GN2 JRA5: Roaming and Authorisation
|
|
- Rosa Curtis
- 5 years ago
- Views:
Transcription
1 GN2 JRA5: Roaming and Authorisation Jürgen Rauschenbach, DFN TF-NGN Athens 03/11/05
2 Introduction JRA5 builds a European Roaming Infrastructure (eduroamng) taking into account existing experience from the roaming area and provides a first (simple, but operational) federation example JRA5 will pilot the federated support for existent Authentication and Authorisation Infrastructures for Research and Education, this will be called edugain In some countries federated AAIs are already available, edugain will be able to cooperate with them (Shibboleth, PAPI, Moria, A-Select) JRA5 fits into GÉANT2 project homogenously because AA solutions are needed in the GÉANT partner countries and because other activities will use JRA5 results
3 Structure and Partners JRA5 consists of the following Work Item in the 4 project years: WI-1: Roaming WI-2: Authentication and Authorisation Infrastructure WI-3: Single Sign-On WI-4: Integration of advanced Technologies Number of partners is 16 (NRENs), Number of participants is 97 (mailing list), with contributions of around active persons Partners are SURFnet, DFN, RedIRIS, SWITCH, NORDUnet (University of Umea, UNI-C, UNINETT, CSC), RESTENA, ARNES, CARNET/SRCE, CESNET, FCCN, GRNET, HEAnet, HUNGARNET, ISTF, Ukerna, Dante Collaboration with many external groups: TF-Mobility, TF-EMC2, GN2 activities (JRA1, SA3), international groups like gwg, FWNA, Grids,
4 Work item distribution Year 2. Year 3.Year 4.Year Roaming AAI SSO NT ProjMgmt Admin sup
5 Work plan first 18 months On our agenda (deliverables): 1: Terminology for Roaming (and AAI) 2: AAI Requirements 3: Roaming Requirements 4: Roaming policy (legal material, policy document part1 and 2) 5 Design of the AAI Architecture 6: Architecture of eduroam-ng 7: Requirements single sign-on All objectives in months 1-12 have been met J
6 Year 1 - Achievements Work item 1 Roaming A-1: Glossary of Terms DJ5.1.1, a terminology document, scope roaming and AAI,to be extended with new terms A-2: was the Roaming Requirements document DJ5.1.2; security, standardisation and operational aspects A-3: have been contributions to the extension of the roaming pilot eduroam, both in the number of participants (NRENs) and also functionally (analysing the current infrastructure, eduroam-in-a-box, alternative architecture discussion). A-4: co-operational work with the TF Mobility, use eduroam as experimental platform in JRA5 as a step stone to eduroam-ng. Open discussion and dissemination on the mobility list. A-5: legislation overview for roaming services. DJ federation policy is currently in an early draft state. DJ
7 Technology: bypassing the hierarchy overhead? European Server.nl.ac.uk.pl uva.nl Uni.torun.pl Access Point Access Point User database AA traffic goes through all intermediate entries All links are peer-to-peer agreements / static routes / p2p secure DIAMETER? DNSsec? Work on-going in Telematica/JRA5 partners
8 Limitations of the current roaming infrastructure Technology All authn and authz traffic flows through the complete hierarchy Static trust (shared secrets in preconfigured p2p chain) Single points of failure (even when doubling the top level RADIUS) Policy Not suitable for full service yet Usability eduroam is not flexible enough with SSIDs, ciphers and VLANs mapping Do we need a specialised client? Where are the access points? Can a data base be helpful here? Management & Monitoring Are all servers up and running? How to detect abuse of the service? edugain How can we integrate roaming with the European AAI edugain?
