Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project Moonshot Daniel Kouřil EGI Technical Forum 2010 www.project-moonshot.org.

Published byEsmond Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "Project Moonshot Daniel Kouřil EGI Technical Forum 2010 www.project-moonshot.org."— Presentation transcript:

1 Project Moonshot Daniel Kouřil EGI Technical Forum 2010 www.project-moonshot.org

2 Identity federation Goal: to allow users in one organisation to access resources in another, using their home credentials Requires additional infrastructure, trust and policy; this is often known as a “federation”. Significant benefits for users, and identity and service providers – Single sign-on for users, improving the user experience. – Makes it easier for identity providers to adhere to data protection legislation. – SSO reduces helpdesk burden for identity and service providers.

3 A federation providing wireless network access and roaming in > 50 countries. Allows users from participating institutes to obtain connectivity at other institutions using their „home“ credentials. AAI based on RADIUS and EAP – Credentials are protected. eduroam

4 SAML-based web federations SAML : an XML-based dialect to exchange security assertions (authN & authZ data) Becoming increasingly popular nowadays Based solely on HTTP and web – Internet 2 Shibboleth – Microsoft ADFS schema from SWITCH AAI

5 Moonshot authentication system Enables the use of identity federations and SAML for non-web applications Address some current issues of contemporary web-based federations A novel approach to establishing trust between actors Targeting the „core“ internet protocols – SSH, SMTP, IMAP, NFSv4, HTTP,...

6 Moonshot architecture Built on tested and proven „components“ – SAML, RADIUS, EAP, GSS-API Client Service ProviderIdentity Provider EAP lower layer (e.g. 802.11) EAP peer (Supplicant) EAP authen ticator EAP lower layer (e.g. 802.11) AAA client AAA server EAP server GSS-API Application (e.g. SFTP) GSS-API Application (e.g. SFTP) SAML IdP

7 Moonshot project First stages started cca in Spring 2010 – lead by JANET (UK) – kick-off meeting next week Co-funded by GN3 and JANET Participants have experience with all areas needed Strong focus on standardization – IETF WG (AbFab) to be established – several IETF drafts published

8 Goals planned To deliver – a standardised technical architecture. – production-quality open-source implementation. – packaged and shipped with Debian Linux (by August 2010). – a test-bed for interoperability testing. – high quality documentation. – an active community of users and developers. Highly ambitious but achievable.

9 Identity Federation Possible bright future Allow access from Org1 and Org2 Resources of Org1 and Org2 (CE, SE,...) GRAM, WMS, CREAM gridFtp SSH, NFSv4 Org 2Org 1 Org 3 Users‘ passwords are NOT exposed to the services Users don‘t need new credentials Authorization rules can utilize users‘ „home“ attributes Information about users is up-to- date Users do not need to register in advance - „home“ credentials (e.g., passwords) and Org3

10 Comments / questions? www.project-moonshot.org

Download ppt "Project Moonshot Daniel Kouřil EGI Technical Forum 2010 www.project-moonshot.org."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Abfab use-cases draft-ietf-abfab-usecases-00.txt Rhys Smith Mark Tysom Simon Cooper IETF80.

Abfab use-cases draft-ietf-abfab-usecases-00.txt Rhys Smith Mark Tysom Simon Cooper IETF80.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
Project Moonshot February 2012. Background Project Moonshot 2.

Project Moonshot February Background Project Moonshot 2.
Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.
Project Moonshot update TF-EMC2 & TF-MNM 14 & 16 February 2011.

Project Moonshot update TF-EMC2 & TF-MNM 14 & 16 February 2011.
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
Project Moonshot TF-MNM. Use cases Project Moonshot 2.

Project Moonshot TF-MNM. Use cases Project Moonshot 2.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.

Similar presentations

Ads by Google