APAN 25 Middleware Session, Hawaii Jan.24, 2008 Japanese University PKI (UPKI) Update and Shibboleth using PKI authentication
|
|
- Kathryn Wilkins
- 5 years ago
- Views:
Transcription
1 APAN 25 Middleware Session, Hawaii Jan.24, 2008 Japanese University (U) Update and Shibboleth using authentication National Institute of Informatics, JAPAN Toshiyuki Kataoka, Shigeki Tanimoto, Masaki Shimaoka
2 OUTLINE 1.Overview of U 2.U Common Specifications 3.U Public Server Certificate 4.U Start-Pack 5.Shibboleth using Authentication 2
3 1. Overview of U 3
4 1-1 U Architecture Open Domain サーハ サーハ Srv. NII Pub Other Pub サーハ サーハ Srv. Sign, Encrypt. Campus A Univ. 学内用学内用 Auth, Sign, Encrypt. B Univ. 学内用学内用 Auth, Sign, Encrypt. NAREGI A Univ. NAREGI B Univ. NAREGI Grid Computing Server, Super Computer Student, Faculty Server, Super Computer Student, Faculty 4
5 1-2 U Activities Open Domain サーハ サーハ Srv. NII Pub Server Certificates サーハ サーハ Srv. Other Pub Certificates Sign, Encrypt. Campus A Univ. Start-Pack 学内用学内用 Auth, Sign, Encrypt. U Common Specification B Univ. Auth, Sign, Encrypt. Eduroam 学内用学内用 NAREGI A Univ. NAREGI NAREGI- Enhancement B Univ. NAREGI Grid Computing Server, Super Computer Student, Faculty Server, Super Computer Student, Faculty 5
6 2. U Common Specifications 6
7 2-1 U Common Specifications Open Domain サーハ サーハ Srv. NII Pub Other Pub サーハ サーハ Srv. Sign, Encrypt. Campus A Univ. 学内用学内用 Auth, Sign, Encrypt. U Common Specifications B Univ. Auth, Sign, Encrypt. 学内用学内用 NAREGI A Univ. NAREGI B Univ. NAREGI Grid Computing Server, Super Computer Student, Faculty Server, Super Computer Student, Faculty 7
8 2-2 U Common Specifications U Common Specifications Campus procurement guidelines deployment Campus CP/CPS templates -To reduce cost -To keep multi Campus model cooperativity Two outsource models and one insource model Outsource model (FY2006) Developed and Published from; (Japanese Only) Insource model (FY2007) Developed, and to be published soon -To promote Campus To keep multi-universityuniversity Campus Spec. Campus CP/CPS templates Outsource model Outsource model Insource model Multi-university cooperative model Multi-university cooperative model -Deployment of campus at each universities -Connecting universities - Federation of applications 8
9 2-3 Operation Models of Full outsource Univ. provider CP/CPS RA IA IA outsource Univ provider RA IA Insource Univ RA IA 9
10 2-4 Construction of Common Specification Common Specification of Campus (1) Guidance (2) Campus supply specification 1 Guideline 2 Template (3) Campus CP/CPS Guideline 1 Guideline 2 Template CP/CPS Download URL: (Japanese only) 10
11 3.U Public Server Certificate 11
12 3-1 Server Certificate Pilot project Project status FY2006: Developed RA/LRA model for High-Ed Institutions FY2007: Started to issue public server certs Objectives Deployment of server certificates to High-Ed Institutions Feasibility study of developed schemes optimized for High- Ed Feasibility study of business operation over FY2009 What it does Providing a server certificate to participants Achieving LoA equal to commercial High-Assurance certs Delegating some RA operations to Local operator of participants Customizing the local operation practice by each participants Available participants Institutions participated to SINET (Need a subscription) 12