9 Architecture alternatives DIAMETER (RFC 3588) Protocol defines different routing models to find the peer (redirect agent, redirect + PKI, DNS NAPTR/SRV + PKI) For inter-domain DNS based model looks promising DNSSec would be an alternative here (not part of the standard) Integration with legacy RADIUS by translation agents, gradual transition would be possible, but RADIUS have to stay Problem: no DIAMETER quality implementation so far RadSec (Radiator team) Trust establishment very similar to the DIAMETER + DNS and PKI Not a standard solution, not all RADIUS implementations Experimental work has started
10 Architecture alternatives (2) RADIUS/DNSSec Look-up through secure DNS Visiting RADIUS establishes a TLS connection to the home RADIUS to negotiate a shared secret (RKE protocol): dynamic p2pconnectivity Then it works like a normal RADIUS connection Dedicated roaming domain secure DNS tree needed RADDNSSEC Modified RADIUS/DNSSec, TLS handshake instead of RKE No smooth and easy deployment for the alternatives DIAMETER ranks high, but RadSec seems to be available faster
11 Year 1 Achievements (2) Work item 2 AAI A-6: AAI Requirements document DJ5.2.1 setting the scope of an AAI solution and defining first building blocks and general federation functionality, illustrated in examples and use cases A-7: AAI architecture document DJ5.2.2 (published last week) Work item 3 SSO No real work done so far
12 AAI operations Authentication request Authentication response HLS request HLS response Attribute request Attribute response Authorisation request Authorisation response Operations formally defined (SAML 1.1), opensaml for implementation (SAML 2.0 is announced already) Web services (WS) context
13 AAI basic components Common edugain Services Home Location Service HLS Interface HomeLocation Home edugain Federation Peering Point Home Bridging Element AuthN Attributes Remote edugain Federation Peering Point HLS Remote Bridging Element AuthN Attributes AuthN AuthZ Home Domain Identity Repository Remote Domain Resource
14 Abstract AAI operation <soap:envelope... > <soap:header/> <soap:body> <samlp:request RequestID= foo > <samlp:attributequery> <saml:subject>bar </saml:subject> </samlp:attributequery> </samlp:request> </soap:body> </soap:envelope...> HI TLS-Tunnel(s) Requester Identity Repository Resource
15 Conclusions/Summary Eduroam pilot infrastructure is growing into eduroam-ng, discussion of the new architecture also with groups from Australia, USA and more partners in the global working group on eduroam. There are a number of national operational federations in place, and a test platform for edugain will be built upon these AAIs. To be set up in the coming months. Interest is growing in both roaming and AAI work is not easy, but a lot of fun
16 ?
17 DIAMETER with DNS, CA DNS based peer discovery and PKI based roaming domain DNS server lookup DIAMETER server for home.org 2 2a authenticate / authorize user@home.org client e.g access point 1 2d exists: is 3 DIAMETER Server 6 logic p2p (static) visit.org user account db visiting visit.org.org DNS server 2c get CA key 2b 4 5 p2p (dynamic) 4c 4d DNS server infra eduroam.org Certificate Authority 4a home home.org DIAMETER Server logic home.org user account db 4b get CA key
18 RadSec DNS based peer discovery and PKI based roaming domain DNS server lookup RADIUS server for home.org 2 2a authenticate / authorize user@home.org client e.g access point 2d p2p (static) visit.org user account db visiting visit.org.org DNS server 2c 2b infra eduroam.org Certificate Authority exists: 4d is get CA 4a 4b 3 RADIUSp2p key (dynamic) DNS home Server server home.org logic 4 RADIUSp2p (dynamic) 5 Server 1 p2p logic 6 (dynamic) 4c home.org user account db get CA key
19 RADIUS + DNSSec DNS based peer discovery and DNS based determination whether peer is part of roaming domain 2a 2b infra eduroam.org DNS server lookup RADIUS server for home.org authenticate / authorize user@home.org client e.g access point 2 3 4c 4d RADIUSp2p (dynamic) Server 1 DNS server 6 logic p2p (static) visit.org user account db visiting visit.org lookup peer key 4 5 DNS server lookup peer key 4a p2p (dynamic) 4b home home.org RADIUSp2p (dynamic) Server logic home.org user account db
20 Additional slide: AAI components LFA/LA H FPP Remote Interface R FPP Local Interface Local Federation Adaptor Federation Limits Local Adaptor Federation Services Site Site Access Management Resource Other Sites
21 EduRoam Supplicant Authenticator (AP or switch) RADIUS server University A User DB RADIUS server University B User DB Gast piet@university_b.nl SURFnet Employee VLAN Student VLAN Commercial VLAN Central RADIUS Proxy server Trust based on RADIUS plus policy documents signaling 802.1X data (VLAN assigment)
GN2 JRA5: Roaming and Authorisation - recent results
GN2 JRA5: Roaming and Authorisation - recent results Jürgen Rauschenbach (DFN), Klaas Wierenga (SURFnet), Diego Lopez (RedIRIS), Content Overview Roaming infrastructure AAI Structure and Partners JRA5
