JRA5: Roaming and Authorisation

Similar documents
eduroam und andere Themen in GN2-JRA5

GN2 JRA5: Roaming and Authorisation

GN2 JRA5: Roaming and Authorisation - recent results

Connect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team

GN4-2 SA2 Kick-Off Meeting Amsterdam/NL 30/

FEDERICA Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

Deliverable DJ Inter-NREN roaming technical specification document

Introduction to FEDERICA

AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

NORDUnet GN3. Next Generation Network in Europe. Click to edit Master subtitle style. Lars Fischer SUNET TREFFpunkt

EUMEDCONNECT3 and European R&E Developments

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

TERENA, the NRENs, GÉANT & promoting Campus Best Practice

Service Delivery and Operations Report

GÉANT2 Security: Year 1 (aka JRA2)

education federation CUC 2005, Dubrovnik High-quality Internet for higher education and research

GN3 PROJECT. Karel Vietsch, TERENA GN3/NA3/T4 Campuses Best Practice meeting, Trondheim, May connect communicate collaborate

TF-VVC is not directly related with any of the GN2 JRA s, but in some activity areas the task force is collaborating with the GN2 JRA1 and JRA5.

perfsonar Update Jason Zurawski Internet2 March 5, 2009 The 27th APAN Meeting, Kaohsiung, Taiwan

A collaboration overview: From TF-VSS to GN2 SA6

Network Virtualization for Future Internet Research

Results from the EARNEST Technical Study

Géant-TrustBroker Dynamic inter-federation identity management

New trends in Identity Management

Managing the lifecycle of XACML delegation policies in federated environments

RESEARCH NETWORKS & THEIR ROLE IN e-infrastructures

GÉANT-TrustBroker project overview

The challenges of (non-)openness:

GÉANT Community Programme

The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus?

A Profile of European NREN s. Marko Bonač ARNES, Slovenia

Moonshot. Workshop on Federated Identity and (OpenStack) Cloud Services - SWITCH

Deliverable D8.4 Certificate Transparency Log v2.0 Production Service

EGEE (JRA4) Loukik Kudarimoti DANTE. RIPE 51, Amsterdam, October 12 th, 2005 Enabling Grids for E-sciencE.

1.3 More information about eduroam is available at the relevant eduroam Service Provider (ESP) website detailed in Schedule 1 of this document.

WP JRA1: Architectures for an integrated and interoperable AAI

Deliverable D3.1 NREN Satisfaction Survey

TF-EMC2 Meeting March Florence, Italy

Multi-Domain Management:

Using tunnels and three party authentication to improve roaming security

DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,

Géant-TrustBroker Project Overview

AutoBAHN Provisioning guaranteed capacity circuits across networks

Authenticated Wireless Roaming via Tunnels

Advancing European R&E through collaboration

Net Edu Romanian Education Network

Deliverable D3.4 Case Study: Report on Two Cases of User Account Management,

Federated Identities and Services: the CHAIN-REDS vision

Sustainability in Federated Identity Services - Global and Local

GÉANT: Supporting R&E Collaboration

Need eduperson SCHAC. eduperson and SCHAC. sending attributes outside your organization. Victoriano Giralt

TF-EMC2 Meeting: 3-4 December 2008 Utrecht, the Netherlands Licia Florio. Table of Contents

Multi-Domain VPN service, a seamless infrastructure for Regional Network, NRENs and GEANT

Milestone MS83 (DS5.4.1): Federation as a Service - Market Analysis and Pilot Service Definition

Deliverable D14.1 (DJ3.0.1) Report on the Achievements and Recommendations for any Future Work

Greek Research and Technology Network. Authentication & Authorization Infrastructure. Faidon Liambotis. grnet

GÉANT Services Supporting International Networking and Collaboration

Interconnected NRENs in Europe & GÉANT: Mission & Governance Issues

Minutes of the 23rd TF-Mobility & Network Middleware Meeting

GN3plus External Advisory Committee. White Paper on the Structure of GÉANT Research & Development