13 3-2 Quick view of Pilot project (cont d) Challenges Optimization of RA operation for High-Ed Customization of local operation in each institution Automization of RA operation by using Campus certs as a credential (in the future) Expected outcomes Best practice of local operation optimized for High-Ed Tips for server certificate installation (for niche implementation) Tips for local operations improvement in institutions Demand of stimulation for (using for Local Operators) 13
14 3-3 Schemes for Registration and Issuance Offline Online Cert chain Organization identity Domain ownership Local operator acceptance IA Registration & Issuance RA operator Root Provider NII Open Domain Bulk request Bulk recipience Server Installation High-Ed Institution Subscriber Identity Subscriber Acceptance Server ownership Local Operator CSR Certificate Subscriber 14
15 3-4 Issuance of U Public Certificates Number of Certificates Feb/ Mar/ April/ May/ 07 June /07 36 July/ Aug/ Sep/ 07 Oct/ Nov/ Dec/ Jan/ 07 Nuber of Issuance Total
16 3-5 Number of Participants 50 Number of Institutions May/ 07 June/07 July/07 Aug/07 Sep/07 Oct/07 Nov/07 Dec/07 Month Total
17 3-6 Future Plan Analyze every customized local operation, and model typical cases Analyze a relation between the models and various characteristics of institutions Improve the delegation architecture of RA operations through the participant s experience Consider a business operation plan over FY
18 4.U Start-Pack 18
19 4-1 U Start-Pack Objectives The knowledge in setting up and operating system is necessary to consider campus certificate authority. The experiences of constructing and operating certificate authority will help to consider, construct and operate adequate authentication infrastructure under each universities situations. Concepts Develop and provide Start-Pack that enables universities easily to construct and start Certificate Authority By restricting to one application only, make it possible to construct and start to operate very easily and in a short time. system should be not only for experience but also for real operation. 19
20 4-2 To create Start-Pack Application configured to issue certificates for inter-university wireless LAN authentication To support only IE802.1X EAP-TLS that uses both server certificate and client certificate system NAREGI- that is developed by NAREGI(National Research Grid Initiative) project and has been operated in several sites NAREGI- is open source software and it enables to operate certificate authority as same level as commercial system Including additional features of enhanced certificate issuing procedure developed in U project Wireless LAN system Use open software: FreeRadius and OpenLDAP 20
21 4-3 IE802.1X EAP-TLS EAP (Extensible Authentication Protocol) Client Authentication Server Authentication Security Level Operation Cost EAP-TLS Certificate Certificate High High EAP-TTLS ID/Password Certificate Mid. Mid. EAP-PEAP ID/Password Certificate Mid. Mid. LEAP ID/Password ID/Password Low Low EAP-MD5 ID/Password --- Low Low 21
22 4-4 Contents Scripts Installation script; For easy setting Template: Profile template for wireless LAN client certificate and server certificate Documents(Japanese Only) Start-Up Guide: How to install system, how to use scripts to configure settings in order to use for wireless LAN authentication Operation Guide: How to operate Certificate Authority for wireless LAN authentication Users Guide: How to obtain certificate, and set up the certificate to use wireless LAN System NAREGI- Ver2.2 ( download from NAREGI site) 22
