SlideShare a Scribd company logo

BdNOG-20220625-MT-v6.0.pptx

Download as PPTX, PDF
Bangladesh Network Operators Group
Bangladesh Network Operators Group

Versatility of Federated Services and its applications

Technology
1 of 36
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate 0 100 Versatility of Federated Services and its Applications 14th BdNOG Conference Date: 01 July 2022 Time: 14:30 hrs [GMT+6] Presented by Mohammad Tawrit, CEO and Khandakar Rashedul Arefin, Manager
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Video on BdREN • Video Link:
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate What is Federation? Without Identity Federation With Identity Federation
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Federated Services => Benefits • Ease of Access to services • To improve the user experience through Single Sign-on • Improved security • Ease of Management of users
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Metadata Theory => Bilateral Connectivity Bi-Lateral Connections Connecting an IdP and SP together through directly sharing metadata between each.
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Bilateral Connectivity => doesn’t scale For each services connected to an IdP • An agreement with each SP • Swapping metadata though some agreed process (each SP may have their own process for sharing metadata) • IdP needs to be modified for each new SP added (manual process) • If the IdPs metadata changes (e.g certificate renewal) all SP need to refresh their version of the IdPs metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Bilateral Connectivity => doesn’t scale For each IdP a service connects to • An agreement with each IdP • Swapping metadata though some agreed process (each IdP may have their own process for sharing metadata) • SP needs to be modified for each new IdP added (manual process) • If the SPs metadata changes (e.g certificate renewal) all IdPs need to refresh their version of the SPs metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Federation Architecture The IdP • Users • IdP Metadata The SP • A service being offered to users • SP Metadata The Federation • Federation Policy • Metadata Registration Practice Statement (MRPS) • Metadata Signing Key • Signed Federation Metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate IdP Joins Federation An IdP Joins the federation… • Using Jagger it • Registers its metadata • Connects with the federation The Federation Operator will… • Verify the organisation based on rules in the MRPS Jagger will • Validate the metadata provided • Add the metadata to federation metadata • Sign and publish the updated metadata.
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate SP Joins Federation A SP Joins the federation… • Using Jagger it • Registers its metadata • Connects with the federation The Federation Operator will… • Verify the organisation based on rules in the MRPS Jagger will • Validate the metadata provided • Add the metadata to federation metadata • Sign and publish the updated metadata.
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Getting the Signing key IdPs and SP need a copy of the metadata signing key. • Download the key from a known location • Verify the key • Add the key to their configuration The Federation operator must make the signing key available for download • MUST key the private half of the key private!
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Get the Federation Metadata IdPs and SPs get the common signed metadata file from the federation operator • Download the file • Verify it has not been modified using the signing key • Repeat every hour When IdP or SP metadata changes… • The change is made in Jagger • It is published to the federation metadata and signed The change is then consumed by all federation members
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate How Federation Works?
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Applications • eduGAIN • eduroam • OpenRoaming • Research Paper Access • Zoom as a Service • Other Applications
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata Now to extend into eduGAIN…
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN links What is eduGAIN… https://edugain.org/ Who is participating… https://technical.edugain.org/status What services are available… https://technical.edugain.org/entities Which IdPs are participating… https://technical.edugain.org/entities What about the policy… https://technical.edugain.org/documents
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduroam => what it is? • eduroam is a global WiFi roaming consortium which gives members of education and research Community access to the internet for free on all eduroam hotspots on the planet.
