Eduroam ng
Sponsored Links
This presentation is the property of its rightful owner.
1 / 14

Eduroam-ng PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on
  • Presentation posted in: General

Eduroam-ng. Klaas.Wierenga@surfnet.nl GN2 JRA5 Meeting Barcelona, 7 September 2005. The current eduroam hierarchy. AA traffic goes through all intermediate entries All links are peer-to-peer agreements / static routes Authentication = authorization. Authenticate for everything?.

Download Presentation

Eduroam-ng

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Eduroam-ng

Klaas.Wierenga@surfnet.nl

GN2 JRA5 Meeting

Barcelona, 7 September 2005


The current eduroam hierarchy

  • AA traffic goes through all intermediate entries

  • All links are peer-to-peer agreements / static routes

  • Authentication = authorization


Authenticate for everything?


Service attributes

  • eduroam-service-provider

    • SURFnet.nl

    • UVA.nl

  • eduroam-service-identifier

    • SVP

    • A-Select

    • WLAN

    • Dial-Up

  • eduroam-av-pair

    • Currently not used


Service attributes implementation

  • In RADIUS dictionary

    • VENDORATTR 1076 surfnet-avpair 1 string VENDORATTR 1076 service-identifier 2 string VENDORATTR 1076 service-provider 3 string

  • In the logging:

    Code: Access-Request

    […]

    service-identifier = “WLAN”

    service-provider = “uva.nl”


The tudelft.net/es.net/alfa-ariss.com/ysu.edu case

  • Where to connect?

  • Who is going to manage that?


Towards p2p trust?

  • Diameter

    • Implements everything we wants, or so it seems

    • Implementations not ready for production

  • DNSsec

    • New, hardly tested, requires adaptions to RADIUS servers

  • DNSROAM+RadSec

    • New, limited testing experience, supported in Radiator, not (yet?) in FreeRADIUS

  • How about eduGAIN?


RadSec + DNSROAM

  • RadSec: Secure Reliable Transport for RADIUS requests over TCP/IP using TLS

    • Encryption

    • Security

    • Message integrity

    • Strong mutual authentication

  • DNSROAM

    • Use DNS resource records to locate the peer


DNS-Roam?

RADSEC

  • DNSsec instead?


DNS-Roam mix and match

RADSEC


Discussion?


Status

  • Policy

  • Evaluation of possible roaming technologies


Planning

Deliverables

  • M15 DJ5.1.4 Roaming policy

  • M17 DJ5.1.5 Inter-NREN roaming technical specification document

  • M21 DJ5.1.6 Inter-NREN roaming infrastructure and service support description (cookbook 1st version)

    Milestones

  • M15 MJ5.1.1 Evaluation of possible roaming technologies and creation of Inter-NREN roaming architecture

  • M19 MJ5.1.3 Inter-NREN roaming infrastructure pilot

  • M22 MJ5.1.4 Inter-NREN roaming infrastructure rollout, test, and evaluation plan

  • M30 MJ5.1.5 Inter-NREN roaming pilot infrastructure operational

    Manpower

  • 37 MM of co-financed manpower.

  • The work item will be lead by SURFnet with participation from ARNES, CARNet, CESNET, DFN, FCCN, GRNET, HEAnet, HUNGARNET, ISTF, NORDUnet, RedIRIS, RESTENA, SWITCH and UKERNA.


Inter-NREN technical specification document

  • Architectural overview

  • Operational definitions

  • Protocols and profiles

  • Use cases

  • Security and privacy considerations


  • Login