1 / 11

EDUROAM

EDUROAM. Michael Helm ESnet/LBL 26 Mar 2006. What Is Eduroam?. The Roaming Scholar vs the Restricted Wireless Network I am in a strange place, and I need to log in to your network; you want me to do this, but how can you permit it?

flint
Download Presentation

EDUROAM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EDUROAM Michael Helm ESnet/LBL 26 Mar 2006

  2. What Is Eduroam? • The Roaming Scholar vs the Restricted Wireless Network • I am in a strange place, and I need to log in to your network; you want me to do this, but how can you permit it? • Need locally-usable credentials to authorize network services • Typical application is wireless networking • Evolution of approaches • 802.11 -> 802.1x • Web-based authentication (eg Hotels) • Distributed VPNs TAGPMA 27 Mar 2006

  3. What Is Eduroam? (2) • EU – Terena Mobility WG • http://www.eduroam.org • Hierarcy of RADIUS servers • RADIUS = RFC 2865 • Widely deployed in campuses & industry • Eduroam root at SURFnet in NL • EU NRENs have national roots &c • Non EU – AU, US*, maybe other Asia TAGPMA 27 Mar 2006

  4. Eduroam - current TAGPMA 27 Mar 2006

  5. Eduroam - Current TAGPMA 27 Mar 2006

  6. eduroam.usFWNA – I2 • Determined basic specs • RADIUS hierarchy modeled after current European eduroam network • Requires use of 802.1x • Experimental service in place • Top level servers at UTK, Merit • Connecting servers to Europe, Asia • Finalizing “registration” system • Web-based service that will allow institutions to connect easily TAGPMA 27 Mar 2006

  7. 802.1x, RADIUS and EAP Top-Level Server 1 RADIUS server at visited institution RADIUS server at home institution Access Point EAP client Userid store at home institution TAGPMA 27 Mar 2006

  8. 802.1x, RADIUS and EAP • 802.1x and RADIUS serve as transport mechanisms for EAP authentication • 1x and RADIUS facilitate a conversation between two items controlled by the user and his organization: EAP client and campus RADIUS server TAGPMA 27 Mar 2006

  9. Top-level server interaction Top-Level Server 2 Top-Level Server 1 RADIUS configuration and routing data • Top-level servers draw configs from a central store of data, based on registration • Thus they remain in synch, but do not otherwise directly communicate TAGPMA 27 Mar 2006

  10. Eduroam Development • Many instances, but not yet ubiquitous • City-State of CERN? • EU eduroam success leads to eduroam-NG • Need to exchange attributes • Service discovery • Weaknesses of RADIUS in these areas + security concerns • (Teaser for KW & PH slide decks) TAGPMA 27 Mar 2006

  11. Outlook • Grid application? (Other networks?) • PKI support • EAP clients • RADIUS router & ID Provider support • Useful for our collaboration • Acknowledgements: Most of the material in this deck is from Klaas Wierenga (at one remove) and Kevin Miller & Philippe Hanset (FWNA-I2) TAGPMA 27 Mar 2006

More Related