1 / 12

Eduroam-ng roadmap

Eduroam-ng roadmap. JRA5 meeting Berlin, 3 june 2005 Klaas.Wierenga@surfnet.nl. Contents. Eduroam status Eduroam challenges Eduroam-ng. EduRoam. Supplicant. Authenticator (AP or switch). RADIUS server University A. RADIUS server University B. User DB. User DB. Gast

zev
Download Presentation

Eduroam-ng roadmap

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Eduroam-ng roadmap JRA5 meeting Berlin, 3 june 2005 Klaas.Wierenga@surfnet.nl

  2. Contents • Eduroam status • Eduroam challenges • Eduroam-ng

  3. EduRoam Supplicant Authenticator (AP or switch) RADIUS server University A RADIUS server University B User DB User DB Gast piet@university_b.nl SURFnet Commercial VLAN Employee VLAN Central RADIUS Proxy server Student VLAN • Trust based on RADIUS plus policy documents • 802.1X or Web-redirect signaling data

  4. Status of EduRoam

  5. Limitations • Technology • Static trust • Single points of failure • All authN and authZ traffic flows through hierarchy • Only hop by hop secure (unless tunneled authentication) • Policy • Not suitable for full service yet • Usability • Eduroam comes in many flavours • Where are the access points? • Management&Monitoring • Are all servers up and running? • Who is abusing the service? • AAI • How to integrate with the European AAI

  6. Eduroam-ng

  7. Technology: bypassing the hierarchy overhead? • AA traffic goes through all intermediate entries • All links are peer-to-peer agreements / static routes • DIAMETER? DNSsec?

  8. Policy • Minimal security level • 802.1X mandatory? • Levels of assertion • How many? • What are they? • Policy board

  9. Usability: standardisation, localisation, expansion • Standardisation • Limited set of encryption and SSID choices • Encryption: 802.1X+WEP, WPA+TKIP, WPA2 • SSID: eduroam (eduroam-wep, eduroam-wpa, eduroam-wpa2) • Eduroam-in-a-box • Localisation • Eduroam-around-the-corner • AP phonebook • Expansion • Integration with commercial roaming services • Expand beyond Europe (root servers?)

  10. Managing&Monitoring: usertracking & weathermap

  11. AAI Integration: offload AuthZ? • How do all these applications communicate? (SAML?) • Or should we do it inline?

  12. Roadmap • M15 DJ5.1.4 Roaming policy document • M15 MJ5.1.1 Results of testing alternative technologies Inter-NREN roaming architecture • M17 DJ5.1.5 Inter-NREN roaming technical specification document • M19 MJ5.1.3 Inter-NREN roaming infrastructure pilot • M21 DJ5.1.6 Inter-NREN roaming infrastructure and service support description (cookbook 1st version) • M22 MJ5.1.4 Inter-NREN roaming infrastructure rollout, test, and evaluation plan • M30 MJ5.1.5 Inter-NREN roaming pilot infrastructure operational • Manpower for second year: 37 MM of co-financed manpower • Carried out by SURFnet,ARNES, CARNet, CESNET, DFN, FCCN, GRNet, HEAnet, HUNGARNET, ISTF, NORDUnet, RedIRIS, Restena, SWITCH and UKERNA.

More Related