TF-MOBILITY/Next Generation
Next Generation
Responsible: Miroslav Milinovic (CARNET, Croatia)
This task focused on the use of new technologies to explore an alternative to RADIUS for authentication and authorisation functions for eduroam.
To date eduroam provides three different functionalities:
- authentication of the users - Tests to make the authentication process more dynamic were performed. Oher technologies to replace RADIUS (such as DIAMETER, RadSec and others) ware tested. The conclusion of those tests, was that to date the only possible alternative to RADIUS appears to be RadSec. This is still one of the topic of the current TF-Mobility work.
- protocol to transport users' credentials to the users home institution - The possibility to provide direct ad-hoc connection from a guest network to the home users AA server is being investigated through the use of RADIUS over IPsec and DIAMETER.
- trust fabric - Current trust fabric is implemented as a chain of peer-to-peer shared secrets between RADIUS servers. Some studies to use PKI to enhance the system were performed.
Deliverables produced
The following deliverables have been produced and will be discussed during the next TF-Mobility meeting:
- XML schema to display the status of the various RADIUS servers in an HTML page (Miroslav Milinovic, CARNET)
- Guideline document about eduroam SSIDs (Tomasz Wolniewicz, PIONIER) - The document is the outcome of some discussion that took place on the mailing list