1. IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

2. Background Rapid development of trust and identity infrastructure and services Campus: LDAP & IdM, 802.1X, EAP, RADIUS, X.509, SAML, Kerberos… National: JANET Certificate Service (X.509) JANET Roaming Service (AAA / EAP / 802.1X) (eduroam) UK Access Management Federation (SAML). International: eduroam eduGAIN Grid Increasingly complex technical landscape. Increasingly demanding user requirements.

3. Project Moonshot in a slide Phase 1-3 (Jan  Mar 2010) Independent technical Feasibility Analysis. EAP GSS and other initial drafts (IETF & OASIS). Bar BoF @ IETF 77. Phase 4 (April  May 2010) Draft of project plan. Request BoF @ IETF 78. Phase 5 (June  July 2010) Detailed project plan. Prepare for BoF @ IETF 78. Phase 6 (August 2010  August 2011) http://www.project-moonshot.org/plan

4. Technology choices SAML provides authorisation and attributes. GSS-API mechanism for application integration. EAP authentication encapsulated in GSS-API to gain existing credential support. RADIUS transport provides federation.

5. Supplicant EAP lower Layer (e.g., 802.11i) AAA EAP lower Layer (e.g., 802.11i) AAA EAP server PeerAuthenticatorEAP server Network access EAP method EAP MSK

6. Supplicant AAA EAP server ClientServerEAP server GSS-API Client application GSS-API Server application Moonshot: non-Web SSO EAP MSK

7. Supplicant AAA EAP server ClientServerEAP server GSS-API Client application GSS-API Server application Moonshot: non-Web SSO draft-howlett-radius saml-attr sstc-saml-binding- aaa-draft draft-howlett-eap-gss draft-hartman-gss-eap-naming IETF architecture document sstc-saml-eapgss-sso-draft

8. Project Moonshot Goals Standardised technical architecture. Production-quality open-source implementation. Packaged and shipped with Debian Linux. A test-bed for interoperability testing. High quality documentation. An active community of users and developers.

9. Discuss!