Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS,...
-
Upload
janice-powers -
Category
Documents
-
view
213 -
download
0
Transcript of Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS,...
![Page 1: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/1.jpg)
Co
mité R
éseau d
es Un
iversités News from CRU activities:
Identity federation, eduroam, PKI, SCS, Sympa, security policies
florent.guilleux @ cru.fr
7th TF-EMC2 Meeting, 16-17 October
![Page 2: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/2.jpg)
Co
mité R
éseau d
es Un
iversités
French Research & High Ed landscape
RENATERFrench Research and Education
Network
layers
CRUUniversities (80) and
other high ed schools (~120)
URECResearch
Middleware and other activities
![Page 3: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/3.jpg)
Co
mité R
éseau d
es Un
iversités
CRU federation
We hear about Shibboleth, PAPI, A-Select…
Federations in productions Test federation
CRU: comparison of Shib & LA
uPortal-based portals: directory and CAS SSO deployment
2003 2004 20052002 2006
Pilot federation
CRU federation
Government funding for universities cooperation on a regional level
Government funding for national-level services for students
![Page 4: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/4.jpg)
Co
mité R
éseau d
es Un
iversités
CRU federation
• Based on Shibboleth without centralized WAYF
• One single federation targeted at the ~200 French high ed institutions (IdPs)
• SPs: High Ed community, public & private sectors
• Currently 11 IdPs (~10 coming soon) and 5 SPs
![Page 5: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/5.jpg)
Co
mité R
éseau d
es Un
iversités
CRU federation: current usage
• Library resources (Elsevier, ABES)
• On-line courses (on national and regional levels)
• Wi-Fi access for roaming users (regional level, in cohabitation with eduroam)
• Software distribution (3 coming SPs)
![Page 6: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/6.jpg)
Co
mité R
éseau d
es Un
iversités
CRU federation: next tasks
• Operating a “virtual IdP” with basic group management for “exception” people and people whose institution does not belong to CRU federation yet
• Better integration with the institution portals (how to bypass the WAYF)
• Use of ShARPE and Autograph?
• Which economic model?
![Page 7: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/7.jpg)
Co
mité R
éseau d
es Un
iversités
eduroam• CRU operates the eduroam service for
RENATER community
• Started in April 2006
• Currently 14 institutions
• Main difficulty is administrative: make an university president sign the updated RENATER agreement
![Page 8: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/8.jpg)
Co
mité R
éseau d
es Un
iversités
eduroam: main tasks
• Monitoring: quite close to the real use case– 802.1X & EAP, not only RADIUS level check– to check the availability of the service and if the
institution authentication method works– www.eduroam.fr
• Coming tasks– accounting (stats & traceability)– administrator training
![Page 9: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/9.jpg)
Co
mité R
éseau d
es Un
iversités
PKI
• A PKI running since June 2003
• End-users certificates (~800) for web authentication– We are thinking about moving from X.509 end-
users certificates authentication to federation/portal based authentication
• Server certificates (~1400) more and more used: web servers, LDAPS, POPS, IMAPS, Shibboleth, Radius…
![Page 10: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/10.jpg)
Co
mité R
éseau d
es Un
iversités
SCS• Service opened in May 2006
• One difficulty: updating WHOIS records (and debugging institution naming issues!)
• 50 institutions have subscribed to the service (proxy letter) and more are coming
• ~260 certificates issued, institutions are very satisfied
• One centralized RA (4 operators) with tools to ease the validation of the requests
![Page 11: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/11.jpg)
Co
mité R
éseau d
es Un
iversités
SCS tool for RA operators
• http://www.cru.fr/igc/scs/validation/
MIIBhzCB8QIBADBIMQswCQYDVQQGEwJGUjEcMBoGA1UEChMTVW5pdmVyc2l0ZSBk
J0FuZ2VyczEbMBkGA1UEAxMScnB2LnVuaXYtYW5nZXJzLmZyMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQC1JPNqbFuV2IxD5CRYm1yodSKFt/2jI9OBjOePqa1e
B/HynCP41ppdt0n00uiLmps6RIE0lqsfZOrqBMydLc6AMh6wqe6+YiYqAXDVjMbn
A8SrzR2p/oxNK+RFhgBprFYgJMow88m3C8RCTGg6sLUNV311Og5KIjfzVMatakNx
sQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAhyxOZZZ5dLDlKR5FQZn3Xl4ZgxUl
FxBoci/PInT5hwcoqOeENPgDIkcuEqh6Iz7oZrCRap0FMrAIq9mSfysSo/XJn+gP
Vo4PhH02aluvOv/y76i4VhNGieZbe2VqSjDmg0NagRZnyIfd1b9pFsBW2f8FaG6a
J7TEzcHYmWcZvl0=
![Page 12: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/12.jpg)
Co
mité R
éseau d
es Un
iversités
Latest news for Sympa mailing list software
• Accessibility of the GUI for disabled people
• SOAP interface extended
• AuthN+AuthZ module for DokuWiki
• New translations (Norwegian, Swedish) + English fixed
• Sympa presentation at the "Jornadas Técnicas de RedIRIS JT06", 15th November Grenade, Spain
![Page 13: Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies florent.guilleux @ cru.fr 7th.](https://reader036.fdocuments.us/reader036/viewer/2022082819/56649f1e5503460f94c35703/html5/thumbnails/13.jpg)
Co
mité R
éseau d
es Un
iversités
Security policies
• Strong need for well formed and practical security policies in French high ed institutions
• CRU starts to help institutions to set up formal security policies
• Currently in pilot phase with some universities, using EBIOS method