Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS,...
13
C o m i t é R é s e a u d e s U n i v e r s i t é s News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th TF-EMC2 Meeting, 16-17 October
-
Upload
janice-powers -
Category
Documents
-
view
213 -
download
0
Transcript of Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS,...
Co
mité R
éseau d
es Un
iversités News from CRU activities:
Identity federation, eduroam, PKI, SCS, Sympa, security policies
florent.guilleux @ cru.fr
7th TF-EMC2 Meeting, 16-17 October
Co
mité R
éseau d
es Un
iversités
French Research & High Ed landscape
RENATERFrench Research and Education
Network
layers
CRUUniversities (80) and
other high ed schools (~120)
URECResearch
Middleware and other activities
Co
mité R
éseau d
es Un
iversités
CRU federation
We hear about Shibboleth, PAPI, A-Select…
Federations in productions Test federation
CRU: comparison of Shib & LA
uPortal-based portals: directory and CAS SSO deployment
2003 2004 20052002 2006
Pilot federation
CRU federation
Government funding for universities cooperation on a regional level
Government funding for national-level services for students
Co
mité R
éseau d
es Un
iversités
CRU federation
• Based on Shibboleth without centralized WAYF
• One single federation targeted at the ~200 French high ed institutions (IdPs)
• SPs: High Ed community, public & private sectors
• Currently 11 IdPs (~10 coming soon) and 5 SPs
Co
mité R
éseau d
es Un
iversités
CRU federation: current usage
• Library resources (Elsevier, ABES)
• On-line courses (on national and regional levels)
• Wi-Fi access for roaming users (regional level, in cohabitation with eduroam)
• Software distribution (3 coming SPs)
Co
mité R
éseau d
es Un
iversités
CRU federation: next tasks
• Operating a “virtual IdP” with basic group management for “exception” people and people whose institution does not belong to CRU federation yet
• Better integration with the institution portals (how to bypass the WAYF)
• Use of ShARPE and Autograph?
• Which economic model?
Co
mité R
éseau d
es Un
iversités
eduroam• CRU operates the eduroam service for
RENATER community
• Started in April 2006
• Currently 14 institutions
• Main difficulty is administrative: make an university president sign the updated RENATER agreement
Co
mité R
éseau d
es Un
iversités
eduroam: main tasks
• Monitoring: quite close to the real use case– 802.1X & EAP, not only RADIUS level check– to check the availability of the service and if the
institution authentication method works– www.eduroam.fr
• Coming tasks– accounting (stats & traceability)– administrator training
Co
mité R
éseau d
es Un
iversités
PKI
• A PKI running since June 2003
• End-users certificates (~800) for web authentication– We are thinking about moving from X.509 end-
users certificates authentication to federation/portal based authentication
• Server certificates (~1400) more and more used: web servers, LDAPS, POPS, IMAPS, Shibboleth, Radius…
Co
mité R
éseau d
es Un
iversités
SCS• Service opened in May 2006
• One difficulty: updating WHOIS records (and debugging institution naming issues!)
• 50 institutions have subscribed to the service (proxy letter) and more are coming
• ~260 certificates issued, institutions are very satisfied
• One centralized RA (4 operators) with tools to ease the validation of the requests
Co
mité R
éseau d
es Un
iversités
SCS tool for RA operators
• http://www.cru.fr/igc/scs/validation/
MIIBhzCB8QIBADBIMQswCQYDVQQGEwJGUjEcMBoGA1UEChMTVW5pdmVyc2l0ZSBk
J0FuZ2VyczEbMBkGA1UEAxMScnB2LnVuaXYtYW5nZXJzLmZyMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQC1JPNqbFuV2IxD5CRYm1yodSKFt/2jI9OBjOePqa1e
B/HynCP41ppdt0n00uiLmps6RIE0lqsfZOrqBMydLc6AMh6wqe6+YiYqAXDVjMbn
A8SrzR2p/oxNK+RFhgBprFYgJMow88m3C8RCTGg6sLUNV311Og5KIjfzVMatakNx
sQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAhyxOZZZ5dLDlKR5FQZn3Xl4ZgxUl
FxBoci/PInT5hwcoqOeENPgDIkcuEqh6Iz7oZrCRap0FMrAIq9mSfysSo/XJn+gP
Vo4PhH02aluvOv/y76i4VhNGieZbe2VqSjDmg0NagRZnyIfd1b9pFsBW2f8FaG6a
J7TEzcHYmWcZvl0=
Co
mité R
éseau d
es Un
iversités
Latest news for Sympa mailing list software
• Accessibility of the GUI for disabled people
• SOAP interface extended
• AuthN+AuthZ module for DokuWiki
• New translations (Norwegian, Swedish) + English fixed
• Sympa presentation at the "Jornadas Técnicas de RedIRIS JT06", 15th November Grenade, Spain
Co
mité R
éseau d
es Un
iversités
Security policies
• Strong need for well formed and practical security policies in French high ed institutions
• CRU starts to help institutions to set up formal security policies
• Currently in pilot phase with some universities, using EBIOS method