More informationJRA5: Roaming and Authorisation
JRA5: Roaming and Authorisation Jürgen Rauschenbach, DFN-Verein 7 th TF-EMC2 Meeting, Malaga 16 17 October 2006 Introduction JRA5 will build a European Roaming Infrastructure based on eduroam JRA5 will
More informationeduroam und andere Themen in GN2-JRA5
eduroam und andere Themen in GN2-JRA5 DFNRoaming Workshop Stuttgart 30 November 2006 Jürgen Rauschenbach, DFN-Verein, jrau@dfn.de Inhalt Das GÉANT2 Projekt JRA5 Visionen Was sind Föderationen? eduroam
More informationDeliverable DJ Inter-NREN roaming technical specification document
22.06.06 Deliverable DJ5.1.4: Inter-NREN roaming technical specification document Deliverable DJ5.1.4 Contractual Date: 31/01/06 Actual Date: 22/06/06 Contract Number: 511082 Instrument type: Integrated
More informationConnect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team
GN2 JRA5 update Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille eduroam Working on the eduroam database and a new dissemination look (maps) RadSec release 1.0 Beta is out - reasonable stable and
More informationeducation federation CUC 2005, Dubrovnik High-quality Internet for higher education and research
eduroam: towards a pan-european research and education federation CUC 2005, Dubrovnik Klaas.Wierenga@surfnet.nl Contents Introduction to federations Federations for education Network access: eduroam Application
More informationGN4-2 SA2 Kick-Off Meeting Amsterdam/NL 30/
GÉANT edupki Serving GÉANT Services GN4-2 SA2 Kick-Off Meeting Amsterdam/NL 30/31.05.2016 Reimer Karlsen-Masur, DFN-CERT Services GmbH Slides & Related Materials @ https://www.edupki.org Outline The 3
More informationFederated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures
Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures Mauro Campanella - GARR FP7 Future Networks Concertation Meeting Brussels, March 11th, 2008 FEDERICA
More informationAARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef AARC? Authentication and Authorisation for Research and Collaboration support the collaboration model across institutional
More informationGéant-TrustBroker Dynamic inter-federation identity management
Géant-TrustBroker Dynamic inter-federation identity management Daniela Pöhn TNC2014 Dublin, Ireland May 19 th, 2014 Agenda Introduction Motivation GNTB Overview GNTB in Details Workflow Initiation of GNTB
More informationFEDERICA Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures
FEDERICA Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures Mauro Campanella - GARR Joint Techs Workshop / APAN Honolulu, January 23 2008 FEDERICA
More informationA collaboration overview: From TF-VSS to GN2 SA6
A collaboration overview: From TF-VSS to GN2 SA6 András Kovács, NIIF/HUNGARNET GN3 SA3-T4 educonf Workshop, Lisbon 19 October 2010 Introduction a bit of history National VC services: Endpoint deployment:
More informationUsing tunnels and three party authentication to improve roaming security
Supported by the Walloon Region Using tunnels and three party authentication to improve roaming security Damien LEROY UCLouvain - Belgium IP Networking Lab - http://inl.info.ucl.ac.be BELNET Security Conference
More informationWP JRA1: Architectures for an integrated and interoperable AAI
Authentication and Authorisation for Research and Collaboration WP JRA1: Architectures for an integrated and interoperable AAI Christos Kanellopoulos Agenda Structure and administrative matters Objectives
More informationOptions for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013
Options for Joining edugain Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013 Outline 1. GE ANT and the Enabling Users task 2. Options to Join edugain 3. Discussion 2 GÉANT (GN3plus) - vital
More informationService Delivery and Operations Report
25-05-2017 Deliverable 5.2 Contractual Date: 30-04-2017 Actual Date: 25-05-2017 Grant Agreement No.: 731122 Work Package/Activity: 5/SA2 Task Item: Task 2 and Task 3 Nature of Deliverable: R Dissemination
More informationThe challenges of (non-)openness:
The challenges of (non-)openness: Trust and Identity in Research and Education. DEI 2018, Zagreb, April 2018 Ann Harding, SWITCH/GEANT @hardingar Who am I? Why am I here? Medieval History, Computer Science
More informationIntroduction to eduroam
Introduction to eduroam eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community. Poll Brief History eduroam initiative
More informationAuthenticated Wireless Roaming via Tunnels
Supported by the Belgian Walloon Region Authenticated Wireless Roaming via Tunnels M. MANULIS, D. LEROY, F. KOEUNE, O. BONAVENTURE, J-J. QUISQUATER UCLouvain - Belgium UCL Crypto Group - IP Networking
More informationGreek Research and Technology Network. Authentication & Authorization Infrastructure. Faidon Liambotis. grnet
