EDUROAM Michael Helm ESnet LBL 26 Mar 2006 Eduroam

Зарегистрируйтесь, чтобы просмотреть полный документ!

EDUROAM Michael Helm ESnet/LBL 26 Mar 2006 Eduroam TAGPMA 27 Mar 2006

What Is Eduroam? • The Roaming Scholar vs the Restricted Wireless Network – I am in a strange place, and I need to log in to your network; you want me to do this, but how can you permit it? – Need locally-usable credentials to authorize network services – Typical application is wireless networking • Evolution of approaches Ø 802. 11 -> 802. 1 x – Web-based authentication (eg Hotels) – Distributed VPNs Eduroam TAGPMA 27 Mar 2006 2

What Is Eduroam? (2) • EU – Terena Mobility WG • http: //www. eduroam. org • Hierarcy of RADIUS servers – RADIUS = RFC 2865 – Widely deployed in campuses & industry – Eduroam root at SURFnet in NL – EU NRENs have national roots &c – Non EU – AU, US*, maybe other Asia Eduroam TAGPMA 27 Mar 2006 3

Eduroam - current Eduroam TAGPMA 27 Mar 2006 4

Eduroam - Current Eduroam TAGPMA 27 Mar 2006 5

eduroam. us FWNA – I 2 • Determined basic specs – RADIUS hierarchy modeled after current European eduroam network – Requires use of 802. 1 x • Experimental service in place – Top level servers at UTK, Merit – Connecting servers to Europe, Asia • Finalizing “registration” system – Web-based service that will allow institutions to connect easily Eduroam TAGPMA 27 Mar 2006 6

802. 1 x, RADIUS and EAP Top-Level Server 1 RADIUS server at visited institution RADIUS server at home institution Access Point EAP client Eduroam Userid store at home institution TAGPMA 27 Mar 2006 7

802. 1 x, RADIUS and EAP • 802. 1 x and RADIUS serve as transport mechanisms for EAP authentication • 1 x and RADIUS facilitate a conversation between two items controlled by the user and his organization: EAP client and campus RADIUS server Eduroam TAGPMA 27 Mar 2006 8

Top-level server interaction Top-Level Server 2 Top-Level Server 1 RADIUS configuration and routing data • Top-level servers draw configs from a central store of data, based on registration • Thus they remain in synch, but do not otherwise directly communicate Eduroam TAGPMA 27 Mar 2006 9

Eduroam Development • Many instances, but not yet ubiquitous • City-State of CERN? • EU eduroam success leads to eduroam. NG – Need to exchange attributes – Service discovery – Weaknesses of RADIUS in these areas + security concerns • (Teaser for KW & PH slide decks) Eduroam TAGPMA 27 Mar 2006 10

Outlook • Grid application? (Other networks? ) • PKI support – EAP clients – RADIUS router & ID Provider support • Useful for our collaboration • Acknowledgements: Most of the material in this deck is from Klaas Wierenga (at one remove) and Kevin Miller & Philippe Hanset (FWNA-I 2) Eduroam TAGPMA 27 Mar 2006 11

Скачать презентацию EDUROAM Michael Helm ESnet LBL 26 Mar 2006 Eduroam

51e51ab772a1aa5648c064bf0e408dec.ppt

Количество слайдов: 11