23 08/ How to use Start-Pack Systems Start-Pack Scripts, Documents University Easy Setup! RA RA Administrator Start to operate quickly! Application Server (web) Administrator Authority Delegation TARO SUZUKI Smart Card Apply Authorize RA Operator Identify User Admin Server (web) Issue Request Issue Certificate LDAP RADIUS AP 23
24 4-6 Current Status Download: Available from the end of Jan On U Initiative Page (Japanese Only) Support: On U Initiative Start-Pack site 24
25 5. Shibboleth using Authentication 25
26 5-1 Shibboleth using authentication Objectives; To design architecture for Japanese Academic Federation that is suitable for Japanese institutions base on U infrastructure Challenges; To develop necessary functions to connect Shibboleth and U infrastructure To evaluate usability and operability of Shib- architecture 26
27 5-2 Shibboleth on U Architecture Sign, Encrypt. Open Domain サーハ サーハ Srv. NII Pub サーハ サーハ Srv. Other Pub Campus A Univ. 学内用学内用 Auth N U IdP U SP Auth Z U IdP U SP Auth N Auth, Sign, Encrypt. B Univ. 学内用学内用 NAREGI A Univ. NAREGI B Univ. NAREGI Grid Computing Server, Super Computer Student, Faculty Server, Super Computer Student, Faculty 27
28 5-2 Shibboleth on U Architecture Sign, Encrypt. Open Domain サーハ サーハ Srv. NII Pub Japanese Academic Federation サーハ サーハ Srv. Other Pub Campus A Univ. 学内用学内用 Auth N U IdP U SP Auth Z U IdP U SP Auth N Auth, Sign, Encrypt. B Univ. 学内用学内用 NAREGI A Univ. NAREGI B Univ. NAREGI Grid Computing Server, Super Computer Student, Faculty Server, Super Computer Student, Faculty 28
29 5-3 Shib- connecting function IdP (University) Shib- DS (Discovery Service) SP (e-journal, e-learning,,,) (5) Authentication (4) Redirect (3) Cert (Subject DN) (2) Redirect (1) Access USER 29
30 5-4 Testbed using Shib- Internet Univ. A Auto redirect Univ. B Auto redirect Issuance of Server Cert. IdP1 AuthN Campus Certificate IdP2 AuthN Campus Certificate SP Access DS + Shib- Open Domain User1 User2 Access Japanese Academic Federation Testbed 30
31 5-5 Future Plan Japanese Academic Federation Architecture design; Develop suitable architecture on U infrastructure ( three layers) taking institutions situations into consideration. Roadmap; FY2007: Develop Shib- and testbed FY2008 1H: Evaluate and develop architecture using testbed FY2008 2H: Small start with a few SP services 31
SLCS and VASH Service Interoperability of Shibboleth and glite
SLCS and VASH Service Interoperability of Shibboleth and glite Christoph Witzig, SWITCH (witzig@switch.ch) www.eu-egee.org NREN Grid Workshop Nov 30th, 2007 - Malaga EGEE and glite are registered trademarks
More informationIntroduction of Identity & Access Management Federation. Motonori Nakamura, NII Japan
Introduction of Identity & Access Management Federation Motonori Nakamura, NII Japan } IP networking } The network enables a variety type of attractive applications } Communication E-mail Video conferencing
More informationilight/gigapop eduroam Discussion Campus Network Engineering
ilight/gigapop eduroam Discussion Campus Network Engineering By: James W. Dickerson Jr. May 10, 2017 What is eduroam?» eduroam (education roaming) is an international roaming service for users in research,
More informationEGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti
EGI-InSPIRE GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies Sergio Maffioletti Grid Computing Competence Centre, University of Zurich http://www.gc3.uzh.ch/
More informationNew open source CA development as Grid research platform.