Greek Research and Technology Network Authentication & Authorization Infrastructure Faidon Liambotis faidon@.gr Networking Research and Education February 22 nd, 2011 1 Who am I? Servers & Services Engineer,
More informationThe IRISGrid Infrastructure Seamless Support for VOs. JRES2005, Marseille
The IRISGrid Infrastructure Seamless Support for VOs Virtual Organisations Why a support infrastructure s own and require resources Shared Collective Resource Resource Resource Resource Resource Resource
More informationGÉANT2 Security: Year 1 (aka JRA2)
GÉANT2 Security: Year 1 (aka JRA2) Christoph Graf, SWITCH TF-CSIRT, Lisbon 16 September 2005 Introduction JRA2 aims at: improving the overall security within the GÉANT2 community JRA2 fits into GÉANT2
More informationResults from the EARNEST Technical Study
EARNEST Workshop, Amsterdam, 8 May 2007 Results from the EARNEST Technical Study Licia Florio, TERENA florio@terena.org Agenda Technical study Lower layers preliminary results Middleware preliminary results
More informationGÉANT Community Programme
GÉANT Community Programme Building the community Klaas Wierenga Chief Community Support Officer GÉANT Information day, Tirana, 5 th April 1 Membership Association = very large community to serve GÉANT
More informationTechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko Outline TechSec WG liaison with CSIRT community! Results and developments
More informationAutoBAHN Provisioning guaranteed capacity circuits across networks
AutoBAHN Provisioning guaranteed capacity circuits across networks Afrodite Sevasti, GRNET 1 st End-to-end workshop: Establishing lightpaths 1-2 December 2008, TERENA, Amsterdam AutoBAHN is a research
More informationDeploying Standards-based, Multi-domain, Bandwidth-on-Demand
Nordic Infrastructure for Research & Education Deploying Standards-based, Multi-domain, Bandwidth-on-Demand Lars Fischer 28 th NORDUnet Conference Uppsala, 23 September 2014 The State of BoD Hybrid networking
More informationIntroduction to FEDERICA
Introduction to FEDERICA Mauro Campanella GARR Mauro.campanella@garr.it FEDERICA tutorial, June 7 th 2009 - Malaga, Spain Agenda 15.00-15.15 Introduction to FEDERICA, Mauro Campanella (GARR) 15.15-16.00
More informationDeliverable D8.4 Certificate Transparency Log v2.0 Production Service
16-11-2017 Certificate Transparency Log v2.0 Production Contractual Date: 31-10-2017 Actual Date: 16-11-2017 Grant Agreement No.: 731122 Work Package/Activity: 8/JRA2 Task Item: Task 6 Nature of Deliverable:
More informationTERENA, the NRENs, GÉANT & promoting Campus Best Practice
Networkshop 42 Leeds, UK 2 April 2014 John Dyer dyer@terena.org www.terena.org TERENA, the NRENs, GÉANT & promoting Campus Best Practice About TERENA A not-for-profit association of NRENs. 1986 RARE:
More informationFederated Identities and Services: the CHAIN-REDS vision
Co-ordination & Harmonisation of Advanced e-infrastructures for Research and Education Data Sharing Federated Identities and Services: the CHAIN-REDS vision Federico Ruggieri, GARR/INFN Joint CHAIN-REDS/ELCIRA
More informationIntroduction of Identity & Access Management Federation. Motonori Nakamura, NII Japan
Introduction of Identity & Access Management Federation Motonori Nakamura, NII Japan } IP networking } The network enables a variety type of attractive applications } Communication E-mail Video conferencing
More informationDARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,
DARIAH-AAI DASISH AAI Meeting Nijmegen, March 9th, 2014 www.dariah.eu What is DARIAH? DARIAH: Digital Research Infrastructure for the Arts and Humanities One of the few ESFRI research infrastructures for
More informationNew trends in Identity Management
New trends in Identity Management Peter Gietz, DAASI International GmbH peter.gietz@daasi.de Track on Research and Education Networking in South East Europe, Yu Info 2007, Kopaionik, Serbia 14 March 2007
More informatione-infrastructure for Research and Education in Georgia
e-infrastructure for Research and Education in Georgia Ramaz Kvatadze Georgian Research and Educational Networking Association GRENA www.grena.ge ramaz@grena.ge Content European research and education
More informationCross-organisational roaming on wireless LANs based on the 802.1X framework Author:
Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Klaas Wierenga SURFnet bv P.O. Box 19035 3501 DA Utrecht The Netherlands e-mail: Klaas.Wierenga@SURFnet.nl Keywords:
More information2010 Kerberos Conference
2010 Kerberos Conference MIT, Cambridge 26-27 October, 2010 Josh Howlett, Strategic Projects Leader, JANET(UK) & Sam Hartman, Painless Security LLC Contents Background Use-cases Brief overview of architecture
More informationAA Developers Meeting
AA Developers Meeting Attendees Alan Robiette Ali Odaci Bob Morgan David Chadwick David Orrell Diego Lopez Ingrid Melve Licia Florio Lyn Norris Maarten Koopmans Roland Hedberg Thomas Lenggenhager Ton Verschuren
