Workshop on Joining eduroam and Identity Federation

Venue and Dates: the workshop took place at ASREN office at Talal Abu-Ghazaleh University (TAGI-UNI) - (Location Map), and lasted for three days (8-10 September, 2015)

Introduction

The Arab States Research and Education Network in cooperation with German Jordanian University, MAGIC Project and EUMEDCONENCT3 Project conducted a workshop dedicated for staff of National Research and Education Networks (NRENs) and Universities on:

  • eduroam: is the secure, world-wide roaming access service that allows any user from an eduroam participating site to get network access at any institution connected to eduroam.
  • Federated Access: effective and secure management of authentication and identity information to build a trusted environment where users can be identified electronically using a single identity to login and access variety of available resources and applications worldwide.
  • eduGAIN: is a service that interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community.
Program
 
First day: eduroam

1.eduroam description

  • From federation-level RADIUS server operator point of view
  • From institution point of view

2. eduroam deployment

  • FreeRADIUS server
  • Radsecproxy
  • Federation-level RADIUS server
  • Institutional RADIUS server

Second day: Identity Federations

1. understand how identity federation works

  •  From federation operator point of view
  •  From institution point of view

2. Federation operator

  • Metadata mgmt

3. Identity provider deployment

  • Shibboleth v3 IdP
  • Metadata
  • Connecting to the federation

4. eduGAIN

  • Benefits
  • How to connect

Third day: Policies

1. eduroam

  • Brief description
  • eduroam complience statement
  • European eduroam Confederation Policy Declaration

2. Identity Federation

  • Brief description
  • Identity Federation Policy
  • Metadata Registration Practice Statement (MRPS)

3. eduGAIN

  • Brief description
  • eduGAIN Policy Framework Constitution
  • eduGAIN Policy Framework Policy Declaration

Out Comes of The Workshop

Participants had a working RADIUS and a Shibboleth server. They were taught how to technically connect NREN and institution to the eduroam infrastructure. They were also taught how to connect institutional identity provider to the national identity federation and to eduGAIN.

Participants had an overview of eduroam, identity federations and eduGAIN. They were able to prepare policies and agreements which will be signed with GEANT representatives. Agreements were signed and announced during ASREN's annual conference e-AGE 2015 in Morocco 7-8 December 2015.

Prerequisite

  • knowledge of local legislation concerning privacy issues
  • skills in OS administration (Windows/Linux)
  • basic knowledge of PKI (Public Key Infrastructure)

Required Equipment

  • Machine with public IP and DNS hostname located at the institution and root/administrator privileges for that machine
  • Valid and trusted X.509 certificate for the machine (will be used for SSL connections)
  • Notebook
  • VirtualBox installed on the notebook for those who will not have machine at institution ready

Trainers

Michal Prochazka
 
 
 
 
 
 
 
 
 
 
Received his M.Sc. degree from the Masaryk University in Brno in 2009. He works at Masaryk University and CESNET mainly focusing on IT security and identity and access management area. In security area the major focus is targeted on authentication methods in distributed environments.
 
Issue of federated identity and the concept of identity federations is one of his major scope within the identity management area. For three years he has been leading project Perun -- identity and access management system. He is also involved in several projects like CHAIN-REDS, MAGIC, ELIXIR and EGI. In last two projects he is a member of AAI task forces. He was helping with building the eduroam and the identity provider on Masaryk University.
 
 
Jan Oppolzer

 
 
 
 
 
 
 
 
Jan Oppolzer received his bachelor's degree in electrical engineering and master's degree in telecommunications engineering from Czech Technical University in Prague. He currently works for Network Identity Department at CESNET as a member of Authentication and Authorization Infrastructure team. Among his responsibilities are running Shibboleth IdP for CESNET, operating Czech academic identity federation eduID.cz including technical support for members and developing web-based federation metadata tool to allow easy and user-friendly metadata management. He is also a steering group delegate in international interfederation called eduGAIN and a REFEDS member.

 

 

Location: 
Talal Abu-Ghazaleh University (TAGI-UNI), Amman, Jordan