New open source CA development as Grid research platform. National Research Grid Initiative in Japan Takuto Okuno. 1 About NAREGI PKI Group (WP5) 2 NAREGI Authentication Service Perspective To develop
More informationNetwork Security 1. Module 7 Configure Trust and Identity at Layer 2
Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure
More informationCase Study Identity Management at Texas A&M University
Case Study Identity Management at Texas A&M University Susan Neitsch Lead Software Applications Developer, Texas A&M University The Problem: delivering a centralized email service Climate Late 1990s Students
More informationThe Experimental Project of DOI Registration for Research Data at Japan Link Center (JaLC)
IDF Outreach Meeting, December 3, 2015 The Experimental Project of DOI Registration for Research Data at Japan Link Center (JaLC) Hideaki Takeda Chair, Joint Steering Committee, Japan Link Center (National
More informationIDG Services Metrics. Kerberos Usage. Weblogin Usage. Kerberos & Webauth Services. Kerberos & Webauth Users. Authentication Metrics
IDG Services Metrics Authentication Metrics Kerberos Usage Weblogin Usage 3 6 25 5 2 15 1 5 Kerberos Auths Password Inputs 4 3 2 Forced Password Entry Password Logins Single Sign-On Total Logins Apr-9
More informationSecure ACS for Windows v3.2 With EAP TLS Machine Authentication
Secure ACS for Windows v3.2 With EAP TLS Machine Authentication Document ID: 43722 Contents Introduction Prerequisites Requirements Components Used Background Theory Conventions Network Diagram Configuring
More informationeduroam Web Interface User Guide
eduroam Web Interface User Guide Contents Introduction 3 Login Page 3 Main Page 4 Managing your Radius Servers 5 Managing your Realms 8 Managing the Test Users 10 Managing the Access Points 12 Information
More informationCross-organisational roaming on wireless LANs based on the 802.1X framework Author:
Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Klaas Wierenga SURFnet bv P.O. Box 19035 3501 DA Utrecht The Netherlands e-mail: Klaas.Wierenga@SURFnet.nl Keywords:
More informationInformation Technology Services. Informational Report for the Board of Trustees October 11, 2017 Prepared effective August 31, 2017
Information Technology Services Informational Report for the Board of Trustees October 11, 2017 Prepared effective August 31, 2017 Information Technology Services TABLE OF CONTENTS UPDATE ON PROJECTS &
More informationThe State of the Raven. Jon Warbrick University of Cambridge Computing Service
The State of the Raven Jon Warbrick University of Cambridge Computing Service jw35@cam.ac.uk Corvus corax Raven photo used under the terms of the GNU Free Documentation License. Author Pcb21. Raven Web
More informationConnect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team
GN2 JRA5 update Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille eduroam Working on the eduroam database and a new dissemination look (maps) RadSec release 1.0 Beta is out - reasonable stable and
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationSelf-Service Diagnostics and eduroam as-a-service
Self-Service Diagnostics and eduroam as-a-service To boldly roam how we never roamed before Stefan Winter Tomasz Wolniewicz Outline Background of eduroam supporting
More informationConfiguring FlexConnect Groups
Information About FlexConnect Groups, page 1, page 5 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 10 Configuring WLAN-VLAN Mappings on FlexConnect Groups, page 11 Information About FlexConnect
More informationNIR February JPNIC Updates. Hiroki Kawabata Japan Network Information Center (JPNIC) Copyright 2016 Japan Network Information Center
NIR SIG@APNIC41 February 2016 JPNIC Updates Hiroki Kawabata Japan Network Information Center (JPNIC) Contents Statistics IPv4 IPv6 ASN transfer Activities IPv6 Policy and Internet Governance RPKI Reverse
More informationNetwork Device Provisioning
Network Device Provisioning Spring Internet2 Meeting April 23, 2013 Jim Jokl University of Virginia 1 The Problem Set Enable the use of strong authentication Passwords are painful and phishing is easy
More information802.1x. ACSAC 2002 Las Vegas
802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:
More informationOne small step for the Shib admin, one giant leap for the SAML community?