More informationEUMEDCONNECT3 and European R&E Developments
EUMEDCONNECT3 and European R&E Developments David West DANTE 17 September 2012 INTERNET2 Middle SIG, Abu Dhabi The Research and Education Network for the Mediterranean Covering GEANT Other regional network
More informationperfsonar Update Jason Zurawski Internet2 March 5, 2009 The 27th APAN Meeting, Kaohsiung, Taiwan
perfsonar Update Jason Zurawski Internet2 March 5, 2009 The 27th APAN Meeting, Kaohsiung, Taiwan perfsonar Update Introduction & Overview Development Status Authentication & Authorization GUI Status Deployment
More informationAARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration
Authentication and Authorisation for Research and Collaboration AARC Christos Kanellopoulos AARC Architecture WP Leader GRNET Open Day Event: Towards the European Open Science Cloud January 20, 2016 AARC
More informationMoonshot. Workshop on Federated Identity and (OpenStack) Cloud Services - SWITCH
Moonshot Workshop on Federated Identity and (OpenStack) Cloud Services - SWITCH 2 ABFAB - Federated access beyond web Why?» You ve heard of eduroam Federated network access» You ve heard of Shibboleth,
More informationIntroducing Shibboleth. Sebastian Rieger
Introducing Shibboleth Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford eresearch Center
More informationHigher Education external Attribute Authority. Mihály Héder István Tétényi (MTA SZTAKI) 19-May-2015
Higher Education external Attribute Authority Mihály Héder István Tétényi (MTA SZTAKI) 19-May-2015 Problems in Collaboration Problems in Collaboration Problems in Collaboration Why we need Attribute Authorities?
More informationDeliverable reference number: D.4.1. AAA Architectures for multi-domain optical networking scenario's
034115 PHOSPHORUS Lambda User Controlled Infrastructure for European Research Integrated Project Strategic objective: Research Networking Testbeds Deliverable reference number: D.4.1 AAA Architectures
More informationNational R&E Networks: Engines for innovation in research
National R&E Networks: Engines for innovation in research Erik-Jan Bos EGI Technical Forum 2010 Amsterdam, The Netherlands September 15, 2010 Erik-Jan Bos - Chief Technology Officer at Dutch NREN SURFnet
More informationExam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]
s@lm@n HP Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] HP HP2-Z32 : Practice Test Question No : 1 What is a proper use for an ingress VLAN in an HP MSM VSC?
More informationUnfortunately it was not possible to have people from GRID, so the scenario described in this reports is not complete.
AA Workshop Report 26-27 November, 2002 Stockholm, Sweden Programme The first workshop about authentication and authorization infrastructure, foreseen in the Terms of Reference of TF-AACE, was arranged
More informationDeliverable DS2.1.1: Multi-Domain Service Architecture
10-05-2010 Deliverable DS2.1.1 Contractual Date: 31-03-2010 Actual Date: 10-05-2010 Grant Agreement No.: 238875 Activity: SA2> Task Item: T1 Nature of Deliverable: R (Report) Dissemination Level: PU (Public)
More information1.3 More information about eduroam is available at the relevant eduroam Service Provider (ESP) website detailed in Schedule 1 of this document.
1.0 Background to this document 1.1 This document sets out guidelines that cover the control of the supply and receipt of Internet access for educational purposes, that is primarily (but not exclusively)
More informationExtending Services with Federated Identity Management
Extending Services with Federated Identity Management Wes Hubert Information Technology Analyst Overview General Concepts Higher Education Federations eduroam InCommon Federation Infrastructure Trust Agreements
More informationTF-EMC2 Meeting March Florence, Italy
TF-EMC2 Meeting 28-29 March Florence, Italy Introduction Diego opened the meeting and welcomed the participants. SCS updates Guy Guy gave an update on the SCS service. There were some recent changes within
More informationManaging the lifecycle of XACML delegation policies in federated environments
Managing the lifecycle of XACML delegation policies in federated environments Manuel Sánchez, Óscar Cánovas, Gabriel López, Antonio F. Gómez-Skarmeta Abstract This paper presents an infrastructure that
More informationilight/gigapop eduroam Discussion Campus Network Engineering
ilight/gigapop eduroam Discussion Campus Network Engineering By: James W. Dickerson Jr. May 10, 2017 What is eduroam?» eduroam (education roaming) is an international roaming service for users in research,
More informationPilots to support guest users solutions
08-12-2016 Deliverable DSA1.1 Contractual Date: 31-07-2016 Actual Date: 08-12-2016 Grant Agreement No.: 653965 Work Package: SA1 Task Item: SA1.1 Pilot on Guest Identities Partner: GARR Document Code:
More informationThe New Infrastructure Virtualization Paradigm, What Does it Mean for Campus?
