Programme TERENA Overview of the middleware initiatives in the European Higher Education What is eduroam: the technology and how to set up eduroam eduroam-in-a-box:

Programme TERENA Overview of the middleware initiatives in the European Higher Education What is eduroam: the technology and how to set up eduroam eduroam-in-a-box: a tool to ease eduroam deployment eduroam federation Overview of Middleware Developments in Europe Eduroam MiniCAMP April 5, 2007 Licia Florio, Paul Dekkers, Rok Pape TERENA, SURFnet, ARNES Outline What is TERENA European landscape in higher education TERENAs role Why Federated Identity Federation concepts A quick look at the future TERENA Organisation A not-for-profit association of European National Research & Education Networks (since 1986) NRENs Secretariat located in Amsterdam (The Netherlands) 33 National Members 2 International Members: CERN, ESA 10 Associate Members including DANTE, NORDUnet, equipment vendors and telecoms operators TERENA Mission Collaborate Innovate Share knowledge TERENA does not run a network! TERENA Mission Represent common interests and opinions of membership Make political and industrial contacts Lobby European Union and national governments Liaise with other continents (e.g. APAN, Internet2, CLARA) Knowledge Transfer Conferences TNC: Copenhagen 21 to 24 May 2007 Vendor demonstrations, new technologies, NREN showcase Workshops & Seminars eduroam Minicamp and others Developing informational, best-practice and training material. TERENA activities are open to everyone TERENA community is wider than the TERENA membership Activities span over different field See htttp://www.terena.org/activities TERENA Support to Middleware Deployment TERENA provides support for the middleware activities: Via Task Forces (open to anybody) TF-Mobility TF-EMC2 Via services like Server Certificate Service (SCS) Schema HArmonisation Committee (SCHAC) TERENA Academic CA Repository (TACAR) Workshops EuroCAMP (Apirl 16-17, Helsinki) NREN-Grids (June, date and location tbc) Services: SCS What is it about? SCS= Server Certificate Service To issue server certificates - popup free - unlimited number - Very low price (price is not per certificate) -Already 1400 certificates issued For whom? For the National Research and Education Network community in Europe How did we get there? Example of Terena interaction with industry for benefit of research networks What is TACAR TACAR: TERENA ACAdemic Repository Offers a way for building a PKI-based web of trust within the European academic community And beyond >25 root CA certificates (root of trust for IGTF) Conceived as a collection of trust-anchors Based on the principle: Keep it simple TACAR is open to: All NRENs; National Academic PKI s in the TERENA member countries; Non-profit research projects (Grid CA s) EuroCAMP Workshops to promote the use of middleware technologies in the Campuses Three EuroCAMP workshops took place already Topics covered: IdM systems and Federations mainly Very successful Since June 06 MiniCAMPs Organised as part of GEANT2/NA4 project Focused on eduroam So far three events have been organised Services: TF-EMC2 Harmonise schemas in the field of high education Complements eduPerson schema from Internet2 Mainly concerned for inter-institutional data exchange Needed for interoperability Which data What format of data What is Identity Management From a global perspective: Identity Management Giving each user an electronic identity Set of technologies and policies to control users access to resources Can be anything SQL database passwd file LDAP/AD More needs, more complexities Kerberos Web based SSO The Needs For Federated Identity Increasing dynamics in the education system Students can access courses outside their organisation On-line courses are more common Users want to access the same services no matter where they are Grid: example of access to distributed resources Centralized login More institutions dealing with the same users means: Multiple registration of users Overhead to manage guest users Increased possibility of error in managing the users records Sharing of user identity Institutional borders International borders User logs in with the same credentials on the same page for every resource Federations Enable the sharing of educational resources Network Wireless and/or not Applications Online learning systems Require agreement on: Legal Framework and Policies Trust Technology Security Common Language Interoperability Example of Not Federated Access User from Inst X InstX Y Institution YX Institution X Learning Material Network Example of Federated Access User Inst X Learning Material Network Institution Y Federated Access Others Resources Institution X The Building Blocks of Federations Identity ProviderService Provider publisher webmail Federated Access to (Web) Applications Federations are being developed at national level by the NRENs Different (open source) solutions are used Shibboleth: UK, Finland, Switzerland PAPI: Spain A-Select: the Netherlands Sun Federation Manager based upon Liberty Alliance specification: Norway All these solutions are now inter-operable eduGain They all recognize Security Assertion Markup Language (SAML) as the standard to transfer information (assertions) among each other Federated Network Access Eduroam tests started in TF-Mobility Excellent example of a confederation Conclusions Federations are the future Campuses/universities need to be involved Deploying IdMs is the first step to make life easier The campuses need to talk to their NRENs There will not be one unique multipurpose federation Different federations to fit different communities TERENA wants to promote cooperation and help the campuses to deploy middleware