One small step for the Shib admin, one giant leap for the SAML community? Some Shibboleth migration tales and recommendations Lukas Hämmerle lukas.haemmerle@switch.ch Budapest, 18. November 2009 June 30th
More informationDiamond Moonshot Pilot Participation
Diamond Moonshot Pilot Participation Presentation to Networkshop43 Bill Pulford, Scientific I.T. Coordinator Diamond Light Source Exeter, April 1st 2015 Acknowledgements Stefan Paetow (Janet/UK), DLS System
More informationExtending Services with Federated Identity Management
Extending Services with Federated Identity Management Wes Hubert Information Technology Analyst Overview General Concepts Higher Education Federations eduroam InCommon Federation Infrastructure Trust Agreements
More informationCisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication
Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication Document ID: 43486 Contents Introduction Prerequisites Requirements Components Used Background Theory Conventions Network Diagram
More informationBridging Continents. Kazu Yamaji National Institute of Informatics JAPAN
Bridging Continents Kazu Yamaji National Institute of Informatics JAPAN 2015-04-13 NII-funded Programs NII-IRP (Institutional Repositories Program) http://www.nii.ac.jp/irp/en/ Phase 1 : FY2005-2007 Phase
More informationMicrosoft NPS Configuration Guide
Microsoft NPS Configuration Guide eduroam (UK) Last Update: 12 th April 2018 Introduction 1 Contents 1. Introduction... 4 2. Limitations of Network Policy Server... 5 3. Installing NPS... 6 4. Certificates
More informationFederated Identity Management
Federated Identity Management SWITCHaai Team aai@switch.ch Agenda What is Federated Identity Management? What is a Federation? The SWITCHaai Federation Interfederation 2 Evolution of Identity Management
More informationCIMA Asia. Interactive Timetable Live Online
CIMA Asia Interactive Timetable 2017 2018 Live Online Version 1 Information last updated 09 October 2017 Please note: Information and dates in this timetable are subject to change. CIMA Cert BA Course
More information10997: Office 365 Administration and Troubleshooting
Short Course Outline 10997: Office 365 Administration and Troubleshooting Course Overview This is a three-day Instructor Led Training (ILT) course that targets the needs of information technology (IT)
More informationFGCP/S5. Introduction Guide. Ver. 2.3 FUJITSU LIMITED
FGCP/S5 Introduction Guide Ver. 2.3 FUJITSU LIMITED FGCP/S5 Instruction Guide Ver. 2.3 Date of publish: July, 2012 All Rights Reserved, Copyright FUJITSU LIMITED No reproduction or republication without
More informationENHANCING PUBLIC WIFI SECURITY
ENHANCING PUBLIC WIFI SECURITY A Technical Paper prepared for SCTE/ISBE by Ivan Ong Principal Engineer Comcast 1701 John F Kennedy Blvd Philadelphia, PA 19103 215-286-2493 Ivan_Ong@comcast.com 2017 SCTE-ISBE
More informationSoftware Version 5.0. Administrator Guide Release Date: 7th April, InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104
Software Version 5.0 Administrator Guide Release Date: 7th April, 2015 InCommon c/o Internet2 1000 Oakbrook Drive, Suite 300 Ann Arbor MI, 48104 Table of Contents 1 Introduction to InCommon Certificate
More informationMulti-Factor Authentication (MFA) Interoperability Profile. Karen Herrington, Virginia Tech David Walker, Internet2 September 26, 2016
Multi-Factor Authentication (MFA) Interoperability Profile Karen Herrington, Virginia Tech David Walker, Internet2 September 26, 2016 1 Mission Working group formed at the request of the Assurance Advisory
More informationeidas cross-sector interoperability
eidas cross-sector interoperability Christos Kanellopoulos GRNET edugain SG October 13 th, 2016 Background information 2013 - STORK-2 collaboration (GN3Plus) 2014-07 Adoption of the eidas Regulation 2014-09
More informationRADIUS Authentication and Authorization Technical Note
RADIUS Authentication and Authorization Technical Note VERSION: 9.0 UPDATED: July 2017 Copyright Notices Copyright 2002-2017 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti Piero[at]studioreti.it 802-1-X-EAP-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright
More information70-742: Identity in Windows Server Course Overview
70-742: Identity in Windows Server 2016 Course Overview This course provides students with the knowledge and skills to install and configure domain controllers, manage Active Directory objects, secure
More informationNMI End-to-End Diagnostic Advisory Group BoF. Spring 2004 Internet2 Member Meeting
NMI End-to-End Diagnostic Advisory Group BoF Spring 2004 Internet2 Member Meeting Progress Report Outline Review of goals Problem analysis from the perspective of the user Survey Architecture Event data
More informationHigher Education PKI Initiatives
Higher Education PKI Initiatives (Scott Rea) Securing the ecampus - Hanover NH July 28, 2009 Overview What are the drivers for PKI in Higher Education? Stronger authentication to resources and services
More informationSWITCHpki Service Launch The SWITCHpki Team
SWITCHpki Service Launch The SWITCHpki Team pki@switch.ch http://www.switch.ch/pki/ 2004 SWITCH Overview Introduction CA Structure Roles, Entities Service Options Example SwissSign Introduction Outlook:
More informationFederated Identity Management
Federated Identity Management SWITCHaai Team aai@switch.ch Agenda What is Federated Identity Management? 2 What is a Federation? The SWITCHaai Federation Interfederation Evolution of Identity Management
More informationISE Primer.