The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus? Jean-Marc Uzé Juniper Networks juze@juniper.net Networkshop 36, Glasgow, April 8 th 2008 Copyright 2008 Juniper Networks, Inc.
More informationAARC Blueprint Architecture
AARC Blueprint Architecture Published Date: 18-04-2017 Revision: 1.0 Work Package: Document Code: Document URL: JRA1 AARC-BPA-2017 https://aarc-project.eu/blueprint-architecture AARC Blueprint Architecture
More informationGÉANT-TrustBroker project overview
GÉANT-TrustBroker project overview Slides assembled by the Géant-TrustBroker team at Leibniz Supercomputing Centre, Germany for a short presentation by Licia Florio at the TF-EMC2 meeting Zurich, Switzerland
More informationMANTICORE II: Integrated logical IP network, a step beyond point to point links
MANTICORE II: Integrated logical IP network, a step beyond point to point links Victor Reijs, HEAnet NGN Workshop, TERENA, Amsterdam November 6th, 2007 victor.reijs@heanet.ie Virtualisation of network
More informationIntro to Federated Iden2ty with eduroam and edugain
Intro to Federated Iden2ty with eduroam and edugain Brook Schofield edugain Product Manager GÉANT Virtually @ Eko- Konnect, Lagos, Nigeria 7 th October 2015 The computer lab Image URL: hqp://www.fox.temple.edu/cms_about-
More informationIPv6 Deployment in European National Research and Education Networks (NRENs)
IPv6 Deployment in European National Research and Education Networks (NRENs) Tim Chown University of Southampton, UK tjc@ecs.soton.ac.uk SAINT2003 Workshop, 27 January 2003 IPv6 rationale IP is fundamental
More informationGN3 PROJECT. Karel Vietsch, TERENA GN3/NA3/T4 Campuses Best Practice meeting, Trondheim, May connect communicate collaborate
GN3 PROJECT Karel Vietsch, TERENA GN3/NA3/T4 Campuses Best Practice meeting, Trondheim, 27-28 May 2009 History 2000-2004: GN1 project GÉANT network 2004-2009: GN2 project GÉANT2 network Other services
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationFederated authentication for e-infrastructures
Federated authentication for e-infrastructures 5 September 2014 Federated Authentication for E-Infrastructures Jisc Published under the CC BY 4.0 licence creativecommons.org/licenses/by/4.0/ Contents Introduction
More informationWireless access for Oxford University Staff on Oxfordshire NHS sites
Wireless access for Oxford University Staff on Oxfordshire NHS sites Oxon Health Informatics Service (OHIS) Background and scope. OHIS design, configure, install and maintain all the network (wired and
More informationeidas cross-sector interoperability
eidas cross-sector interoperability Christos Kanellopoulos GRNET edugain SG October 13 th, 2016 Background information 2013 - STORK-2 collaboration (GN3Plus) 2014-07 Adoption of the eidas Regulation 2014-09
More informationNORDUnet GN3. Next Generation Network in Europe. Click to edit Master subtitle style. Lars Fischer SUNET TREFFpunkt
Nordic Nordic infrastructure Infrastructure for for Research Research & & Education Education GN3 Next Generation Network in Europe Click to edit Master subtitle style Lars Fischer SUNET TREFFpunkt 15
More informationDeliverable D3.4 Case Study: Report on Two Cases of User Account Management,
16-01-2018 Deliverable D3.4 Case Study: Report on Two, PRACE and CLARIN Deliverable D3.4 Contractual Date: 30-11-2017 Actual Date: 16-01-2018 Grant Agreement No.: 731122 Work Package/Activity: 3/NA3 Task
More informationGN3plus External Advisory Committee. White Paper on the Structure of GÉANT Research & Development
White Paper on the Structure of GÉANT Research & Development Executive Summary The External Advisory Committee (EAC) of GN3plus is a consultative and advisory body providing an external perspective to
