Presentation is loading. Please wait.

Presentation is loading. Please wait.

TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS.

Published byErin Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS."— Presentation transcript:

1 TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS

2 TAC - Poznan, 6 June 2005 The European way (Too) many states, languages, national priorities/laws/prides/… Different systems and/or profiles of existing systems In different degrees of maturity and deployment Look for agreements, even when not fully satisfactory Several initiatives to fill the gaps eduroam: already and successfully running! GN2-JRA5: defining the architecture of an iter-federation AAI TF-EMC2: refining AA-RR and initiating its schema effort, SCHAC TACAR and SCS: new ways of approaching PKIs The Cotswolds Group Importing whatever is interesting from overseas Basic standards as Shibboleth and eduPerson And always with a sense of style and history Your humble speaker and many colleagues

3 TAC - Poznan, 6 June 2005 eduroam The inter-national roaming network access service Based on a hierarchy of RADIUS servers Institutional servers connect to root NREN servers NREN servers are aggregated at the eduroam central server RADIUS server Institution B RADIUS server Institution A Internet Central RADIUS Proxy server Authenticator (AP or switch) User DB Supplicant Guest Student VLAN Guest VLAN Employee VLAN

4 TAC - Poznan, 6 June 2005 eduroam: Reaching further

5 TAC - Poznan, 6 June 2005 GÉANT2 AAI It is intended to be one of the basic services of the coming pan-European academic network Common to all services provided by and based on the network From network access, bandwidth management, etc. To application access (including Grids) Not a substitute of existing infrastructures Nation- or community-based A superstructure connecting them Based on (con-)federating the federations But able to build new federations where they do not exist And directly providing AuthN/AuthZ services access through specific interfaces

6 TAC - Poznan, 6 June 2005 GÉANT2 AAI components A local AAI Instance at each federation/domain/realm Providing the interfaces to the federations or services in it Common Services Home Location Service Others possible: certificate verification, common diagnostics,… Connectors Common for a federation (the Local Federation Connector) Local Connectors for resources allowed to interact directly Service Access Points In charge of adapt AAI interfaces to the (isolated) services AA queries/responses Interfaces and operations WS and SAML based

7 TAC - Poznan, 6 June 2005 GEANT-2 AAI general diagram

8 TAC - Poznan, 6 June 2005 TF-EMC2 and AA-RR Able to impersonate general AAI components Attribute sources Attribute requesters Authorization engines Driven by profiles Entity and protocol aspects Attributes and values Protocol agnostic A rule engine (defined in the profile) connect to protocol adaptors Applications GÉANT2 AAI Connectors Diagnostic tool Interoperability assessment

9 TAC - Poznan, 6 June 2005 TF-EMC2 and SCHAC An extension to the eduPerson schema Taking into account European idiosyncrasy Based on a collection of national extensions so far Croatia (hrEdu) Finland (funetEdu) France (supAnn) Norway/Sweden (norEdu) Poland (plEdu) Spain (iris) Switzerland (swissEdu) Common requirements have been quickly identified Personal (unique) identifiers Other personal attributes (citizenship, languages,…) Privacy definition and entitlements

10 TAC - Poznan, 6 June 2005 SCHAC current status Initial proposal being discussed Release Candidate 1 for the individual attributes has been presented at TF-EMC2 meeting on Sunday Protocol neutral LDAP XML One of its main drivers is ECTS The European Credit Transfer (and Accumulation) System Enable students to complete their curricula across Europe It has made schema harmonization key to IT practitioners in the European universities Close cooperation between TERENA/TF-EMC2 and EUNIS

11 TAC - Poznan, 6 June 2005 TACAR The TERENA Academic CA Repository A PKI-based web of trust among the European academic and research community (and beyond!) Built and maintained by out-of-band methods Without the technical and administrative burdens of a common root CA or a bridge Adopted as trust repository by the EUGridPMA Endorsed by the eIRG Based on two basic principles Keep it simple Let it happen 22 certificates from NRENs and Grid communities Exploring further applications From on-line verification to simpler direct trust links among PKIs

12 TAC - Poznan, 6 June 2005 TACAR: What does it offer A single authoritative source for certificates and policies Able to simplify maintenance procedures Mechanisms to extend (and strengthen) trust links The Grid communities Other geographical areas A model to experiment with Lighter than a common root, simpler than a bridge Distribution of certificate packages Peer-review based models (a-la-EUGridPMA) Qualified or not PKI operation servers Simplified trust exchange The brand new 1SCP proposal

13 TAC - Poznan, 6 June 2005 SCS: A novel certificate service Enable the use of server certificates Allow the use of encrypted channels whenever necessary Avoid the pop-up problem And the cost associated with its avoidance The proposal A service outsourced to a commercial provider that takes care of the root installation procedures in major browsers Provided in adequate technical conditions to NRENs And in reasonable economic terms As flat as possible Coordinated through TERENA Current status Agreement signed by most participant NRENs (Promising) conversations with several providers

14 TAC - Poznan, 6 June 2005 The Cotswolds Group initiative Hosted by JISC (UK) Representatives invited from countries which have committed funding to a comprehensive national programme Attended by representatives from Australia, Finland, Netherlands, Spain, Switzerland, UK, US and CERN Aims: to establish framework for further international collaboration of AA systems, leading to interoperable user mechanisms, and to help other countries develop similar large-scale systems

15 TAC - Poznan, 6 June 2005 The Cotswolds Group conclusions Global inter-working of local/national schemes is possible The network peering model is relevant to extending coverage Set of criteria needed to judge whether to accept a candidate federation Production of a cookbook to describe the criteria and the selection process A facilitator (Secretary) of the activities of the group Dissemination of the results on a broad front

Download ppt "TAC - Poznan, 6 June 2005 Building trust with a European style Diego R. Lopez RedIRIS."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
Cotswolds International Middleware Meeting Upper Slaughter, UK, 14-15 October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.

Cotswolds International Middleware Meeting Upper Slaughter, UK, October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.
EduRoam ESA workshop 17 December 2004 Utrecht.

EduRoam ESA workshop 17 December 2004 Utrecht.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.

17 th TF-EMC2. Lyon, February 2011 On the Many Ways to Identity Exchange D i g i t a l i d e n t i t i e s a r e m o r e v a l u a b l e a s t h e y a.
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004

EduRoam: movilidad por Europa... y España Toledo, 29 de octubre de 2004
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.

The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.

Similar presentations

Ads by Google