; see “Pilot Features” stop the pilot – May 2017 [PLANNED] eaas beta version – June 2017 [PLANNED] -> fully functional, near-final UIs; see “Beta Features” eaas v1.0 – July 2017 [PLANNED] documentation and acceptance testing – Sep 2017 [POSSIBILITY] service launch and handover to production – Oct 2017 [POSSIBILITY]

3 Pilot Features (1) – JAN 2017 NRO Administrator interface
Functionality: FINISHED NRO can mark a future IdP as eligible for the service Invitations for IdP management are sent to the designated IdP administrators Issued invitation tokens can be consumed, IdP created and activated Designated IdP admin can use IdP user provisioning interface, below User Interface: PRELIMINARY will need polishing IdP user provisioning interface Functionality: 80% FINISHED IdP admin can log into the system Can add and remove users Can issue new vouchers Can NOT revoke issued credentials yet (button exists, without function) Will need polishing

4 Pilot Features (2) – JAN 2017 End-user interface
Functionality: 90% FINISHED Provisioning Able to consume vouchers Detect operating system of end user Creates customised installer based on voucher validity and operating system Possible limitation: installers not yet ready for some operating systems Status Page Able to inform user about status of his account, based on voucher code or client cert Possible limitation: … „based on client cert“ possibly not functional yet User Interface: PRELIMINARY will need polishing Certification Authority for client certificates 50% FINISHED PHP-based stub implementation of CA signatures Unable to handle revocation

5 Pilot Features (3) – JAN 2017 RADIUS server implementation OCSP server
IdP part (account validation) – 90% FINISHED EAP-TLS termination point Presents per-NRO server certificate Validates client certificates against root and (stub) intermediate Does not verify revocation status with OCSP yet SP part (on-site proxy) – 50% FINISHED Basic functionality available Recommended features as per eduroam Service Definition may not be fully implemented yet OCSP server Not in place yet due to missing revocation functionality

6 Beta Features (1) – JUNE 2017 NRO Administrator interface
Functionality: FINISHED NRO can mark a future IdP as eligible for the service Invitations for IdP management are sent to the designated IdP administrators Issued invitation tokens can be consumed, IdP created and activated Designated IdP admin can use IdP user provisioning interface, below User Interface: FINISHED Following input and consensus from pilot testers IdP user provisioning interface IdP admin can log into the system Can add and remove users Can issue new vouchers Revocation working (button functional)

7 Beta Features (2) – JUNE 2017 End-user interface
Functionality: FINISHED Provisioning Able to consume vouchers Detect operating system of end user Creates customised installer based on voucher validity and operating system installers available for all supported operating systems (pending OS bugs preventing actual use) Status Page Able to inform user about status of his account, based on voucher code or client cert Possible limitation: … „based on client cert“ possibly not functional yet User Interface: FINISHED Following input and consensus from pilot testers Certification Authority for client certificates FINISHED CA operation moved to dedicated VM with HSM Regulary issues OCSP revocation status responses Sends OCSP status responses to OCSP server for public consumtion

8 Beta Features (3) – JUNE 2017 RADIUS server implementation
IdP part (account validation) – FINISHED EAP-TLS termination point Presents per-NRO server certificate Validates client certificates against root and HSM-based intermediate Checks revocation status against OCSP server SP part (on-site proxy) – FINISHED Basic functionality available Recommended features as per eduroam Service Definition implemented OCSP server FINISHED Two worker VMs and load-balancing front-end deployed simplistic web server to hand out OCSP responses (low load)

9 Stefan Winter <stefan.winter@restena.lu>

Download ppt "eduroam-as-a-service"

Similar presentations

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.

Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.
The project plan. December 16, 2004. Agenda The project plan –Risks –Language decision –Schedule –Quality plan –Testing –Documentation Program architecture.

The project plan. December 16, Agenda The project plan –Risks –Language decision –Schedule –Quality plan –Testing –Documentation Program architecture.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
WP3 Semivirtual Campus Progress Report Petr Grygarek VSB-CZ.

WP3 Semivirtual Campus Progress Report Petr Grygarek VSB-CZ.
Catlyn Colson. Recap of Previously Completed Work Previously I had done the following: Built the Database, started basic layout of the webpage, connected.

Catlyn Colson. Recap of Previously Completed Work Previously I had done the following: Built the Database, started basic layout of the webpage, connected.
Module 8 Configuring and Securing SharePoint Services and Service Applications.

Module 8 Configuring and Securing SharePoint Services and Service Applications.
Assuring e-Trust always www.certiver.com 1 Status of the Validation and Authentication service for TACAR and Grids.

Assuring e-Trust always 1 Status of the Validation and Authentication service for TACAR and Grids.
Software Engineering Project: Research Expert Prabhavathi Kumarasamy Joshua Thompson Paul Varcholik University of Central Florida.

Software Engineering Project: Research Expert Prabhavathi Kumarasamy Joshua Thompson Paul Varcholik University of Central Florida.
1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)

1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)
ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Windows 2000 Certificate Authority By Saunders Roesser.

Windows 2000 Certificate Authority By Saunders Roesser.
KFKI RMKI CA Review EUGridPMA May 26-28, Copenhagen Szabolcs Hernáth MTA KFKI RMKI pki.kfki.hu.

KFKI RMKI CA Review EUGridPMA May 26-28, Copenhagen Szabolcs Hernáth MTA KFKI RMKI pki.kfki.hu.
1. 2 3 GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.

GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
HSPcomplete Advanced Q&A Alex Blinov, title Dennis Sherbakov, title Tuesday, May 8, 2007.

HSPcomplete Advanced Q&A Alex Blinov, title Dennis Sherbakov, title Tuesday, May 8, 2007.
Portal Update Plan Ashok Adiga (512) 471-8196.

Portal Update Plan Ashok Adiga (512)

Similar presentations

Ads by Google