ISE Primer www.ine.com Course Overview Designed to give CCIE Security candidates an intro to ISE and some of it s features. Not intended to be a complete ISE course. Some topics are not discussed. Provides
More informationGuide to Configuring eduroam Using the Aruba Wireless Controller and ClearPass RADIUS
Guide to Configuring eduroam Using the Aruba Wireless Controller and ClearPass RADIUS Best Practice Document Produced by the UNINETT-led Campus Networking working group Authors: Tom Myren (UNINETT), John-Egil
More informationCCIE Wireless v3.1 Workbook Volume 1
CCIE Wireless v3.1 Workbook Volume 1 Table of Contents Diagrams and Tables 7 Topology Diagram 7 Table 1- VLANs and IP Subnets 8 Table 2- Device Management IPs 9 Table 3- Device Credentials 10 Table 4-
More informationglobus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory
globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory Computation Institute (CI) Apply to challenging problems Accelerate by building the research
More informationIntroduction to eduroam
Introduction to eduroam eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community. Poll Brief History eduroam initiative
More informationPROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationConfiguring FlexConnect Groups
Information About FlexConnect Groups, page 1, page 3 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 8 Information About FlexConnect Groups To organize and manage your FlexConnect access points,
More informationCisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)
Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS) HOME SUPPORT PRODUCT SUPPORT WIRELESS CISCO 4400 SERIES WIRELESS LAN
More informationHow to Survive the Zombie Apocalypse
How to Survive the Zombie Apocalypse Ian A. Young SDSS, EDINA, University of Edinburgh ian@iay.org.uk FAM10, Cardiff, 06-Oct-2010 From an image by Watt_Dabney on Flickr, licensed CC-BY-SA 2.0 Quick Answer
More informationIntegrate the Cisco Identity Services Engine
This chapter contains the following sections: Overview of the Identity Services Engine Service, on page 1 Identity Services Engine Certificates, on page 2 Tasks for Certifying and Integrating the ISE Service,
More informationConfiguring EAP for Wireless Network Connectivity By Victor Zapata
Configuring EAP for Wireless Network Connectivity By Victor Zapata Requirements: 1. Windows 2000 Domain Controller Service Pack 2 with hotfixes Q306260 and Q304347 OR Service Pack 3 2. Enterprise Certificate
More informationAttribute Aggregation in Federated Identity Management. David Chadwick, George Inman, Stijn Lievens University of Kent
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent Acknowledgements Project originally funded by UK JISC, called Shintau http://sec.cs.kent.ac.uk/shintau/
More informationUsing the Cisco Unified Wireless IP Phone 7921G Web Pages
CHAPTER 4 Using the Cisco Unified Wireless IP Phone 7921G Web Pages You can use the Cisco Unified Wireless IP Phone 7921G web pages to set up and configure settings for the phone. This chapter describes
More informationCIMA Asia. Interactive Timetable Live Online
CIMA Asia Interactive Timetable 2018 Live Online Information version 8 last updated 04/05/18 Please note information and dates are subject to change. Premium Learning Partner 2018 CIMA Cert BA Course Overview
More informationNew Windows build with WLAN access
New Windows build with WLAN access SecRep 24 17-18 May 2016 Ahmed Benallegue/Hassan El Ghouizy/Priyan Ariyansinghe ECMWF network_services@ecmwf.int ECMWF May 19, 2016 Introduction Drivers for the new WLAN
More informationCILogon. Federating Non-Web Applications: An Update. Terry Fleury
Federating Non-Web Applications: An Update Terry Fleury tfleury@illinois.edu This material is based upon work supported by the National Science Foundation under grant number 0943633. Any opinions, findings,
More informationOpen Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014