More informationIntegrating Federations in the International Grid Trust Fabric
Integrating Federations in the International Grid Trust Fabric David Groep Nikhef Dutch national institute for sub-atomic physics Grids, Eduroam, Federations Different terms, same issues How to provide
More informationGéant-TrustBroker Project Overview
Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014 Géant-TrustBroker [GNTB]: The basic idea Our goal (SP perspective): SPs connected to user s identity
More informatione-infrastructures in FP7 INFO DAY - Paris
e-infrastructures in FP7 INFO DAY - Paris Carlos Morais Pires European Commission DG INFSO GÉANT & e-infrastructure Unit 1 Global challenges with high societal impact Big Science and the role of empowered
More informationDigital Identity Management and RNP
Digital Identity Management and RNP Noemi Rodriguez RNP, PUC-Rio RNP RNP (Rede Nacional de Ensino e Pesquisa): non-profit private organization under contract by Brazilian government to manage national
More informationNetwork Virtualization for Future Internet Research
Network Virtualization for Future Internet Research Mauro Campanella - GARR On behalf of the FEDERICA project Internet2 Fall Meeting New Orleans, October 14th, 2008 Agenda FEDERICA at a glance, vision
More informationAdvancing European R&E through collaboration
Advancing European R&E through collaboration CESNET Conference Erik Huizer, GÉANT, 11 th December 2017 To support collaboration and development amongst researchers, the dissemination of information & knowledge,
More informationIntroduction to Identity Management Systems
Introduction to Identity Management Systems Ajay Daryanani Middleware Engineer, RedIRIS / Red.es Kopaonik, 13th March 2007 1 1 Outline 1. Reasons for IdM 2. IdM Roadmap 3. Definitions 4. Components and
More informationMobility Workshop TERENA, Amsterdam March 06, Meeting report by: Licia FLORIO, TERENA March 12, Participants List
Mobility Workshop TERENA, Amsterdam March 06, 2002 Meeting report by: Licia FLORIO, TERENA March 12, 2002 Participants List Carsten Bormann Universität Bremen TZI Valentino Cavalli TERENA Martin Dunmore
More informationGuide to Configuring eduroam Using the Aruba Wireless Controller and ClearPass RADIUS
Guide to Configuring eduroam Using the Aruba Wireless Controller and ClearPass RADIUS Best Practice Document Produced by the UNINETT-led Campus Networking working group Authors: Tom Myren (UNINETT), John-Egil
More informationGN3 Plus NA3-T3 Greening of ICT Services. Andrew Mackarel GN3+ NA3 T3 15th September 2014 Workshop Budapest
GN3 Plus NA3-T3 Greening of ICT Services Andrew Mackarel GN3+ NA3 T3 15th September 2014 Workshop Budapest Agenda for this talk! GN3Plus Team Scope of Work! The GN3Plus NA3-T3 Team! GN3 Focus Areas and
More informationNetwork Device Provisioning
Network Device Provisioning Spring Internet2 Meeting April 23, 2013 Jim Jokl University of Virginia 1 The Problem Set Enable the use of strong authentication Passwords are painful and phishing is easy
More informationAPAN 25 Middleware Session, Hawaii Jan.24, 2008 Japanese University PKI (UPKI) Update and Shibboleth using PKI authentication
APAN 25 Middleware Session, Hawaii Jan.24, 2008 Japanese University (U) Update and Shibboleth using authentication National Institute of Informatics, JAPAN Toshiyuki Kataoka, Shigeki Tanimoto, Masaki Shimaoka
More informationTF-VVC is not directly related with any of the GN2 JRA s, but in some activity areas the task force is collaborating with the GN2 JRA1 and JRA5.
