Jra3 multi domain_user_applications_research_year_3_review_final

connect • communicate • collaborate

Joint Research Activity 3 (JRA3): Multi-Domain User

Applications Research

Licia Florio, TERENA

Year 3, EC GN3 Review

Brussels, June 2012


JRA3: Multi-Domain User Applications Research

! JRA3 Overview ! Progress Update ! Year 4 Plan

! Summary and Conclusions

Overview Progress Y4 Plan Summary 2


What is JRA3?

3 Overview Progress Y4 Plan Summary


JRA3

Enabling collaboration and data sharing

Enabling users to be online anytime anywhere

Enabling GN3 services deployment and composition

The Vision


connect • communicate • collaborate Overview Progress Y4 Plan Summary

JRA3 Structure

T3: GEMBus (±76 MM)

T1: Roaming Developments

(± 28MM)

JRA3

15 NRENs participating

NIIF, GRNET

RESTENA, DFN, ARNES

T2: Identity Federations

(± 69 MM)

JANET, SWITCH RENATER

TERENA, CARNET,

CESNET, NORDUNET, PIONIER, RedIRIS

SURFnet

5


JRA3 Manpower Usage

Management 15%

Development 50%

Standardisation 20%

Technology Watchbrief

15%



Task 1: Roaming Developments

Task Leader: Stefan Winter (RESTENA)

T1: Roaming Developments

Enhance eduroam

Standardisation work



Task 1, Year 3 Goals

T1 Ease eduroam deployment Continue IETF Work



Achievement: Standardisation Work

! RFC RADIUS-over-TLS ready! !   RFC 6614 “Transport

Layer Security (TLS) Encryption for RADIUS”

!   This RFC makes significant changes to the RADIUS protocol

9


Importance of the RFC

.nl .be

uni.nl uni.be

.xx

EU Radius

X.509 certs



Achievement: eduroam Configuration Assistant Tool (CAT)

http://cat-test.eduroam.org

! Welcome to CAT



Why CAT?

! CAT = Configuration Assistant Tool

!   To make eduroam easier for end-users !   To generate automated installers for users’ devices !   It can be used as a centralised service or it can be installed locally !   Also provides tools for eduroam administrators !   Multilingual sites

! CAT has been entirely developed in JRA3 T1



How CAT Works

User select their institution User can now choose the installer



Mobile CAT

Cat Installer

14



! Start Working on eduroam Dynamic Discovery !   Within the IETF !   In real life (eduroam federations need to start testing)

! Publish production-quality release of eduroam CAT code !   Version 1.0 expected

! Improve authentication methods specifications in the IETF !   EAP types

! Start working to support a hotspot monitoring solution !   To check availability and quality of eduroam for end-users



Task 2: Identity Federations

Task Leader: Andreas Solberg (UNINETT)

T2: Identity Federations

Implement supports for groups

Support inter-federation

Enable SSO beyond Web




T2 Design Protocol for groups More Results on

“Beyond Web SSO” Expand FedLab



Achievement: Protocol for Groups

! VOOT = Virtual Organization Orthogonal Technology !   A protocol to manage groups in a dynamic way !   It based on existing protocols !   It targets inter-federation use cases !   Completely developed within JRA3 T2

! SURFnet plans to use VOOT in production, starting from summer 2012 ! More info and demos at:

! https://rnd.feide.no/category/voot/



Why VOOT?

Scenario: •  Users working on a project would like to use collaborative services •  Users would need to create a group for each application

19


How VOOT Works?

! Create a group once, use it for all applications ! VOOT groups are managed independently from the identity

federation

20


Achievement: FedLab

FedLab allows services to test their configurations

!   Before the service is entered into a production federation

FedLab provides online tools to support Identity Federations and Services

! Entirely built by JRA3-T2 team

The website also offers: ! Best practice documents ! Aimed at developers

https://fed-lab.org/



How does FedLab Work?

! Step 1: register the metadata ! Step 2: verify connectivity ! Step 3: run all tests

22


Achievement: OpenID Connect in FedLab

! Main addition: !   Test facility for OpenID Connect protocol !   First implementation of the specs! !   The team was also involved in the protocol specifications

http://vimeo.com/38634031



Achievement: Beyond Web SSO

! The task contributed to the Moonshot project:

!   Aim to combine the RADIUS infrastructure (eduroam) with application-level authentication (SAML)

!   This requires significant changes to the protocols

–  Some of this work was done in Task 2 –  Standardisation ongoing within the IETF

! Testbed for non-Web application was delivered in Dec 2011




! Finalise the integration of OpenID Connect in FedLab

! Continue work in the Discovery Area ! Finalise the work on VOOT



Task 3: GEMBus

T3: GEMBus Develop a platform for service deployment

Enable service composition

Task Leader: Pedro Martínez Juliá (Univ. of Murcia)




T3 • Further Develop GEMBus

Core Elements Start GEMBus

Cookbook preparation



Why GEMBus?

Network

AuthN tools

Groups Mng

Monitoring tools

Others

New Application

GE

MB

us



Achievement: Greater Stability In Core Components ! Extended the ESB concept to a general “service bus”

! Each service can be plugged without depending on specific service platforms

! Stable Core Components



0% 100%

50%

80%

Repository New Interface under development

STS Building Support for OAuth

Composition engine Integrated in the main architecture Interface for services

Need testing in ‘real world’

90%

Registry Global registry not ready yet

Accounting

Status of the GEMBus Core Services



Achievement: GEMBus Cookbook

! Defines core services and their interactions. ! Shows how to interact with core services and how to build a new service ! Describes how to set-up a testbed environment.

31



! Finalise developments of GEMBus core components

! Get feedback on the cookbook ! Get feedback from GEMBus “users”

! No end-users, but software developers

! Prepare the plan on how to continue GEMBus work beyond GN3



Summary and Conclusions

33


• By participating in international initiatives

•  IETF, Kantara, OpenID Connect •  Looking for solutions

to real use-cases •  To enable

cross-boundary collaboration

•  To enhance existing services •  eduroam •  eduGAIN

•  Excellent results achieved: •  IETF RFC, CAT, •  VOOT •  GEMBus

Year 3 Goals Met and

Exceeded

Exploring New

technologies

Raising GN3 profile

Value for Money

34


Questions?