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduroam hierarchical structure .bd BdREN NRSs BdREN SUST SAU SBAU BUET IUB MBSTU JUST PSTU PUST DUET BRUR KUET IU BSMRAU IUT CUET EU BoU .bd Federation Operators IdPs and SPs Inter- Federation Operatos
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Service/Identity Provider Eduroam -->> flow of authentication (local) BdREN NRS HERNET/AARnet TLR mafiz@ru.ac.bd mafiz@ru.ac.bd mafiz@ru.ac.bd RU IRS DTU IRS Rajshahi University Technical University of Denmark DeIC NRS Local Authentication Access Accept/Reject
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Eduroam -->> flow of authentication (In-Roamer) BdREN NRS HERNET/AARNet TLR Martin@dtu.dk Martin @dtu.dk Martin@dtu.dk Martin@dtu.dk Martin@dtu.dk RU IRS DTU IRS Rajshahi University Technical University of Denmark DeIC NRS Martin@dtu.dk Martin@dtu.dk Foreign Authentication Access Accept/Reject Service Provider Identity Provider
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduroam security Concern (is it safe?) AUTHENTICATION: 802.1x AUTHENTICATION [INNER TUNNEL] MSCHAPV2.0 AUTHENTICATION [Outer TUNNEL] EAP-TLS
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate MSCHAPv2.0 -->> Inner Tunnel Authentication I would like to login, username: james Here’s your challenge message: 15472a309fe22789efa522d45c7af9ad pass111+ 15472a309fe22789efa522d45c7af9ad Hashing Expected challenge response: db3fc40e6439d4d972870252ccc11f99 Pass111+ 15472a309fe22789efa522d45c7af9ad Hashing Challenge response: db3fc40e6439d4d972870252ccc11f99 Challenge Response: db3fc40e6439d4d972870252ccc11f99 Access Accept Username: james Password: pass111 MSCHAP Server Client Challenge Response Matched Challenge Message 15472a309fe22789efa522d45c7af9ad
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduroam authentication -->> full flow Supplicant Radius Server Authentication Server Certificate Supplicant Certificate Authentication Server Certificate Supplicant Username, Password Hash Exchange of Information and Creation of Outer Tunnel MSCHAP Challenge Authenticator EAP Request-ID EAP Response ID Radius Request ID EAP-TLS Start Client Hello Radius Server’s Public Key Supplicant’s Public Key Radius Server’s Public Key  Client and Server both have valid Certificate containing their “Public Key”  Client and Server share their Certificate thereby share their “Public Key”  Client encrypts its credentials using Server’s Public Key  Server encrypts its traffic using Client’s Public Key Outer Tunnel: EAP-TLS Provide/Reject Access Initialization Outer Tunnel Inner Tunnel
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Eduroam security • Framework 802.1x: – Radius with tunneled EAP (TTLS, PEAP) Outer Tunnel Outer Tunnel Inner Tunnel
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate • ISPs can come forward to allow their hotspots under the coverage of eduroam for the benefit of education and research community. What ISPs will require?  Access Point with Dual SSID broadcast facility  Access Point having 802.1x authentication feature Hotel Airport Fervent Appeal
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate • Challenges: • Routing Radius Request: • Need an hierarchy same as NRENs • IRS  NRS  TLR/eTLR • Also can be accomplished by dynamic resolution of RADIUS service from Domain Name Server using SRV record resolution [Overcome using OpenRoaming] • Billing: • Not an NREN concern as NRENs are non-profit organizations • A real challenge for ISPs as they need to charge the subscribers [Yes, it can be accomplished using OpenRoaming as well] Can Commercial ISPs do it?
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate OpenRoaming -- >> Architecture
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate OpenRoaming => Authentication Flow Configure DNS Enterprise based security and Hotspot 2.0 IDP Discovery EAP/TLS Authentication, Policy and Accounting WPA2 EAP/TLS WPA2
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate OpenRoaming Requirements • Wireless Networks • Cisco Wireless Networks • Cisco AireOS based WLC running AireOS 8.3 or later plus Cisco DNA Spaces SEE • Cisco Catalyst 9800 WLC running IOS-XE 16.12 or later plus Cisco DNA Spaces SEE • Cisco Meraki® plus Cisco DNA Spaces SEE • Service Provider • Top Venues in the world including Cannery Wharf, Clair and the Fira de Barcelona • Identity Provider • Samsung, Boingo Wireless • Apple ID • Google ID • End device • Samsung Devices [Android 10 or higher] using Native OS • iPhone [iOS 13.3 or higher] using OpenRoaming Mobile App • Android [Android 9.0 or higher] using OpenRoaming Mobile App • Google Pixel [Android 11.0 or higher] using Native OS
© Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate

Recommended

The Rules of Engagement for Hybrid Learning.pptx
The Rules of Engagement for Hybrid Learning.pptxThe Rules of Engagement for Hybrid Learning.pptx
The Rules of Engagement for Hybrid Learning.pptx
Cynthia Clay
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
Archiver
 
How to Deploy Microsoft 365 Apps and Workloads.
How to Deploy Microsoft 365 Apps and Workloads.How to Deploy Microsoft 365 Apps and Workloads.
How to Deploy Microsoft 365 Apps and Workloads.
Tuan Yang
 
Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Cloudflare Partner Program 2020
Cloudflare Partner Program 2020
Dan Hollinger
 
TPHK 2017 Training Schedule
TPHK 2017 Training ScheduleTPHK 2017 Training Schedule
TPHK 2017 Training ScheduleTraining Partners
 
Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18
TechSoup
 
Hybrid Training Models that Work
Hybrid Training Models that Work Hybrid Training Models that Work
Hybrid Training Models that Work
Cynthia Clay
 
Hybrid Training Models that Work
Hybrid Training Models that Work Hybrid Training Models that Work
Hybrid Training Models that Work
Cynthia Clay
 

Recommended

The Rules of Engagement for Hybrid Learning.pptx
The Rules of Engagement for Hybrid Learning.pptxThe Rules of Engagement for Hybrid Learning.pptx
The Rules of Engagement for Hybrid Learning.pptx
Cynthia Clay
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
Archiver
 
How to Deploy Microsoft 365 Apps and Workloads.
How to Deploy Microsoft 365 Apps and Workloads.How to Deploy Microsoft 365 Apps and Workloads.
How to Deploy Microsoft 365 Apps and Workloads.
Tuan Yang
 
Cloudflare Partner Program 2020
Cloudflare Partner Program 2020Cloudflare Partner Program 2020
Cloudflare Partner Program 2020
Dan Hollinger
 
TPHK 2017 Training Schedule
TPHK 2017 Training ScheduleTPHK 2017 Training Schedule
TPHK 2017 Training ScheduleTraining Partners
 
Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18Webinar: Is the Cloud Right for You 2016-10-18
Webinar: Is the Cloud Right for You 2016-10-18
TechSoup
 
Hybrid Training Models that Work
Hybrid Training Models that Work Hybrid Training Models that Work
Hybrid Training Models that Work
Cynthia Clay
 
Hybrid Training Models that Work
Hybrid Training Models that Work Hybrid Training Models that Work
Hybrid Training Models that Work
Cynthia Clay
 
Creating Great Developer Experiences with Metrics and Automation
Creating Great Developer Experiences with Metrics and AutomationCreating Great Developer Experiences with Metrics and Automation
Creating Great Developer Experiences with Metrics and Automation
Nordic APIs
 
Rocking the Digital Workplace
Rocking the Digital Workplace Rocking the Digital Workplace
Rocking the Digital Workplace
Cynthia Clay
 
Router_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptxRouter_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptx
ssuser5a964f
 
Router_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptxRouter_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptx
ssuser5a964f
 
Secured Technology Platform Provider in Enterprise IT
Secured Technology Platform Provider in Enterprise IT Secured Technology Platform Provider in Enterprise IT
Secured Technology Platform Provider in Enterprise IT
WIKI LABS SDN BHD
 
Forging an Analytics Center of Excellence
Forging an Analytics Center of ExcellenceForging an Analytics Center of Excellence
Forging an Analytics Center of Excellence
Lewandog, Inc,
 
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
JK Tech
 
Rocking the Digital Workplace
Rocking the Digital WorkplaceRocking the Digital Workplace
Rocking the Digital Workplace
Cynthia Clay
 
LinkedIn Career Services Webinar Slides - December 2013
LinkedIn Career Services Webinar Slides - December 2013LinkedIn Career Services Webinar Slides - December 2013
LinkedIn Career Services Webinar Slides - December 2013
LinkedIn Higher Education
 
LinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or LessLinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn Higher Education
 
123JumpStart 2017 (v1)
123JumpStart 2017 (v1)123JumpStart 2017 (v1)
123JumpStart 2017 (v1)
SGTech
 
Computer Power Institute - IT Diploma Pack
Computer Power Institute - IT Diploma PackComputer Power Institute - IT Diploma Pack
Computer Power Institute - IT Diploma Pack
CPIMarketing
 
It22015 slides
It22015 slidesIt22015 slides
It22015 slides
Jim Kaplan CIA CFE
 
OData - The Universal REST API
OData - The Universal REST APIOData - The Universal REST API
OData - The Universal REST API
Nishanth Kadiyala
 
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
JSchaus & Associates
 
What's New for Libraries at TechSoup.pdf
What's New for Libraries at TechSoup.pdfWhat's New for Libraries at TechSoup.pdf
What's New for Libraries at TechSoup.pdf
TechSoup
 
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
The Digital Insurer
 
Transforming Partner Consulting Business to Capture Profit in the Cloud
Transforming Partner Consulting Business to Capture Profit in the CloudTransforming Partner Consulting Business to Capture Profit in the Cloud
Transforming Partner Consulting Business to Capture Profit in the CloudSarkis Kerkezian, PMP
 
