Presentation is loading. Please wait.

Presentation is loading. Please wait.

The DAMe’s First Steps: eduroam and NAS-SAML

Published byMaja Albrecht Modified over 6 years ago

Similar presentations

Presentation on theme: "The DAMe’s First Steps: eduroam and NAS-SAML"— Presentation transcript:

1 The DAMe’s First Steps: eduroam and NAS-SAML
Diego R. Lopez - RedIRIS

2 Deploying Authorization Mechanisms for Federated Services in eduroam (DAMe)
DAME is a project that builds upon: eduroam, which defines an inter-NREN roaming architecture based on AAA servers (RADIUS) and the 802.1X standard, Shibboleth and eduGAIN NAS-SAML, a network access control approach for AAA environments, developed by the University of Murcia (Spain), based on SAML (Security Assertion Markup Language) and XACML (eXtensible Access Control Markup Language) standards. [1st =] Usually, those proposals don’t explain how certificates are issued by the authorities (it is usually application-dependent) [2nd =] In complex environments, a structured and distributed system must be provided (and application independent)

3 First Goal: extNA First Goal: Extension of eduroam using NAS-SAML
Connect. Communicate. Collaborate First Goal: extNA First Goal: Extension of eduroam using NAS-SAML Policy Decision Point Source Attribute Authority XACML RADIUS server University B University A eduroam Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Gast User mobility controlled by assertions and policies expressed in SAML and XACML Signaling data SAML

4 Second Goal: eduGAIN as AuthN and AuthR Backend First Goal: extNA
Connect. Communicate. Collaborate Second Goal: eduGAIN as AuthN and AuthR Backend First Goal: extNA Link between the AAA servers (now acting as Service Providers) and eduGAIN

5 Third Goal: Universal Single Sign On
Connect. Communicate. Collaborate Users will be authenticated once, during the network access control phase The eduGAIN authentication would be bootstrapped from the NAS-SAML New method for delivering authentication credentials and new security middleware 4th goal: integrating applications, focusing on grids.

6 eduroam + NAS-SAML Independent AuthR
Connect. Communicate. Collaborate

7 eduroam + NAS-SAML Merged AuthR
Connect. Communicate. Collaborate

8 eduroam+NAS-SAML in Context
The proposal is functionally equivalent to the one discussed in SALSA-FWNA for RADIUS-SAML integration Compatibility and convergence are the natural way forward NAS-SAML is From the inter-realm view, a Diameter binding for SAML Already available, thus allowing for fast evaluation of ideas Agree in the basics Data (NameIdentifier?) exchanged in RADIUS space Relevant attributes

Download ppt "The DAMe’s First Steps: eduroam and NAS-SAML"

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Centralized Application Permissions Privilege Management Nate Klingenstein 30 January 2007 OGF 19 Chapel Hill.

Centralized Application Permissions Privilege Management Nate Klingenstein 30 January 2007 OGF 19 Chapel Hill.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Why eduroam sucks, and how to fix it.

Why eduroam sucks, and how to fix it.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
EduRoam ESA workshop 17 December 2004 Utrecht.

EduRoam ESA workshop 17 December 2004 Utrecht.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.

Connect. Communicate. Collaborate The eduGAIN Way Diego R. Lopez - RedIRIS.
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.

EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

Similar presentations

Ads by Google