Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chargeable-User-Identity in eduroam. The problem Current eduroam setup provides per-realm granularity The consequences – if a guest misbehaves the SP.

Published byCortez Cockfield Modified over 9 years ago

Similar presentations

Presentation on theme: "Chargeable-User-Identity in eduroam. The problem Current eduroam setup provides per-realm granularity The consequences – if a guest misbehaves the SP."— Presentation transcript:

1 Chargeable-User-Identity in eduroam

2 The problem Current eduroam setup provides per-realm granularity The consequences – if a guest misbehaves the SP can only black-list the entire realm – if someone uses the guest access to set up a full-time Internet link the SP may become suspicious about the eduroam idea and may want to turn on some quota system to defend against that kind of overuse (this may be a local-level problem but we might provide a universal solution) – in case of incidents locating the correct entries in the logs may be complicated by the fact that the SP logs will just show anonymous user

3 Possible solution: Chargeable-User-Identity (CUI) attribute defined in RFC 4372 (pointed out by Jochem van Dieten) meant to carry a value which is unique to a user (perhaps only for some period of time) CUI in action – request – send the CUI attribute with a NUL value – reply – send the user identifier in the CUI – the NAS accounting should be based on CUI rather the User-Name (probably currently not implemented by anybody)

4 Tests and implementation CUI request implemented in FreeRadius v. 2 CUI response implemented in FreeRadius v. 1 and 2 (runs in production service in Toruń) – currently a fixed value per user is returned CUI proxying tested for FreeRadius v. 1 and 2, Radiator, RadSec proxy testing tool – a patch to eapol_test from wpa_supplicant 0.6.2 capable of sending goth NUL and non-NUL CUI and displaying the response

5 So now what.... We are happy to provide all information on server setup, eapol_test patch etc. Questions, issues – Test pilot (volunteers)? – How permanent should the CUI be? – Recommendation for SA5 participants? – Add a subchapter to Roaming CookBook?

Download ppt "Chargeable-User-Identity in eduroam. The problem Current eduroam setup provides per-realm granularity The consequences – if a guest misbehaves the SP."

Similar presentations

Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Technology ICT Virtual PC. Network Resources Microsoft Virtual PC Allows multiple Guest Operating Systems (Virtual Machines) run using the resources of.

Technology ICT Virtual PC. Network Resources Microsoft Virtual PC Allows multiple Guest Operating Systems (Virtual Machines) run using the resources of.
Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.

Eduroam-ng TF-Mobility, Barcelona, 6 September 2005.
Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,
Why eduroam sucks, and how to fix it.

Why eduroam sucks, and how to fix it.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
What is MySQL? MySQL is a relational database management system (A relational database stores data in separate tables rather than putting all the data.

What is MySQL? MySQL is a relational database management system (A relational database stores data in separate tables rather than putting all the data.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
EduRoam ESA workshop 17 December 2004 Utrecht.

EduRoam ESA workshop 17 December 2004 Utrecht.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Usability Test by Knowing User’s Every Move - Bharat chaitanya.

Usability Test by Knowing User’s Every Move - Bharat chaitanya.
Deploying eduroam Deyan Stoykov, BREN E-infrastructure Autumn Workshops 8 September, 2014.

Deploying eduroam Deyan Stoykov, BREN E-infrastructure Autumn Workshops 8 September, 2014.
Wireless Security and Accounting with 802.1X. Introduction Background Why 802.1X? What is 802.1X? Implementing 802.1X at UTD The future of 802.1X and.

Wireless Security and Accounting with 802.1X. Introduction Background Why 802.1X? What is 802.1X? Implementing 802.1X at UTD The future of 802.1X and.
AAI with simpleSAMLphp

AAI with simpleSAMLphp

Similar presentations

Ads by Google