connect • communicate • collaborate
Joint Research Activity 3 (JRA3): Multi-Domain User
Applications Research
Licia Florio, TERENA
Year 3, EC GN3 Review
Brussels, June 2012
connect • communicate • collaborate
JRA3: Multi-Domain User Applications Research
! JRA3 Overview ! Progress Update ! Year 4 Plan
! Summary and Conclusions
Overview Progress Y4 Plan Summary 2
connect • communicate • collaborate
What is JRA3?
3 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
JRA3
Enabling collaboration and data sharing
Enabling users to be online anytime anywhere
Enabling GN3 services deployment and composition
The Vision
4 Overview Progress Y4 Plan Summary
connect • communicate • collaborate Overview Progress Y4 Plan Summary
JRA3 Structure
T3: GEMBus (±76 MM)
T1: Roaming Developments
(± 28MM)
JRA3
15 NRENs participating
NIIF, GRNET
RESTENA, DFN, ARNES
T2: Identity Federations
(± 69 MM)
JANET, SWITCH RENATER
TERENA, CARNET,
CESNET, NORDUNET, PIONIER, RedIRIS
SURFnet
5
connect • communicate • collaborate
JRA3 Manpower Usage
Management 15%
Development 50%
Standardisation 20%
Technology Watchbrief
15%
6 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Task 1: Roaming Developments
Task Leader: Stefan Winter (RESTENA)
T1: Roaming Developments
Enhance eduroam
Standardisation work
7 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Task 1, Year 3 Goals
T1 Ease eduroam deployment Continue IETF Work
8 Overview Progress Y4 Plan Summary
connect • communicate • collaborate Overview Progress Y4 Plan Summary
Achievement: Standardisation Work
! RFC RADIUS-over-TLS ready! ! RFC 6614 “Transport
Layer Security (TLS) Encryption for RADIUS”
! This RFC makes significant changes to the RADIUS protocol
9
connect • communicate • collaborate
Importance of the RFC
.nl .be
uni.nl uni.be
.xx
EU Radius
X.509 certs
10 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Achievement: eduroam Configuration Assistant Tool (CAT)
http://cat-test.eduroam.org
! Welcome to CAT
11 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Why CAT?
! CAT = Configuration Assistant Tool
! To make eduroam easier for end-users ! To generate automated installers for users’ devices ! It can be used as a centralised service or it can be installed locally ! Also provides tools for eduroam administrators ! Multilingual sites
! CAT has been entirely developed in JRA3 T1
12 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
How CAT Works
User select their institution User can now choose the installer
13 Overview Progress Y4 Plan Summary
connect • communicate • collaborate Overview Progress Y4 Plan Summary
Mobile CAT
Cat Installer
14
connect • communicate • collaborate
Task 1, Year 4 Goals
! Start Working on eduroam Dynamic Discovery ! Within the IETF ! In real life (eduroam federations need to start testing)
! Publish production-quality release of eduroam CAT code ! Version 1.0 expected
! Improve authentication methods specifications in the IETF ! EAP types
! Start working to support a hotspot monitoring solution ! To check availability and quality of eduroam for end-users
15 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Task 2: Identity Federations
Task Leader: Andreas Solberg (UNINETT)
T2: Identity Federations
Implement supports for groups
Support inter-federation
Enable SSO beyond Web
16 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Task 2, Year 3 Goals
T2 Design Protocol for groups More Results on
“Beyond Web SSO” Expand FedLab
17 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Achievement: Protocol for Groups
! VOOT = Virtual Organization Orthogonal Technology ! A protocol to manage groups in a dynamic way ! It based on existing protocols ! It targets inter-federation use cases ! Completely developed within JRA3 T2
! SURFnet plans to use VOOT in production, starting from summer 2012 ! More info and demos at:
! https://rnd.feide.no/category/voot/
18 Overview Progress Y4 Plan Summary
connect • communicate • collaborate Overview Progress Y4 Plan Summary
Why VOOT?
Scenario: • Users working on a project would like to use collaborative services • Users would need to create a group for each application
19
connect • communicate • collaborate Overview Progress Y4 Plan Summary
How VOOT Works?
! Create a group once, use it for all applications ! VOOT groups are managed independently from the identity
federation
20
connect • communicate • collaborate
Achievement: FedLab
FedLab allows services to test their configurations
! Before the service is entered into a production federation
FedLab provides online tools to support Identity Federations and Services
! Entirely built by JRA3-T2 team
The website also offers: ! Best practice documents ! Aimed at developers
https://fed-lab.org/
21 Overview Progress Y4 Plan Summary
connect • communicate • collaborate Overview Progress Y4 Plan Summary
How does FedLab Work?
! Step 1: register the metadata ! Step 2: verify connectivity ! Step 3: run all tests
22
connect • communicate • collaborate
Achievement: OpenID Connect in FedLab
! Main addition: ! Test facility for OpenID Connect protocol ! First implementation of the specs! ! The team was also involved in the protocol specifications
http://vimeo.com/38634031
23 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Achievement: Beyond Web SSO
! The task contributed to the Moonshot project:
! Aim to combine the RADIUS infrastructure (eduroam) with application-level authentication (SAML)
! This requires significant changes to the protocols
– Some of this work was done in Task 2 – Standardisation ongoing within the IETF
! Testbed for non-Web application was delivered in Dec 2011
24 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Task 2, Year 4 Goals
! Finalise the integration of OpenID Connect in FedLab
! Continue work in the Discovery Area ! Finalise the work on VOOT
25 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Task 3: GEMBus
T3: GEMBus Develop a platform for service deployment
Enable service composition
Task Leader: Pedro Martínez Juliá (Univ. of Murcia)
26 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Task 3, Year 3 Goals
T3 • Further Develop GEMBus
Core Elements Start GEMBus
Cookbook preparation
27 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Why GEMBus?
Network
AuthN tools
Groups Mng
Monitoring tools
Others
New Application
GE
MB
us
28 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Achievement: Greater Stability In Core Components ! Extended the ESB concept to a general “service bus”
! Each service can be plugged without depending on specific service platforms
! Stable Core Components
29 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
0% 100%
50%
80%
Repository New Interface under development
STS Building Support for OAuth
Composition engine Integrated in the main architecture Interface for services
Need testing in ‘real world’
90%
Registry Global registry not ready yet
Accounting
Status of the GEMBus Core Services
30 Overview Progress Y4 Plan Summary
connect • communicate • collaborate Overview Progress Y4 Plan Summary
Achievement: GEMBus Cookbook
! Defines core services and their interactions. ! Shows how to interact with core services and how to build a new service ! Describes how to set-up a testbed environment.
31
connect • communicate • collaborate
Task 3, Year 4 Goals
! Finalise developments of GEMBus core components
! Get feedback on the cookbook ! Get feedback from GEMBus “users”
! No end-users, but software developers
! Prepare the plan on how to continue GEMBus work beyond GN3
32 Overview Progress Y4 Plan Summary
connect • communicate • collaborate
Summary and Conclusions
33
connect • communicate • collaborate
• By participating in international initiatives
• IETF, Kantara, OpenID Connect • Looking for solutions
to real use-cases • To enable
cross-boundary collaboration
• To enhance existing services • eduroam • eduGAIN
• Excellent results achieved: • IETF RFC, CAT, • VOOT • GEMBus
Year 3 Goals Met and
Exceeded
Exploring New
technologies
Raising GN3 profile
Value for Money
34
connect • communicate • collaborate
Questions?
Top Related