1 / 27

Project Moonshot

Project Moonshot. Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki. Project Moonshot. Background. Why Janet?. Trusted provider of mission-critical network services to the UK education & research community Expertise in developing and operating AAI

Download Presentation

Project Moonshot

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki

  2. Project Moonshot Background

  3. Why Janet? • Trusted provider of mission-critical network services to the UK education & research community • Expertise in developing and operating AAI • Demand from both internal and external customers

  4. Goals

  5. Vision To deliver a unified approach for securing access to any service or application– enabling new opportunities, business models and cost efficiencies.

  6. Project Moonshot Use cases

  7. Science & Technology Facilities Council • Operates the UK’s National Grid Service • X.509 authentication too complex for users • Goal to simplify authentication across distributed computing Grids “We aim to streamline access services using Moonshot technology, which will take the burden of authentication out of the hands of our users.” Dr Peter Oliver, Group Leader, Science and Technology Facilities Council

  8. Diamond Light Source • The UK’s national synchrotron facility • Piloting the use of Moonshot within the PANDATA project, which supports 30,000 scientists at more than 20 photon and neutron facilities “Moonshot has thought beyond websites, and looked at what is really required in authentication – right down to the point when you open your laptop to begin work.” Bill Pulford, Head of DASC, Diamond Light Source

  9. Cancer Research UK • Cancer Research UK is the world’s leading charity dedicated to beating cancer through research. • The institutes form ad hoc relationships to collaborate for research purposes, but when the need arises to share data and documents, each institute can only authenticate within their own organisation. “Moonshot is a valuable enabler for Cancer Research across the UK. It will make collaboration systems easy to build internally so that we can quickly share large data sets between institutes, without complicating the management of that system.” Peter Maccallum, Head of IT & Scientific Computing, CRUK Cambridge Research Institute

  10. Janet Brokerage • Work with the community and suppliers to provide solutions based on IT as a service, facilitating the uptake of data centre, hosted and cloud services. • Create efficiencies and cost savings • Accelerate and improve services and add value • Reduce risk in adopting new services • Address technical and business questions • Create a competitive market based on sound technical platforms

  11. Moonshot& Hosted Exchange PoC • A number of Universities running student but not staff email due to privacy issues • Create a hosted Exchange with Moonshot components integrated • Creates an interesting usage model for suppliers and users • Sets an example to the two major cloud providers

  12. Some key challenges • Federated authentication for web and other applications • Different deployment models: centralised, distributed & cloud (private, public& hybrid). • Need to easily use different types of credentials • Federated authentication to workstations, not just apps • Massive scale – at least tens of millions of entities

  13. Project Moonshot Technology overview

  14. Underlying technologies • Moonshot builds on the eduroam technologies • EAP (RFC 3748): strong mutual authentication • RADIUS (RFC 2865): federation between domains • To this, Moonshot adds • SAML, for rich authorisation semantics • Application integration, using operating system security APIs • SSPI: Windows • GSS-API (RFC 2078): Other operating systems • SASL (RFC 4422): Windows and other operating systems • This architecture is being standardised within the IETF Abfab working group

  15. Architecture (1) Credentialing (5) Attributes (3) Authentication (6) SSH session SSH client SSH server RADIUS server (2) SSH negotiation (4) RADIUS OpenSSH used as example of application; many others also apply

  16. Deployment requirements • Most HE organisations are nearly Moonshot-ready today • RADIUS authentication server at user organisation • Any RADIUS product should support pre-production testing today • Option to integrate RADIUS server with Shibboleth IdP • Logical connection to national RADIUS infrastructure • Already implemented in most cases (shared with eduroam) • Moonshot client and server plug-in • Linux: packaging available for Debian&RHEL; Scientific Linux soon • Windows: native support using prototype plugin • Mac: Packaging almost complete for Snow Leopard and Lion

  17. Application integration • Most modern applications use at least one of the security APIs supported by Moonshot • Correctly written applications will ‘just work’ without modification or recompilation • Less correctly written applications may require minor source modifications

  18. PuTTY against OpenSSH

  19. IE7 against Apache

  20. Outlook 2010 against Exchange 2010

  21. Outlook 2010 against Exchange 2010

  22. Examples of other tested scenarios • OpenSSH client  OpenSSH server (GSS) • OpenLDAP client  OpenLDAP server (GSS) • OpenLDAP client (GSS)  Windows Active Directory (SSPI) • Firefox  Apache (GSS) • Internet Explorer  IIS (SSPI) • MyProxy client  MyProxy server (SASL) • Adium  Jabberd (SASL) • Console authentication using PAM on Linux (GSS) and SSPI on Windows

  23. Project Moonshot Technology pilot

  24. Janet Moonshot Technology Pilot Goals • To test the suitability of the Moonshot technology for deployment, focusing on e-Research use cases • To identity what further work is needed to support the wider community’s use of the technology • To plan, implement or support this additional work

  25. Current status • Pilot operating using Janet’s eduroam infrastructure • Software ready for pre-production testing • Production-quality environment due Q1 2012 • IETF standardisation approaching completion • On-going discussions with OS and application vendors

  26. Conclusions • Next generation federation technology that meets the needs of advanced use cases • Builds on widely deployed infrastructure (RADIUS & SAML) and operating system extensibility • Cross-platform implementation ready for pre-production testing • Correctly written applications ‘just work’ • Architecture being standardised within IETF • Janet will review progress of Technology Pilot in 2012 Q2, and consider a formal offering to its customers in the future

  27. Project Moonshot Q & A

More Related