1 / 8

The DAMe’s First Steps: eduroam and NAS-SAML

Explore the DAMe project, which enhances eduroam with NAS-SAML, a network access control approach based on SAML and XACML standards. Connect, communicate, and collaborate with improved user mobility control and universal single sign-on. Integrating applications and focusing on grids for secure authentication.

jamescarpenter
Download Presentation

The DAMe’s First Steps: eduroam and NAS-SAML

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The DAMe’s First Steps:eduroam and NAS-SAML Diego R. Lopez - RedIRIS

  2. Deploying Authorization Mechanisms for Federated Services in eduroam (DAMe) • DAME is a project that builds upon: • eduroam, which defines an inter-NREN roaming architecture based on AAA servers (RADIUS) and the 802.1X standard, • Shibboleth and eduGAIN • NAS-SAML, a network access control approach for AAA environments, developed by the University of Murcia (Spain), based on SAML (Security Assertion Markup Language) and XACML (eXtensible Access Control Markup Language) standards.

  3. Connect. Communicate. Collaborate Supplicant Authenticator (AP or switch) RADIUS server University A RADIUS server University B User DB User DB eduroam Central RADIUS Proxy server First Goal: Extension of eduroam using NAS-SAML First Goal: extNA Policy Decision Point Source Attribute Authority XACML Gast piet@university_b.nl • User mobility controlled by assertions and policies expressed in SAML and XACML Signaling data SAML

  4. Connect. Communicate. Collaborate First Goal: extNA Second Goal: eduGAIN as AuthN and AuthR Backend • Link between the AAA servers (now acting as Service Providers) and eduGAIN

  5. Connect. Communicate. Collaborate Third Goal: Universal Single Sign On • Users will be authenticated once, during the network access control phase • The eduGAIN authentication would be bootstrapped from the NAS-SAML • New method for delivering authentication credentials and new security middleware • 4th goal: integrating applications, focusing on grids.

  6. Connect. Communicate. Collaborate eduroam + NAS-SAML Independent AuthR

  7. Connect. Communicate. Collaborate eduroam + NAS-SAML Merged AuthR

  8. eduroam+NAS-SAML in Context • The proposal is functionally equivalent to the one discussed in SALSA-FWNA for RADIUS-SAML integration • Compatibility and convergence are the natural way forward • NAS-SAML is • From the inter-realm view, a Diameter binding for SAML • Already available, thus allowing for fast evaluation of ideas • Agree in the basics • Data (NameIdentifier?) exchanged in RADIUS space • Relevant attributes

More Related