Intro to Federated Iden2ty with eduroam and edugain

Next Generation Networking in and FEDERICA

GÉANT Mission and Services

Deliverable DS2.1.1: Multi-Domain Service Architecture

Integrating Federations in the International Grid Trust Fabric

GÉANT and other projects Update

Victoriano Giralt welcomed the participants on behalf of the University of Malaga. Introduction and ECAM announcement (Diego Lopez)

Attribute Release. Contractual Matters

NM-WG Specification Adoption in perfsonar. Aaron Brown, Internet2, University of Delaware Martin Swany University of Delaware, Internet2

eidas cross-sector interoperability

IPv6 Deployment in European National Research and Education Networks (NRENs)

Introduction to Identity Management Systems

Federated POP: a successful real-world collaboration

Wireless access for Oxford University Staff on Oxfordshire NHS sites

Draft minutes of the 20th TF-Mobility Meeting

Network. 3.1 Core Capacity on the network. TERENA Compendium of Research and Education Networks in Europe / Network. Page 27

Mobility Workshop TERENA, Amsterdam March 06, Meeting report by: Licia FLORIO, TERENA March 12, Participants List

FileSender Update. blog.filesender.org. Jan Meijer

2010 Kerberos Conference

nrenum.net An Update SIP.edu Call

GN3 Plus NA3-T3 Greening of ICT Services. Andrew Mackarel GN3+ NA3 T3 15th September 2014 Workshop Budapest

Technical Sub-Study Areas

GÉANT network and applications PENS workshop J-L Dorel European Commission

EUDAT. Towards a pan-european Collaborative Data Infrastructure. Damien Lecarpentier CSC-IT Center for Science, Finland EUDAT User Forum, Barcelona

ilight/gigapop eduroam Discussion Campus Network Engineering

GN4-1 SA8 Real Time Applications and Multimedia Management. Networks Services People 1

e-infrastructure for Research and Education in Georgia

e-infrastructures in FP7 INFO DAY - Paris

The 6DISS Project: IPv6 Dissemination and Exploitation. IPv6 Summit, Beijing, China 14/04/2006

Service Sharing at NORDUnet

Helix Nebula The Science Cloud

Towards Horizon The Enabling Users

GÉANT Support for Research Within and Beyond Europe

Deliverable reference number: D.4.1. AAA Architectures for multi-domain optical networking scenario's

Eduroam debugging. Gunnar Bøe, Campus Networks and Systems, UNINETT. connect communicate collaborate

Multi Domain Service Architecture for Heterogonous Networks A view from GÉANT 3 - SA2: Task 1

The 6NET project. An IPv6 testbed for the European Research Community

Future Internet Experiments over National Research & Education Networks: The Use Cases of FEDERICA & NOVI over European NRENs - GÉANT

Transcription:

JRA5: Roaming and Authorisation Jürgen Rauschenbach, DFN-Verein 7 th TF-EMC2 Meeting, Malaga 16 17 October 2006

Introduction JRA5 will build a European Roaming Infrastructure based on eduroam JRA5 will pilot and build the federated support for existing Authentication and Authorisation Infrastructures for Research and Education, this will be called edugain The combination of the two will allow for access to network and to services with a single login (SSO) Advanced technologies will be integrated into these infrastructures where appropriate JRA5 consists of the following main parts: Part 1: Roaming Part 2: AAI Part 3: SSO Part 4: Integration of advanced technologies

Introduction (2) Number of partners is 16 (NRENs), Number of participants has grown to 111 (mailing list), with contributions from around 30 active persons Partners are ARNES, CARNet/Srce, CESNET, Dante, DFN, FCCN, GRNET, HEANET, HUNGARNET, ISTF, NORDUnet (CSC, UNI-C, UNINETT, University of Umea), RedIRIS, RESTENA, SURFnet, SWITCH (different involvement in project parts) Collaboration/liaison with many groups: TF-Mobility, TF-EMC2, GN2 activities (JRA1, SA3, JRA3), international groups like eduroam gwg, SALSA FWNA (Internet2), MACE, TF-NGN, DICE, GGF, econcertation and projects: Akogrimo, EGEE2, Lobster

