Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint.

Published byShanna Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "Eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint."— Presentation transcript:

1 eduroam.us Operational Experiment Kevin Miller Duke University kevin.miller@duke.edu Andy Rosenzweig Merit Network andyr@merit.edu ESCC/Internet2 Joint Techs Workshop February 2006

2 Federated Wireless Auth Vision Enable members of one institution to authenticate to the wireless network at another institution using their home credentials –Reduce the need for guest IDs –Simplify authentication when roaming The “roaming scholar” problem

3 Potential Users Multi-campus college/university School with decentralized authN School system Regional consortia: GigaPoP, state network Etc…

4 FWNA Project Progress Determined basic specs –RADIUS hierarchy modeled after current European eduroam network –Requires use of 802.1x Experimental service in place –Top level servers at UTK, Merit –Connecting servers to Europe, Asia Finalizing “registration” system –Web-based service that will allow new institutions to easily connect

5 Building blocks 802.1x required as wireless access method (no captive portal) Home institutions selects EAP methods appropriate for them RADIUS used to transport auth requests from visited to home site Top-level servers route RADIUS requests between sites

6 Top-Level Server 1 Top-Level Server 2 RADIUS server at visited institution RADIUS server at home institution Wireless net at visited institution Userid store at home institution eduroam.us RADIUS routing

7 802.1x, RADIUS and EAP Top-Level Server 1 RADIUS server at visited institution RADIUS server at home institution Userid store at home institution EAP client AP

8 802.1x, RADIUS and EAP 802.1x and RADIUS serve as transport mechanisms for EAP authentication 1x and RADIUS facilitate a conversation between two items controlled by the user and his organization: EAP client and campus RADIUS server

9 Top-level server interaction Top-Level Server 1 Top-Level Server 2 RADIUS configuration and routing data Top-level servers draw configs from a central store of data, based on registration Thus they remain in synch, but do not otherwise directly communicate

10 Connections to others US Top-Level Server 2 US Top-Level Server 1 Europe Top-Level Server Austr. Top-Level Server Etc.. Top-Level Server Each top-level server knows the top-level realms handled by the others

11 FWNA Policy work How are visiting users notified of eduroam.us service availability? What if the home institution’s policies vary from the visited institution? How do we notify the user if they are a guest? What kinds of federations need to be built? What information is logged, by whom?

12 Things to consider Can your campus adopt 802.1x? Would your wireless authentication structure allow for authenticating foreign realms? Would you allow visiting users onto your normal wireless network? …or onto a segregated virtual network if authenticated? Would doing so solve a problem, or enhance learning?

13 How to take part If you want to be an experiment site, send email to: –salsa-fwna-ops@internet2.edu Must be willing to experiment; nothing is plug and play Important for experimenters to give feedback by way of pointers, local cookbooks, EAP trial info, etc.

14 Join the FWNA Group Project website: http://security.internet2.edu/fwna Biweekly Conference Calls – Thursdays 11am-12pm –Next on 2/23/06 salsa-fwna @ internet2 list –“subscribe salsa-fwna” to sympa @ internet2

15

Download ppt "Eduroam.us Operational Experiment Kevin Miller Duke University Andy Rosenzweig Merit Network ESCC/Internet2 Joint."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
eduroam Delegate Authentication System with Shibboleth SSO

eduroam Delegate Authentication System with Shibboleth SSO
Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
Www.sown.org.uk Southampton Open Wireless Network The Topology Talk.

Southampton Open Wireless Network The Topology Talk.
Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.

SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.
Omniran-13-0063-00-0000 1 IEEE 802 Enhanced Network Detection and Selection Date: 2013-08-26 Authors: NameAffiliationPhoneEmail Max RiegelNSN+49 173 293.

Omniran IEEE 802 Enhanced Network Detection and Selection Date: Authors: NameAffiliationPhone Max RiegelNSN
Philippe Hanset ANYROAM LLC

Philippe Hanset ANYROAM LLC
Www.ja.net/roaming Copyright JNT Association 2006 The JANET Roaming Service.

Copyright JNT Association 2006 The JANET Roaming Service.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia, 19.06.2014.

Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia,
High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

High-quality Internet for higher education and research Federated network access with Klaas Wierenga SURFnet Ljubljana, April.

Similar presentations

Ads by Google