1 / 12

Expanding eduroam in Asian countries * What is eduroam * eduroam JP update * R&D on DEAS

33rd APAN meeting Feb. 16, 2012, Chiang Mai. Expanding eduroam in Asian countries * What is eduroam * eduroam JP update * R&D on DEAS. Hideaki Sone NII / Tohoku University, Japan. Ready. Congratulations!. is. What is eduroam?.

josie
Download Presentation

Expanding eduroam in Asian countries * What is eduroam * eduroam JP update * R&D on DEAS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 33rd APAN meeting Feb. 16, 2012, Chiang Mai Expanding eduroam in Asian countries * What is eduroam* eduroam JP update* R&D on DEAS Hideaki Sone NII / Tohoku University, Japan Ready Congratulations! is

  2. What is eduroam? eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community. eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop. http://www.eduroam.org/ student / staff Inst. A Home inst. Internet Inst. B eduroam promotion video by AARNet

  3. Who operates eduroam • The eduroam service started as a pilot under the auspices of TERENA. • 4 regional operators • About 50 countries worldwide • 7 members in Asia Pacific • GeGC(Global eduroam Governance Committee)has been organized (2010). • 7 voting members: EU(3), US, CA, AP(2) • “Compliance Statement” compilation is under way. • service definitions, technical standards

  4. eduroam deployments in Asia Pacific • Hosting by a nearby country works well as an incubator. • Hosting is quite beneficial for countries having a smallnumber of institutions. steady growth 8 joined in 2010, 10 more in 2011

  5. eduroam JP • National eduroam operation and promotion • 27 institutions (2% of 1,200) joined(Dec. 2011) • 17 (2010), 9 (2009) • Tutorial & technical documents • R&D • Easy deployment and operation • Location privacy, etc. • Collaboration with commercialW-ISPs • eduroam on commercial hotspots • Shared hotspots on campus • New architecture and business models for next-generation commercial / academic WLAN services

  6. eduroam / ISP collaboration • Livedoor, an ISP in Japan, provides eduroam service on their commercial hotspots • 130+ in-door APs at cafes, conference sites and some large shops in and around Tokyo • 2,200+ out-door APs on power poles in central Tokyo • eduroam-livedoor is now available on the streets • provides Campus Network solution with eduroam • Commercial WLAN service using univ. APs • shared AP, experimental • Negotiations are under way with some other ISPs / carriers

  7. eduroam in disaster-affected campuses • Borderless eduroam helped suffering staff • Nomadic network in temporary evacuation campus • Tohoku University faced the big earthquake in March. • Many buildings were severely damaged. • Staff moved to other buildings where networks are operated by different departments. • eduroam is an effective rescue for them to use network --- Inter-department roaming network

  8. Difficulties in expanding eduroam in JP • Problems • Difficulties in large-scale RADIUS deployment • 1200 institutions in Japan → 1200 branches in RADIUS tree • Laborious eduroam connection / management work • Our solutions • Federated Delegate Authentication System (DEAS) with centralized/clustered RADIUS server • remove RADIUS IdP at each institution • Federation using Shibboleth SSO • simplify RADIUS tree (→ higher stability) • Web-based eduroam IdP / SP management system • simplify connection and administration at both the eduroam JP office and each institution

  9. Easy-to-join eduroam system 2. eduroam IdP/SP management web Institution’sRADIUS server national top-level <secret key 1> access points RADIUS proxy auth requests <secret key 2> RADIUS IdP 1. Delegate Authentication System (DEAS)

  10. Federated Delegate Authentication System • Account Issuer as a Shibboleth SP of Japan’s GakuNin federation (f.k.a. UPKI federation) • Centralized / Clustered eduroam IdP to simplify the RADIUS proxy tree • 3 types depending on the needs and federation level • Authenticated access with pseudo-anonymized, fixed-term, and traceable roaming IDs

  11. Before & After DEAS • Huge RADIUS tree can be replaced by single RADIUS which works as an SP for member institutions th jp th jp DEAS SP Shib. A B C D A B C D IdP IdP AP RADIUS AP User IdP User@D.jp eduroam RADIUS tree Centralized RADIUS

  12. Current status (as of Feb. 2011) • Univ. A, B : clients of Livedoor (ISP), using for main IdP • Univ. C : using for university’s sub IdP • Univ. D, E : trial use of eduroam

More Related