IOT Training program
IOT Training programIOT Training program
IOT Training program
teju281
 
Rahul report
Rahul reportRahul report
Rahul report8979473684
 
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Bangladesh Network Operators Group
 

More Related Content

Similar to BdNOG-20220625-MT-v6.0.pptx

Creating Great Developer Experiences with Metrics and Automation
Creating Great Developer Experiences with Metrics and AutomationCreating Great Developer Experiences with Metrics and Automation
Creating Great Developer Experiences with Metrics and Automation
Nordic APIs
 
Rocking the Digital Workplace
Rocking the Digital Workplace Rocking the Digital Workplace
Rocking the Digital Workplace
Cynthia Clay
 
Router_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptxRouter_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptx
ssuser5a964f
 
Router_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptxRouter_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptx
ssuser5a964f
 
Secured Technology Platform Provider in Enterprise IT
Secured Technology Platform Provider in Enterprise IT Secured Technology Platform Provider in Enterprise IT
Secured Technology Platform Provider in Enterprise IT
WIKI LABS SDN BHD
 
Forging an Analytics Center of Excellence
Forging an Analytics Center of ExcellenceForging an Analytics Center of Excellence
Forging an Analytics Center of Excellence
Lewandog, Inc,
 
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
JK Tech
 
Rocking the Digital Workplace
Rocking the Digital WorkplaceRocking the Digital Workplace
Rocking the Digital Workplace
Cynthia Clay
 
LinkedIn Career Services Webinar Slides - December 2013
LinkedIn Career Services Webinar Slides - December 2013LinkedIn Career Services Webinar Slides - December 2013
LinkedIn Career Services Webinar Slides - December 2013
LinkedIn Higher Education
 
LinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or LessLinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn Higher Education
 
123JumpStart 2017 (v1)
123JumpStart 2017 (v1)123JumpStart 2017 (v1)
123JumpStart 2017 (v1)
SGTech
 
Computer Power Institute - IT Diploma Pack
Computer Power Institute - IT Diploma PackComputer Power Institute - IT Diploma Pack
Computer Power Institute - IT Diploma Pack
CPIMarketing
 
It22015 slides
It22015 slidesIt22015 slides
It22015 slides
Jim Kaplan CIA CFE
 
OData - The Universal REST API
OData - The Universal REST APIOData - The Universal REST API
OData - The Universal REST API
Nishanth Kadiyala
 
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
JSchaus & Associates
 
What's New for Libraries at TechSoup.pdf
What's New for Libraries at TechSoup.pdfWhat's New for Libraries at TechSoup.pdf
What's New for Libraries at TechSoup.pdf
TechSoup
 
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
The Digital Insurer
 
Transforming Partner Consulting Business to Capture Profit in the Cloud
Transforming Partner Consulting Business to Capture Profit in the CloudTransforming Partner Consulting Business to Capture Profit in the Cloud
Transforming Partner Consulting Business to Capture Profit in the CloudSarkis Kerkezian, PMP
 
IOT Training program
IOT Training programIOT Training program
IOT Training program
teju281
 

Similar to BdNOG-20220625-MT-v6.0.pptx (20)

Creating Great Developer Experiences with Metrics and Automation
Creating Great Developer Experiences with Metrics and AutomationCreating Great Developer Experiences with Metrics and Automation
Creating Great Developer Experiences with Metrics and Automation
 
Rocking the Digital Workplace
Rocking the Digital Workplace Rocking the Digital Workplace
Rocking the Digital Workplace
 
Router_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptxRouter_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptx
 
Router_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptxRouter_ Connecting Students through Explaining.pptx
Router_ Connecting Students through Explaining.pptx
 
Secured Technology Platform Provider in Enterprise IT
Secured Technology Platform Provider in Enterprise IT Secured Technology Platform Provider in Enterprise IT
Secured Technology Platform Provider in Enterprise IT
 
Forging an Analytics Center of Excellence
Forging an Analytics Center of ExcellenceForging an Analytics Center of Excellence
Forging an Analytics Center of Excellence
 
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
[Webinar] - Adopt QAD & Progress DBA Global Shared Services to Deliver Cost O...
 
