9
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Embed Size (px)

DESCRIPTION

Project Moonshot in a slide Phase 1-3 (Jan  Mar 2010) Independent technical Feasibility Analysis. EAP GSS and other initial drafts (IETF & OASIS). Bar IETF 77. Phase 4 (April  May 2010) Draft of project plan. Request IETF 78. Phase 5 (June  July 2010) Detailed project plan. Prepare for IETF 78. Phase 6 (August 2010  August 2011)

Citation preview

Page 1: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

IETF 78

Maastricht

27 July 2010

Josh Howlett, JANET(UK)

Page 2: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Background Rapid development of trust and identity infrastructure

and services Campus:

LDAP & IdM, 802.1X, EAP, RADIUS, X.509, SAML, Kerberos… National:

JANET Certificate Service (X.509) JANET Roaming Service (AAA / EAP / 802.1X) (eduroam) UK Access Management Federation (SAML).

International: eduroam eduGAIN Grid

Increasingly complex technical landscape. Increasingly demanding user requirements.

Page 3: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Project Moonshot in a slide• Phase 1-3 (Jan Mar 2010)

• Independent technical Feasibility Analysis.• EAP GSS and other initial drafts (IETF & OASIS).• Bar BoF @ IETF 77.

• Phase 4 (April May 2010)• Draft of project plan.• Request BoF @ IETF 78.

• Phase 5 (June July 2010)• Detailed project plan.• Prepare for BoF @ IETF 78.

• Phase 6 (August 2010 August 2011)• http://www.project-moonshot.org/plan

Page 4: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Technology choices

• SAML provides authorisation and attributes.

• GSS-API mechanism for application integration.

• EAP authentication encapsulated in GSS-API to gain existing credential support.

• RADIUS transport provides federation.

Page 5: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Supplicant

EAP lowerLayer(e.g.,

802.11i)

AAA

EAP lowerLayer(e.g.,

802.11i)

AAA

EAP server

Peer Authenticator EAP server

Network access

EAP method

EAP

MSK

EAP MSK

Page 6: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Supplicant

AAA AAA

EAP server

Client Server EAP server

GSS-API

Clientapplication

GSS-API

Serverapplication

Moonshot: non-Web SSOEA

P M

SK

EAP MSK

Page 7: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Supplicant

AAA AAA

EAP server

Client Server EAP server

GSS-API

Clientapplication

GSS-API

Serverapplication

Moonshot: non-Web SSO

• draft-howlett-radiussaml-attr• sstc-saml-binding-aaa-draft

• draft-howlett-eap-gss• draft-hartman-gss-eap-naming

• IETF architecture document •sstc-saml-eapgss-sso-draft

Page 8: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Project Moonshot Goals• Standardised technical architecture.

• Production-quality open-source implementation.

• Packaged and shipped with Debian Linux.

• A test-bed for interoperability testing.

• High quality documentation.

• An active community of users and developers.

Page 9: IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Discuss!