www.ja.net/roamingCopyright JNT Association 2006
The JANET Roaming Service
www.ja.net/roamingCopyright JNT Association 2006
Covering…• Background
• The Location Independent Networking (LIN) trial
• The JANET Roaming service
• What the service provides
• Overview of the technology
• How it works in practice
• The eduroam federation
• Parallel international effort
www.ja.net/roamingCopyright JNT Association 2006
Background
• JANET Wireless Advisory Group (WAG) established May 2003
• Develop a location independent networking (LIN) infrastructure to enable networks to support guest users in a transparent & secure manner
• Proof of concept tests carried out on RADIUS (Remote Authentication Dial-In User Server) hierarchy
www.ja.net/roamingCopyright JNT Association 2006
Location Independent Networking (LIN) Trial
• January 2005 – January 2006
• 36 institutions in the UK
• Positive feedback from JANET community
• Transition to service
www.ja.net/roamingCopyright JNT Association 2006
• Launched: end of April 2006
• Resilient NRPS infrastructure
• Community support team fronted by JANET Customer Services
• Consultancy service
• Online documentation: deploying, using and supporting the service
• JANET Roaming is the UK element of the eduroam federation
www.ja.net/roamingCopyright JNT Association 2006
The service
• Enhances user mobility
• Provides hassle free guest network access
• Promotes single sign-on
www.ja.net/roamingCopyright JNT Association 2006
RADIUS Hierarchy
• Organisational RADIUS Proxy Server (ORPS)
• National RADIUS Proxy Server (NRPS)
• International RADIUS Proxy Server (IRPS)
www.ja.net/roamingCopyright JNT Association 2006
Federated Trust Model
• Participating institutions sign-up to the federation policy
• Institutions trust each other to keep their user databases up to date
• Network access is granted to a visitor after their credentials have been verified by their home institution
www.ja.net/roamingCopyright JNT Association 2006
For example…
UKERNA
ORPS
University of Exeter ORPS
JANET
National RADIUS
Proxy server (NRPS)
Authenticator
(AP or switch) User DB
User DB
Visitor’s Username
www.ja.net/roamingCopyright JNT Association 2006
Eduroam federation
• 29 European countries plus Australia, Japan and Taiwan
• Based on the same technology (RADIUS)
• IRPS hosted in Denmark and the Netherlands on behalf of TERENA
• Enabling international roaming
• http://www.eduroam.org/
www.ja.net/roamingCopyright JNT Association 2006
University of Hertfordshire
ORPS
University of Hertfordshire
ORPS
UKERNA
ORPS
UKERNA
ORPS
University of Queensland
ORPS
University of Queensland
ORPS
University of Ballarat
ORPS
University of Ballarat
ORPS
International RADIUS Proxy
Server
(TERENA)
International RADIUS Proxy
Server
(TERENA)
UK
National RADIUS Proxy
Server
UK
National RADIUS Proxy
Server
Australian
National RADIUS Proxy
Server
Australian
National RADIUS Proxy
Server
Eduroam RADIUS Hierarchy
Authentication Request
Authentication Response
www.ja.net/roamingCopyright JNT Association 2006
Federation members
www.ja.net/roamingCopyright JNT Association 2006
• FWNA (Federated Wireless Network Authentication)
• Internet2 working group
• Trial in progress
• Close collaboration between TERENA and Internet2
• http://security.internet2.edu/fwna/
USA
www.ja.net/roamingCopyright JNT Association 2006
Questions?
www.ja.net/roaming