Presentation is loading. Please wait.

Presentation is loading. Please wait.

JRA3-T4 eduroam development - plan Stefan Winter Task Leader JRA3-T4

Published byLorraine Webster Modified over 6 years ago

Similar presentations

Presentation on theme: "JRA3-T4 eduroam development - plan Stefan Winter Task Leader JRA3-T4"— Presentation transcript:

1 JRA3-T4 eduroam development - plan Stefan Winter Task Leader JRA3-T4
R&D Engineer, RESTENA Foundation JRA3 Kick-Off Meeting, Zürich 12 July 2016

2 Work Areas eduroam-as-a-service, comprising Self-Service Support
IdP-as-a-service (“Silver Bullet IdP”) SP-as-a-service (“No fancy name”) Self-Service Support for end users (“Why am I not online?”) For admins (“I need to talk to IdP/SP X because…”) CAT “business as usual” development new devices like Kindle beefing-up of current installers (more Passpoint support...) Let’s RadSec

3 IdP-as-a-service “Silver Bullet” IdP Requires Exploits EAP-TLS based
“IdP” admin gets simple web interface to manage own users Requires CA which issues/revokes user certificates in real-time RADIUS server(s) which terminate EAP-TLS and do actual authentication More than one? Decentralisation difficult due to EAP server verification! Management UI for the admins Exploits Availability of installer generation engine in eduroam CAT (“just yet another EAP type”) Existing admin UI in CAT for the config parts unrelated to Silver Bullet Additional SSIDs Institution Logo Helpdesk contact details … you name it

4 SP-as-a-service Just an ordinary proxy-only RADIUS server
Best-of-class: implement all optional/recommended features we like to but seldomly do see in real life Easy to distribute: central, NRO level, at the spot With Let’s RadSec: uplink with eduroam SP certificate

5 Self-Service For users: For admins:
integrate monitoring subsystems and real-time diagnostics into a cohesive and simple user experience give simple explanations / instructions / steps forward automate wherever possible e.g. instead of generic “contact your IdP”: show web form which will be sent to relevant contact at IdP – users do not need to know contact details themselves fallbacks in place (no IdP known? Display phone, or send to NRO instead) Needs improvements in eduroam monitoring -> operations For admins: automate workflows for common issues where flow was previously “contact your NRO and wait for guidance” typical use cases: abuse complaints, reject due to missing MAC address in request, informing SP of lack of IP addresses in DHCP pool, malformed Operator-Name web forms all around

6 eduroam CAT eduroam CAT Devices Features
Not many “actually new” devices on the radar. Contrary, Windows Phone is dead! Kindle (FireOS) is mostly Android, but different enough to potentially be(come) difficult Features Passpoint now configurable on all our supported platforms (currently implemented only on iOS / OS X  room for improvement) Shift from install-once to a permanent assistance application on all platforms Initial installation Ongoing account management (check expiry and consequences, renew cert) Running diagnosis where needed Maps of coverage I would call it the “Companion” if that name weren’t already taken ;-)

7 Let’s RadSec RADIUS/TLS for server infrastructure is all nice
But getting certificates too cumbersome in practice Need a more automated solution Prototype can provision RADIUS/TLS server certificates to EAP servers fully automated EAP server == eduroam IdP security profile still under discussion Unfortunately, eduroam IdPs unlikely first adopters Rather expect trickle-down from NRO level So, need a provisioning method for the other slice of servers NRO RADIUS proxies in top priority (then eduroam IdPs, mostly solved) eduroam SPs CSR copy&paste to web form the likely best candidate for SPs and NRO

8

Download ppt "JRA3-T4 eduroam development - plan Stefan Winter Task Leader JRA3-T4"

Similar presentations

eduroam Delegate Authentication System with Shibboleth SSO

eduroam Delegate Authentication System with Shibboleth SSO
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
DIRECT TRANSPORT FOR QH 10/18-19 F2F NOTES (SPN).

DIRECT TRANSPORT FOR QH 10/18-19 F2F NOTES (SPN).
Private and Confidential ThinkControl & ProLiant Essentials Rapid Deployment Pack.

Private and Confidential ThinkControl & ProLiant Essentials Rapid Deployment Pack.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.

Using InCommon Client Certs for eduroam Jeff Hagley and Ryan Martin October 3 rd, 2011 Internet2 Fall Member Meeting.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
MIT Libraries’ FileMaker Use Policy as an example local DLC policy.

MIT Libraries’ FileMaker Use Policy as an example local DLC policy.
Cloud Control Senior Project Summer 2012. Overview Cloud Control is a platform to control data transmission to/from internet connected devices from the.

Cloud Control Senior Project Summer Overview Cloud Control is a platform to control data transmission to/from internet connected devices from the.
AARNet Copyright 2010 Network Operations The eduroam project group 2009 - 2010.

AARNet Copyright 2010 Network Operations The eduroam project group
Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.
Education roaming Secure Wireless Service for Research and Education.

Education roaming Secure Wireless Service for Research and Education.
 Introduction to Operating System Introduction to Operating System  Types Of An Operating System Types Of An Operating System  Single User Single User.

 Introduction to Operating System Introduction to Operating System  Types Of An Operating System Types Of An Operating System  Single User Single User.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Michal Procházka, Jan Oppolzer CESNET.

Michal Procházka, Jan Oppolzer CESNET.
1 Thomas Lippert Senior Product Manager - Mobile What’s new in SMC 5.0.

1 Thomas Lippert Senior Product Manager - Mobile What’s new in SMC 5.0.
What’s New in Fireware v11.9.5

What’s New in Fireware v11.9.5
Blueprint Meeting Notes Feb 20, 2009. Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:

Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Similar presentations

Ads by Google