Year 2 - Objectives Preparation of the eduroam service (organisational) Technical enhancement of the current infrastructure Implementation of the components of the AAI architecture according to the specification and creation of test cases Development of a profile for the specific requirements of GN2 activities (JRA1 based right now) Definition of SSO requirements and provision of SSO concepts that match these requirements

Year 2 - Achievements Roaming achievements: GÉANT2 roaming policy and legal framework (DJ5.1.3,1) Integration of all JRA5 partners into the eduroam infrastructure eduroam confederation policy document (DJ5.1.3,2) Description of the eduroam architecture (DJ5.1.4) with the decision to bring RadSec on a standards track by writing an Internet-Draft for the IETF radext working group Discussion and draft of the 1 st version of the user guidelines document Roaming cookbook DJ5.1.5

JRA5 Transition to Service The first JRA5 service will be the eduroam confederation service According to our roadmap the service will start in April 2007 Users will be the NREN based eduroam federations, providing the service to end users in their member institutions The service will be conducted by the eduroamsa, that will establish the eduroam operational team (3-4 persons) for daily service handling. Funding from the GN2 budget will be requested for eduroamsa leader eduroam operational team members eduroamsa members on request (for the rollout phase only)

eduroam organisational structure dctqn`l onkhbx `tsgnqhsx MQDMOB dctqn`l rsddqhmf f qnt o dctqn`l R@ 'o`qshbho`shmf MQDM&r qdoqdrdmsdc( dctqn`l nodq`shnm`k sd`l

Eduroam participants

Eduroam RADIUS hierarchy confederation level servers (resilient).dk.pt federation (NREN) level servers inst-1 inst-2 inst-3 inst-4 institutional level servers tom@inst-1.dk

eduroamsa tasks eduroamsa is different from JRA5/TF Mobility, non-jra5ers are not only welcome, but needed! Main task of eduroamsa is to conduct the eduroam service: Diagnose tools and scripts to be used, integration of further results from JRA5/TF Mobility (RadSec, implementation of trust means, ) Further policy development in coordination with JRA5/TF Mobility Dissemination work, maintenance of the web pages, publication of graphs and statistics Support for new members, material for training events Assignment of the operational team

Year 2 Achievements (2) AAI achievements Specification of the AAI architecture (DJ5.2.2) Implementation of the AAI basic components (this resulted also in a number of changes leading to DJ5.2.2bis, that will be turned into an official JRA5 document in year 3) Start of implementation of bridging elements (Shibboleth, Liberty Alliance/FEIDE, PAPI) Development of the initial 2 profiles (web services, automated clients) Support of the GÉANT Identity Provider (GIdP) project 1 st version of the guidelines for connecting to edugain document AAI cookbook DJ5.2.3 provided

Linking federations with the means of edugain

Year 2 Achievements (3) SSO achievements Discussion of the SSO requirements and first draft of the requirements document DJ5.3.1 Establishment of the DAMe subproject (Deploying Authorization Mechanisms for Federated Services in eduroam), already started with University of Murcia and University of Stuttgart as partners of Red.es and DFN-Verein SSO changes Shifting some planned results to a later date and turning one document (SSO survey) into a milestone (internal document). This relates to the subproject DAMe that is supposed to provide input but will not produce an official JRA5 document in year 3.

Conclusions/Summary eduroam transition to service Rollout needs support AAI component implementation progressing Initial profiles defined Tests with real federations soon Forming an edugain confederation by adding a policy to the infrastructure is on the agenda SSO requirements and model under discussion DAMe started

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback