Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

Published byDerrick Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A."— Presentation transcript:

1 Project Moonshot update ABFAB, IETF 80

2 About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A big thanks to – Luke Howard, Scott Cantor, Daniel Kouril, Michal Prochazka & Linus Nordberg.

3 Moonshot components GSS EAP RadSec Attribute extraction Application integration

4 Infrastructure GSS library – Reasonably complete, all participants were able to demonstrate the mechanism working. – No EAP channel binding, yet. RadSec – Early client support; works with radsecproxy. Not tested directly against a server. Attribute extraction & policy layer – Support for RADIUS attributes, SAML assertions and attributes: support for local mapping and policy.

5 Application integration Demonstrated with – Apache & test HTTP client – Prior to test event, demonstrated with openssh Adium Jabberd – On-going work for Firefox As expected, changes are sometimes required to applications but are minimal.

6 What’s possible with SSH AAA EAP Policy & AAA integration GSS SSH SAML Identity ProviderSSH daemon SSH GSS EAP SSH client RFC 4462 using GSS EAP Attributes Local attrs AuthZ decision

7 What’s possible with SSH RFC 4462 used for GSS EAP authentication RADIUS response includes SAML assertion; Identity Provider (IdP) wants to entitle user to log-in. Shibboleth policy maps this entitlement from trusted IdPs to mechanism-independent authorisation. SSH asks GSS for authorisation decision. Core GSS authorises with no knowledge of SAML, EAP or RADIUS.

8 Usability Goal: to select an identity and enter credentials, without modifying applications. Better experience when applications are modified. Challenges – Error handling: when do you record a failure? – Authentication description: who are you trying to talk to, and for what? – Password handling: when both the application and the library can handle the password, what’s the best experience? – We need help from Kitten!

9 Using an IdP with ABFAB Conventional Web SSO is here to stay. We want to use the same IdP for ABFAB and Web SSO. For ABFAB, the RADIUS server typically wants an attribute query; how is the RADIUS server authorised to make that query for anyone?

10 More information & participation http://www.project-moonshot.org Developer information: – http://www.project-moonshot.org/developers Virtual machine for demonstration & testing: – http://www.project-moonshot.org/devwiki/vmdk

Download ppt "Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A."

Similar presentations

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.

Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
Project Moonshot February 2012. Background Project Moonshot 2.

Project Moonshot February Background Project Moonshot 2.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.
Project Moonshot update TF-EMC2 & TF-MNM 14 & 16 February 2011.

Project Moonshot update TF-EMC2 & TF-MNM 14 & 16 February 2011.
© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
Project Moonshot TF-MNM. Use cases Project Moonshot 2.

Project Moonshot TF-MNM. Use cases Project Moonshot 2.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.

Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Similar presentations

Ads by Google