Eduroam ng
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Eduroam-ng PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on
  • Presentation posted in: General

Eduroam-ng. [email protected] GN2 JRA5 Meeting Barcelona, 7 September 2005. The current eduroam hierarchy. AA traffic goes through all intermediate entries All links are peer-to-peer agreements / static routes Authentication = authorization. Authenticate for everything?.

Download Presentation

Eduroam-ng

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Eduroam ng

Eduroam-ng

[email protected]

GN2 JRA5 Meeting

Barcelona, 7 September 2005


The current eduroam hierarchy

The current eduroam hierarchy

  • AA traffic goes through all intermediate entries

  • All links are peer-to-peer agreements / static routes

  • Authentication = authorization


Authenticate for everything

Authenticate for everything?


Service attributes

Service attributes

  • eduroam-service-provider

    • SURFnet.nl

    • UVA.nl

  • eduroam-service-identifier

    • SVP

    • A-Select

    • WLAN

    • Dial-Up

  • eduroam-av-pair

    • Currently not used


Service attributes implementation

Service attributes implementation

  • In RADIUS dictionary

    • VENDORATTR 1076 surfnet-avpair 1 string VENDORATTR 1076 service-identifier 2 string VENDORATTR 1076 service-provider 3 string

  • In the logging:

    Code: Access-Request

    […]

    service-identifier = “WLAN”

    service-provider = “uva.nl”


The tudelft net es net alfa ariss com ysu edu case

The tudelft.net/es.net/alfa-ariss.com/ysu.edu case

  • Where to connect?

  • Who is going to manage that?


Towards p2p trust

Towards p2p trust?

  • Diameter

    • Implements everything we wants, or so it seems

    • Implementations not ready for production

  • DNSsec

    • New, hardly tested, requires adaptions to RADIUS servers

  • DNSROAM+RadSec

    • New, limited testing experience, supported in Radiator, not (yet?) in FreeRADIUS

  • How about eduGAIN?


Radsec dnsroam

RadSec + DNSROAM

  • RadSec: Secure Reliable Transport for RADIUS requests over TCP/IP using TLS

    • Encryption

    • Security

    • Message integrity

    • Strong mutual authentication

  • DNSROAM

    • Use DNS resource records to locate the peer


Dns roam

DNS-Roam?

RADSEC

  • DNSsec instead?


Dns roam mix and match

DNS-Roam mix and match

RADSEC


Discussion

Discussion?


Status

Status

  • Policy

  • Evaluation of possible roaming technologies


Planning

Planning

Deliverables

  • M15 DJ5.1.4 Roaming policy

  • M17 DJ5.1.5 Inter-NREN roaming technical specification document

  • M21 DJ5.1.6 Inter-NREN roaming infrastructure and service support description (cookbook 1st version)

    Milestones

  • M15 MJ5.1.1 Evaluation of possible roaming technologies and creation of Inter-NREN roaming architecture

  • M19 MJ5.1.3 Inter-NREN roaming infrastructure pilot

  • M22 MJ5.1.4 Inter-NREN roaming infrastructure rollout, test, and evaluation plan

  • M30 MJ5.1.5 Inter-NREN roaming pilot infrastructure operational

    Manpower

  • 37 MM of co-financed manpower.

  • The work item will be lead by SURFnet with participation from ARNES, CARNet, CESNET, DFN, FCCN, GRNET, HEAnet, HUNGARNET, ISTF, NORDUnet, RedIRIS, RESTENA, SWITCH and UKERNA.


Inter nren technical specification document

Inter-NREN technical specification document

  • Architectural overview

  • Operational definitions

  • Protocols and profiles

  • Use cases

  • Security and privacy considerations


  • Login