Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

Published byRoderick Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1."— Presentation transcript:

1 © Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1

2 © Janet 2012 Background Project Moonshot 2

3 © Janet 2012 Why Janet? Trusted provider of mission-critical network services to the UK education & research community Expertise in developing and operating AAI Demand from both internal and external customers 3

4 © Janet 2012 Goals 4 Lower the barriers to business between our customers Reduce the cost to market for new services Drive down operational costs for both Janet and our customers

5 © Janet 2012 Vision To deliver a unified approach for securing access to any service or application – enabling new opportunities, business models and cost efficiencies. 5

6 © Janet 2012 Use cases Project Moonshot 6

7 © Janet 2012 Science & Technology Facilities Council Operates the UK’s National Grid Service X.509 authentication too complex for users Goal to simplify authentication across distributed computing Grids “We aim to streamline access services using Moonshot technology, which will take the burden of authentication out of the hands of our users.” Dr Peter Oliver, Group Leader, Science and Technology Facilities Council 7

8 © Janet 2012 Diamond Light Source The UK’s national synchrotron facility Piloting the use of Moonshot within the PANDATA project, which supports 30,000 scientists at more than 20 photon and neutron facilities “Moonshot has thought beyond websites, and looked at what is really required in authentication – right down to the point when you open your laptop to begin work.” Bill Pulford, Head of DASC, Diamond Light Source 8

9 © Janet 2012 Cancer Research UK Cancer Research UK is the world’s leading charity dedicated to beating cancer through research. The institutes form ad hoc relationships to collaborate for research purposes, but when the need arises to share data and documents, each institute can only authenticate within their own organisation. “Moonshot is a valuable enabler for Cancer Research across the UK. It will make collaboration systems easy to build internally so that we can quickly share large data sets between institutes, without complicating the management of that system.” Peter Maccallum, Head of IT & Scientific Computing, CRUK Cambridge Research Institute 9

10 © Janet 2012 Janet Brokerage Work with the community and suppliers to provide solutions based on IT as a service, facilitating the uptake of data centre, hosted and cloud services. –Create efficiencies and cost savings –Accelerate and improve services and add value –Reduce risk in adopting new services –Address technical and business questions –Create a competitive market based on sound technical platforms 10

11 © Janet 2012 Moonshot & Hosted Exchange PoC A number of Universities running student but not staff email due to privacy issues Create a hosted Exchange with Moonshot components integrated –Creates an interesting usage model for suppliers and users –Sets an example to the two major cloud providers 11

12 © Janet 2012 Some key challenges Federated authentication for web and other applications Different deployment models: centralised, distributed & cloud (private, public & hybrid). Need to easily use different types of credentials Federated authentication to workstations, not just apps Massive scale – at least tens of millions of entities 12

13 © Janet 2012 Technology overview Project Moonshot 13

14 © Janet 2012 Underlying technologies Moonshot builds on the eduroam technologies –EAP (RFC 3748): strong mutual authentication –RADIUS (RFC 2865): federation between domains To this, Moonshot adds –SAML, for rich authorisation semantics –Application integration, using operating system security APIs SSPI: Windows GSS-API (RFC 2078): Other operating systems SASL (RFC 4422): Windows and other operating systems –This architecture is being standardised within the IETF Abfab working group 14

15 © Janet 2012 Architecture 15 SSH clientSSH serverRADIUS server (2) SSH negotiation(4) RADIUS (3) Authentication (1) Credentialing (5) Attributes (6) SSH session OpenSSH used as example of application; many others also apply

16 © Janet 2012 Deployment requirements Most HE organisations are nearly Moonshot-ready today RADIUS authentication server at user organisation –Any RADIUS product should support pre-production testing today Option to integrate RADIUS server with Shibboleth IdP Logical connection to national RADIUS infrastructure –Already implemented in most cases (shared with eduroam) Moonshot client and server plug-in –Linux: packaging available for Debian & RHEL; Scientific Linux soon –Windows: native support using prototype plugin –Mac: Packaging almost complete for Snow Leopard and Lion 16

17 © Janet 2012 Application integration Most modern applications use at least one of the security APIs supported by Moonshot Correctly written applications will ‘just work’ without modification or recompilation Less correctly written applications may require minor source modifications 17

18 © Janet 2012 PuTTY against OpenSSH 18

19 © Janet 2012 IE7 against Apache 19

20 © Janet 2012 Outlook 2010 against Exchange 2010 20

21 © Janet 2012 Outlook 2010 against Exchange 2010 21

22 © Janet 2012 Examples of other tested scenarios OpenSSH client  OpenSSH server (GSS) OpenLDAP client  OpenLDAP server (GSS) OpenLDAP client (GSS)  Windows Active Directory (SSPI) Firefox  Apache (GSS) Internet Explorer  IIS (SSPI) MyProxy client  MyProxy server (SASL) Adium  Jabberd (SASL) Console authentication using PAM on Linux (GSS) and SSPI on Windows 22

23 © Janet 2012 Technology pilot Project Moonshot 23

24 © Janet 2012 Janet Moonshot Technology Pilot Goals 1.To test the suitability of the Moonshot technology for deployment, focusing on e-Research use cases 1.To identity what further work is needed to support the wider community’s use of the technology 2.To plan, implement or support this additional work 24

25 © Janet 2012 Current status Pilot operating using Janet’s eduroam infrastructure Software ready for pre-production testing Production-quality environment due Q1 2012 IETF standardisation approaching completion On-going discussions with OS and application vendors 25

26 © Janet 2012 Conclusions Next generation federation technology that meets the needs of advanced use cases Builds on widely deployed infrastructure (RADIUS & SAML) and operating system extensibility Cross-platform implementation ready for pre-production testing Correctly written applications ‘just work’ Architecture being standardised within IETF Janet will review progress of Technology Pilot in 2012 Q2, and consider a formal offering to its customers in the future 26

27 © Janet 2012 Q & A Project Moonshot 27

Download ppt "© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Project Moonshot February 2012. Background Project Moonshot 2.

Project Moonshot February Background Project Moonshot 2.
John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.

John Chapman, Janet Fall 2012 Internet 2 Member Meeting 3 October 2012 Trust me, I’m an engineer: Engineering trust using a Trust Router infrastructure.
August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.

August 2013 Introduction to Moonshot. Why Moonshot? Within education, there are a number of specialised federations: – UK federation - Access to web-based.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
E-business Infrastructure

E-business Infrastructure
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
UK e-Science and the White Rose Grid Paul Townend Distributed Systems and Services Group Informatics Research Institute University of Leeds.

UK e-Science and the White Rose Grid Paul Townend Distributed Systems and Services Group Informatics Research Institute University of Leeds.
Project Moonshot TF-MNM. Use cases Project Moonshot 2.

Project Moonshot TF-MNM. Use cases Project Moonshot 2.
Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.

Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

Similar presentations

Ads by Google