JRA5 Ubiquity Mobility and Roaming Access to Services plans and outline

1
JRA5 - Ubiquity (Mobility) and Roaming Access
to Servicesplans and outline

• Jürgen Rauschenbach
• jrau_at_dfn.de

2
Motivation

• Initiative in 2002 of TERENA (Trans European
  Research and Education Networking Association)
  Identification of the problem (Roaming)
• By Roaming we understand
• a methode for the transfer of Authentification
  informations betwen organisations in a way that
  acces for a user from another organisation can be
  granted (wireless or fixed) 1) to the
  network of the visited organisation and/or
  2) to the home network
  (for authentification purposes and for working in
  the known environment)
• TF Mobility open (15 countries), 1.1.2003 -
  30.6.2004, Charta and reports see
  www.terena.nl/mobility

3
TF Mobility will

• evaluate today used and operated national (or
  local) roaming solutions based on the
  requirements defined by the TF
• select most promising methods and organize field
  tests
• make recommendations to the NRENs and provide
  material for discussion
• Evaluation of mobile equipment and technology of
  the next generation for Handover und Roaming
  (mobile IPv6).

4
Cross-domain 802.1X with VLAN assignment (Surfnet)
Supplicant
RADIUS server Institution B
RADIUS server Institution A
Authenticator (AP or switch)
User DB
User DB
Guest piet_at_institution_b.nl
Internet
signalling
Guest VLAN
Employee VLAN
data
Central RADIUS Proxy server
Student VLAN
Authentication at home institution, 802.1X ,
TTLS (SecureW2), (proxy) RADIUS. One time
passwords are also transmitted via SMS to guest
users. A RADIUS Hierarchy is proposed to scale
this to a European wide solution.
5
RADIUS proxy hierarchy established (geographic
view)
FUNET
RADIUS Proxy servers connecting to a European
level RADIUS proxy server
SURFnet

• Participation guidelines are being drafted
• Aim is to increase membership. Norway, Slovenia,
  Czech Republic Greece have indicated their
  willingness to join.

DFN
University of Southampton
FCCN
CARnet
6
JRA5 Roaming (1)

• Quality check of the requirements doc
• update (802.1i)
• taking into account other technologies (UMTS, 3rd
  generation and beyond)
• roaming in wireless and fixed networks
• widen scope to seamless roaming
• academic and commercial interworking, policy
  issues
• integrating p2p building blocks
• input from AAI
• widen scope to support SSO

7
JRA5 Roaming (2)

• Define NREN roaming policy issues and guidelines
• define policy to establish a trust fabric at
  NREN/institution level
• survey national EU issues related to roaming
• Data Protection Act, Privacy Act, ...
• Define guidelines for roaming on NREN/institution
  level
• improved interoperability cookbook

8
JRA5 Roaming (3)

• Inter NREN roaming testbed extension and test
  plan
• provide an updated design for NREN roaming
• roaming pilot service roll-out plan
  (recommendations to the NRENs, but decisions are
  still with the NREN!)
• advertising/convincing the NRENs
• providing supporting materials (FAQs, cross test
  reports, etc.)
• provide statistics, analyse success, feedback to
  standards, push to vendors
• provide a plan on further work (UMTS, seamless
  roaming testbed, etc.)

9
(No Transcript)
10
AAI Where we are today?

• different solutions used, some NREN started, some
  not
• PAPI, A-Select, Shibboleth, Athens, many more ...
• Combinations exist too (SWITCHaai)
• user administration is seen by the NREN as a
  local problem, recommendations (LDAP?, ...)
• many projects (FEIDE, Unitcf, ...
• TERENA TF AACE is working on these fields (until
  next Summer)

11
JRA5 AAI (1)

• Define basic requirements, incl. classification
  of services and apps to be addressed
• designment a federated architecture and
  description of the generic blocks and components
  needed (started in TF AACE)
• install a test solution in a testbed for
  federated AAI, test plan
• survey of problems to solve and refinement of the
  requirements, making them stronger
• test again (rapid prototyping)

12
JRA5 AAI (2)

• AAI is characterised by a broader spectrum of
  solutions, more diverse then in roaming
• trying to stick on practicability!
• requirements should show, what we want to not do
• AAI task will be continued probably until end of
  project
• GRID to be observed, avoid strong incompatibility
  if possible

13
JRA5 SSO

• Based on AAI
• short term SSO network access (802.11, later
  different networks (Wi-Fi and GPRS, mobile IPv6!)
• long term SSO access network and apps (generic
  cases might be quite challenging)
• basic solutions on Radius? CARnet
• centralised solutions?