The enabler of solutions Alexander Summerer, Giesecke & Devrient 30th Oct. 2014 SIMalliance Allows usage of Secure Elements in Mobile Devices Designed for Open Handset OS platforms Common API for Apps
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationPKI Platform for Campus Information Systems Using Cloud-based Finger Vein Authentication and PBI
868 Hitachi Review Vol. 65 (2016), No. 2 Featured Articles PKI Platform for Campus Information Systems Using Cloud-based Finger Vein Authentication and PBI Tsutomu Imai Kenta Takahashi, Ph.D. Takeshi Kikuchi
More informationNetwork Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017
Network Security: WLAN Mobility Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017 Outline Link-layer mobility in WLAN Password-based authentication for WLAN Eduroam case study 2 LINK-LAYER
More informationCisco TelePresence Device Authentication on Cisco VCS
Cisco TelePresence Device Authentication on Cisco VCS Deployment Guide Cisco VCS X8.5 December 2014 Contents About device authentication 4 Authentication policy 6 Configuring VCS authentication policy
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationNetwork Deployments in Cisco ISE
Cisco ISE Network Architecture, page 1 Cisco ISE Deployment Terminology, page 2 Node Types and Personas in Distributed Deployments, page 2 Standalone and Distributed ISE Deployments, page 4 Distributed
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More informationConfiguring the Client Adapter through the Windows XP Operating System
APPENDIX E Configuring the Client Adapter through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationImplementing Security in Windows 2003 Network (70-299)
Implementing Security in Windows 2003 Network (70-299) Level 1 Authorization & Authentication 2h 20m 20s 1.1 Group Strategy 1.2 Group Scopes 1.3 Built-in Groups 1.4 System or Special Groups 1.5 Administrating
More informationOffice 365 Administration and Troubleshooting
Office 365 Administration and Troubleshooting Course 10997A 3 Days Instructor-led, Hands on Course Information This is a three-day Instructor Led Training (ILT) course that targets the needs of information
More informationGN2 JRA5: Roaming and Authorisation
GN2 JRA5: Roaming and Authorisation Jürgen Rauschenbach, DFN TF-NGN Athens 03/11/05 Introduction JRA5 builds a European Roaming Infrastructure (eduroamng) taking into account existing experience from the
More informationThis course provides students with the knowledge and skills to administer Windows Server 2012.
MOC 20411C: Administering Windows Server 2012 Course Overview This course provides students with the knowledge and skills to administer Windows Server 2012. Course Introduction Course Introduction 6m Module
More informationFrom UseCases to Specifications
From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems Why Identity Related Services? Identity-enabling: Exposes identity
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationIntegration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)
Integration Guide PingFederate SAML Integration Guide (SP-Initiated Workflow) Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances,
More informationMajor SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication
More informationNATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Standardization of Entity Authentication Assurance 5th ETSI Security Workshop 20-2222 January 2010 ETSI, Sophia Antipolis, France Erika McCallister, Esq.,
More informationCourse Outline 20742B
Course Outline 20742B Module 1: Installing and configuring domain controllers This module describes the features of AD DS and how to install domain controllers (DCs). It also covers the considerations
More informationCertificate Management
Certificate Management This guide provides information on...... Configuring the NotifyMDM server to use a Microsoft Active Directory Certificate Authority... Using Certificates from Outside Sources...