TF-VVC (Voice, Video and Collaboration) http://www.terena.nl/tech/task-forces/tf-vvc/ TF-VVC task force is the successor of TF-Netcast task force, which completed its work in the spring of 2004. TF-Netcast
More informationNet Edu Romanian Education Network
R O M A N I A N E D U C A T I O N N E T W O R K Ro Organizational Status Goals History Data Traffic Evolution Ro Layered Structure Most Important Services Ro in Research and Development Future Plans 2003
More information3 rd TF-Netcast Meeting 14 May 2003 via H.323 video conference
3 rd TF-Netcast Meeting 14 May 2003 via H.323 video conference Issue 1, 16 May 2003 Author: Baiba Kaskina, Dan Mønster Participants: Alessandro Falaschi University of Roma Franca Fiumana CINECA Ernst Heiri
More informationNetwork Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017
Network Security: WLAN Mobility Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017 Outline Link-layer mobility in WLAN Password-based authentication for WLAN Eduroam case study 2 LINK-LAYER
More informationTERENA Technical Report. TF-Mobility. Inter-NREN roaming. Final Report. James Sankar UKERNA Klaas Wierenga - SURFnet
TERENA Technical Report TF-Mobility Inter-NREN roaming Final Report James Sankar UKERNA Klaas Wierenga - SURFnet This report summarises the work of the TERENA Mobility Task Force that has been working
More informationMinutes of the 23rd TF-Mobility & Network Middleware Meeting
Page 1/8 TITLE / REFERENCE 23 rd TF-Mobility and Network Middleware - Wednesday, 16 February 2011 Lyon, France. The meeting was hosted by the University of Lyon and CRU. Table of Contents 1. Welcome and
More informationIntroduction to eduroam
SLIDE 1 - COPYRIGHT 2015 Introduction to eduroam LEARN eduroam Workshop 6 th May 2016 2 SLIDE 2 - COPYRIGHT 2015 Introduction Paul Hii Australia s National Research and Education Network (NREN) UC & Video
More informationThe adoption of cloud services
Andres Steijaert andres.steijaert@surfnet.nl The adoption of cloud services ASPIRE STAKEHOLDER WORKSHOP Brussels Thursday 13 September 2012 www.terena.org/aspire The adoption of cloud services How can
More informationThe EGI AAI CheckIn Service
The EGI AAI CheckIn Service Kostas Koumantaros- GRNET On behalf of EGI-Engage JRA1.1 www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number
More informationNM-WG Specification Adoption in perfsonar. Aaron Brown, Internet2, University of Delaware Martin Swany University of Delaware, Internet2
NM-WG Specification Adoption in perfsonar Aaron Brown, Internet2, University of Delaware Martin Swany University of Delaware, Internet2 What is perfsonar A collaboration Production network operators focused
More informationINDIGO AAI An overview and status update!
RIA-653549 INDIGO DataCloud INDIGO AAI An overview and status update! Andrea Ceccanti (INFN) on behalf of the INDIGO AAI Task Force! indigo-aai-tf@lists.indigo-datacloud.org INDIGO Datacloud An H2020 project
More informationPolicy Management and Inter-domain Mobility for eduroam through virtual Access Points (vaps)
Policy Management and Inter-domain Mobility for eduroam through virtual Access Points (vaps) Daniel Camps-Mur (daniel.camps@i2cat.net), I2CAT Foundation, ES Ilker Demirkol (ilker.demirkol@entel.upc.edu),
More informationSEVENMENTOR TRAINING PVT.LTD
Configuring Advanced Windows Server 2012 Services Module 1: Implementing Advanced Network Services In this module students will be able to configure advanced features for Dynamic Host Configuration Protocol
More informationACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee
ACCP-V6.2Q&As Aruba Certified Clearpass Professional v6.2 Pass Aruba ACCP-V6.2 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money Back
More informationTERENA TF-ECS Activity 2 Overview of national activities and deployments
TERENA TF-ECS Activity 2 Overview of national activities and deployments Author: Fabio Vena (SWITCH), contributions from all Version Author Modification Date 0.1 Fabio Vena Initial draft 2007.05.11. 0.2
More informationEGI Check-in service. Secure and user-friendly federated authentication and authorisation
EGI Check-in service Secure and user-friendly federated authentication and authorisation EGI Check-in Secure and user-friendly federated authentication and authorisation Check-in provides a reliable and
More informationDeliverable DJ3.1.2,3: Report on the roaming developments, including recommendations for longterm
18-04-2013 including recommendations for longterm Deliverable DJ3.1.2,3 Contractual Date: 31-01-13 Actual Date: 18-04-2013 Grant Agreement No.: 238875 Activity: JRA3 Task Item: Task 1 Nature of Deliverable:
More informationNew Windows build with WLAN access
New Windows build with WLAN access SecRep 24 17-18 May 2016 Ahmed Benallegue/Hassan El Ghouizy/Priyan Ariyansinghe ECMWF network_services@ecmwf.int ECMWF May 19, 2016 Introduction Drivers for the new WLAN
More informationA Profile of European NREN s. Marko Bonač ARNES, Slovenia
A Profile of European NREN s Marko Bonač ARNES, Slovenia bonac@arnes.si Content Mission statement and objective User communities Activities Operating a special network Providing services Development Staff
More information