Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.

Published byJanice Powers Modified over 8 years ago

Similar presentations

Presentation on theme: "Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th."— Presentation transcript:

1 Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th TF-EMC2 Meeting, 16-17 October

2 Comité Réseau des Universités French Research & High Ed landscape RENATER French Research and Education Network layers CRU Universities (80) and other high ed schools (~120) UREC Research Middleware and other activities

3 Comité Réseau des Universités CRU federation We hear about Shibboleth, PAPI, A-Select… Federations in productions Test federation CRU: comparison of Shib & LA uPortal-based portals: directory and CAS SSO deployment 20032004200520022006 Pilot federation CRU federation Government funding for universities cooperation on a regional level Government funding for national-level services for students

4 Comité Réseau des Universités CRU federation Based on Shibboleth without centralized WAYF One single federation targeted at the ~200 French high ed institutions (IdPs) SPs: High Ed community, public & private sectors Currently 11 IdPs (~10 coming soon) and 5 SPs

5 Comité Réseau des Universités CRU federation: current usage Library resources (Elsevier, ABES) On-line courses (on national and regional levels) Wi-Fi access for roaming users (regional level, in cohabitation with eduroam) Software distribution (3 coming SPs)

6 Comité Réseau des Universités CRU federation: next tasks Operating a “virtual IdP” with basic group management for “exception” people and people whose institution does not belong to CRU federation yet Better integration with the institution portals (how to bypass the WAYF) Use of ShARPE and Autograph? Which economic model?

7 Comité Réseau des Universités eduroam CRU operates the eduroam service for RENATER community Started in April 2006 Currently 14 institutions Main difficulty is administrative: make an university president sign the updated RENATER agreement

8 Comité Réseau des Universités eduroam: main tasks Monitoring: quite close to the real use case –802.1X & EAP, not only RADIUS level check –to check the availability of the service and if the institution authentication method works –www.eduroam.frwww.eduroam.fr Coming tasks –accounting (stats & traceability) –administrator training

9 Comité Réseau des Universités PKI A PKI running since June 2003 End-users certificates (~800) for web authentication –We are thinking about moving from X.509 end- users certificates authentication to federation/portal based authentication Server certificates (~1400) more and more used: web servers, LDAPS, POPS, IMAPS, Shibboleth, Radius…

10 Comité Réseau des Universités SCS Service opened in May 2006 One difficulty: updating WHOIS records (and debugging institution naming issues!) 50 institutions have subscribed to the service (proxy letter) and more are coming ~260 certificates issued, institutions are very satisfied One centralized RA (4 operators) with tools to ease the validation of the requests

11 Comité Réseau des Universités SCS tool for RA operators http://www.cru.fr/igc/scs/validation/ MIIBhzCB8QIBADBIMQswCQYDVQQGEwJGUjEcMBoGA1UEChMTVW5pdmVyc2l0ZSBk J0FuZ2VyczEbMBkGA1UEAxMScnB2LnVuaXYtYW5nZXJzLmZyMIGfMA0GCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQC1JPNqbFuV2IxD5CRYm1yodSKFt/2jI9OBjOePqa1e B/HynCP41ppdt0n00uiLmps6RIE0lqsfZOrqBMydLc6AMh6wqe6+YiYqAXDVjMbn A8SrzR2p/oxNK+RFhgBprFYgJMow88m3C8RCTGg6sLUNV311Og5KIjfzVMatakNx sQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAhyxOZZZ5dLDlKR5FQZn3Xl4ZgxUl FxBoci/PInT5hwcoqOeENPgDIkcuEqh6Iz7oZrCRap0FMrAIq9mSfysSo/XJn+gP Vo4PhH02aluvOv/y76i4VhNGieZbe2VqSjDmg0NagRZnyIfd1b9pFsBW2f8FaG6a J7TEzcHYmWcZvl0=

12 Comité Réseau des Universités Latest news for Sympa mailing list software Accessibility of the GUI for disabled people SOAP interface extended AuthN+AuthZ module for DokuWiki New translations (Norwegian, Swedish) + English fixed Sympa presentation at the "Jornadas Técnicas de RedIRIS JT06", 15th November Grenade, Spain

13 Comité Réseau des Universités Security policies Strong need for well formed and practical security policies in French high ed institutions CRU starts to help institutions to set up formal security policies Currently in pilot phase with some universities, using EBIOS method

Download ppt "Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th."

Similar presentations

eduroam Delegate Authentication System with Shibboleth SSO

eduroam Delegate Authentication System with Shibboleth SSO
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Open-source Single Sign-On with CAS (Central Authentication Service)

Open-source Single Sign-On with CAS (Central Authentication Service)
Copyright © 2006 ESUP-Portail consortium The ESUP-Portail project (in a few words) Pascal Aubry Consortium ESUP-Portail / University.

Copyright © 2006 ESUP-Portail consortium The ESUP-Portail project (in a few words) Pascal Aubry Consortium ESUP-Portail / University.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.

5/25/2015 AEB/Yleisesittely Roaming network access using Shibboleth in University of Helsinki Fall 2004 Internet2 Member Meeting 29th of September, 2004.
EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.

EuroCAMP Ljubljana, 3-5 March 2006 TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.

Alex Reid, AARNet Australia Middleware Update; 16-Oct-06 Middleware in Australia - Update TF-ECM2 Malaga 16-Oct-06 Alex Reid Director, eResearch/Middleware.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.

NJVid New Jersey Video Portal 1 Grant partners. NJVid New Jersey Video Portal 2 NJTrust - New Jersey Identity Trust Federation NJViD Advisory Board Meeting.
Shibboleth and InCommon Copyright Texas A&M University 2008. This work is the intellectual property of the author. Permission is granted for this material.

Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Similar presentations

Ads by Google