More information"Charting the Course B Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Course Summary
Course Summary Description This course will provide you with the knowledge and skills to configure and manage a Microsoft Exchange Server 2010 messaging environment. This course does not require previous
More informationCA SiteMinder Federation
CA SiteMinder Federation Legacy Federation Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationHow to connect your device using eduroam
How to connect your device using eduroam Banaras Hindu University is now fully covered under eduroam, a service with more than 70,000 member academic institutions worldwide. This service allows authorized
More informationConfiguring Local EAP
Information About Local EAP, page 1 Restrictions on Local EAP, page 2 (GUI), page 3 (CLI), page 6 Information About Local EAP Local EAP is an authentication method that allows users and wireless clients
More informationMonitoring of RADIUS infrastructure
Monitoring of RADIUS infrastructure Marko Eremija User Services Engineer CNMS 2016, Prague 25-26 April 2016 eduroam in Serbia eduroam project in Serbia started at the end of 2009 Process of connecting
More informationEnabling and Managing Office 365
20347 - Enabling and Managing Office 365 Duration: 5 Days Course Price: $2,975 Software Assurance Eligible Course Description About this Course This is a 5-day instructor-led training (ILT) course that
More informationM20742-Identity with Windows Server 2016
M20742-Identity with Windows Server 2016 Course Number: M20742 Category: Technical Microsoft Duration: 5 days Certification: 70-742 Overview This five-day instructor-led course teaches IT Pros how to deploy
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Okanagan College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationSecurity Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router
Security Enhanced IEEE 802.1x Method for WLAN Mobile Router Keun Young Park*, Yong Soo Kim*, Juho Kim* * Department of Computer Science & Engineering, Sogang University, Seoul, Korea kypark@sogang.ac.kr,
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationShibboleth authentication for Sync & Share - Lessons learned
Shibboleth authentication for Sync & Share - Lessons learned Enno Gröper Abteilung 4 - Systemsoftware und Kommunikation Computer- und Medienservice Humboldt-Universität zu Berlin 30 Jan 2018 Overview Introduction
More informationMOC 20411B: Administering Windows Server Course Overview
MOC 20411B: Administering Windows Server 2012 Course Overview This course is part two in a series of three courses that provides the skills and knowledge necessary to implement a core Windows Server 2012
More informationFixed and wireless broadband mapping in Belgium
Belgian Institute for Postal Services and Telecommunications Fixed and wireless broadband mapping in Belgium Broadband mapping Conference in Warsaw, Poland, 11-12 April, 2016 BIPT Agenda Objectives Roadmap
More informationINDIGO AAI An overview and status update!
RIA-653549 INDIGO DataCloud INDIGO AAI An overview and status update! Andrea Ceccanti (INFN) on behalf of the INDIGO AAI Task Force! indigo-aai-tf@lists.indigo-datacloud.org INDIGO Datacloud An H2020 project
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Concordia University of Edmonton Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that
More informationCisco VCS Authenticating Devices
Cisco VCS Authenticating Devices Deployment Guide First Published: May 2011 Last Updated: November 2015 Cisco VCS X8.7 Cisco Systems, Inc. www.cisco.com 2 About Device Authentication Device authentication
More informationIAM Project Overview & Milestones
IAM Project Overview & Milestones TABLE OF CONTENTS IAM PROJECT SUCCESS FACTORS 3 PROJECT SCOPE 3 IN SCOPE 3 OUT OF SCOPE 4 IAM NOW VS. FUTURE 5 IAM NOW 5 IAM IN THE FUTURE 7 IAM PROJECT END STATE 8 ACCESS
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationRevision 2 of FIPS 201 and its Associated Special Publications
Revision 2 of FIPS 201 and its Associated Special Publications Hildegard Ferraiolo PIV Project Lead NIST ITL Computer Security Division Hildegard.ferraiolo@nist.gov IAB meeting, December 4, 2013 FIPS 201-2
More informationUsing PEAP and WPA PEAP Authentication Security on a Zebra Wireless Tabletop Printer
Using PEAP and WPA PEAP Authentication Security on a Zebra Wireless Tabletop Printer Q. What is PEAP? A. Protected Extensible Authentication Protocol is an IEEE 802.1x EAP security method that uses an
More information