Rocking the Digital Workplace
Rocking the Digital WorkplaceRocking the Digital Workplace
Rocking the Digital Workplace
 
LinkedIn Career Services Webinar Slides - December 2013
LinkedIn Career Services Webinar Slides - December 2013LinkedIn Career Services Webinar Slides - December 2013
LinkedIn Career Services Webinar Slides - December 2013
 
LinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or LessLinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or Less
 
123JumpStart 2017 (v1)
123JumpStart 2017 (v1)123JumpStart 2017 (v1)
123JumpStart 2017 (v1)
 
Computer Power Institute - IT Diploma Pack
Computer Power Institute - IT Diploma PackComputer Power Institute - IT Diploma Pack
Computer Power Institute - IT Diploma Pack
 
It22015 slides
It22015 slidesIt22015 slides
It22015 slides
 
OData - The Universal REST API
OData - The Universal REST APIOData - The Universal REST API
OData - The Universal REST API
 
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
 
What's New for Libraries at TechSoup.pdf
What's New for Libraries at TechSoup.pdfWhat's New for Libraries at TechSoup.pdf
What's New for Libraries at TechSoup.pdf
 
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
Webinar for July 2020 - Insights to Solutions Spotlight: Re-imagining Digital...
 
Transforming Partner Consulting Business to Capture Profit in the Cloud
Transforming Partner Consulting Business to Capture Profit in the CloudTransforming Partner Consulting Business to Capture Profit in the Cloud
Transforming Partner Consulting Business to Capture Profit in the Cloud
 
IOT Training program
IOT Training programIOT Training program
IOT Training program
 
Rahul report
Rahul reportRahul report
Rahul report
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Bangladesh Network Operators Group
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
Bangladesh Network Operators Group
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
Bangladesh Network Operators Group
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
Bangladesh Network Operators Group
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
Bangladesh Network Operators Group
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
Bangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
Bangladesh Network Operators Group
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Bangladesh Network Operators Group
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
Bangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
Bangladesh Network Operators Group
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
Bangladesh Network Operators Group
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
Bangladesh Network Operators Group
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
Bangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
 

Recently uploaded

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 

Recently uploaded (20)

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 

BdNOG-20220625-MT-v6.0.pptx

  • 1. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate 0 100 Versatility of Federated Services and its Applications 14th BdNOG Conference Date: 01 July 2022 Time: 14:30 hrs [GMT+6] Presented by Mohammad Tawrit, CEO and Khandakar Rashedul Arefin, Manager
  • 2. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Video on BdREN • Video Link:
  • 3. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate What is Federation? Without Identity Federation With Identity Federation
  • 4. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Federated Services => Benefits • Ease of Access to services • To improve the user experience through Single Sign-on • Improved security • Ease of Management of users
  • 5. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Metadata Theory => Bilateral Connectivity Bi-Lateral Connections Connecting an IdP and SP together through directly sharing metadata between each.
  • 6. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Bilateral Connectivity => doesn’t scale For each services connected to an IdP • An agreement with each SP • Swapping metadata though some agreed process (each SP may have their own process for sharing metadata) • IdP needs to be modified for each new SP added (manual process) • If the IdPs metadata changes (e.g certificate renewal) all SP need to refresh their version of the IdPs metadata
  • 7. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Bilateral Connectivity => doesn’t scale For each IdP a service connects to • An agreement with each IdP • Swapping metadata though some agreed process (each IdP may have their own process for sharing metadata) • SP needs to be modified for each new IdP added (manual process) • If the SPs metadata changes (e.g certificate renewal) all IdPs need to refresh their version of the SPs metadata
  • 8. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Federation Architecture The IdP • Users • IdP Metadata The SP • A service being offered to users • SP Metadata The Federation • Federation Policy • Metadata Registration Practice Statement (MRPS) • Metadata Signing Key • Signed Federation Metadata
  • 9. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate IdP Joins Federation An IdP Joins the federation… • Using Jagger it • Registers its metadata • Connects with the federation The Federation Operator will… • Verify the organisation based on rules in the MRPS Jagger will • Validate the metadata provided • Add the metadata to federation metadata • Sign and publish the updated metadata.
  • 10. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate SP Joins Federation A SP Joins the federation… • Using Jagger it • Registers its metadata • Connects with the federation The Federation Operator will… • Verify the organisation based on rules in the MRPS Jagger will • Validate the metadata provided • Add the metadata to federation metadata • Sign and publish the updated metadata.
  • 11. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Getting the Signing key IdPs and SP need a copy of the metadata signing key. • Download the key from a known location • Verify the key • Add the key to their configuration The Federation operator must make the signing key available for download • MUST key the private half of the key private!
  • 12. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Get the Federation Metadata IdPs and SPs get the common signed metadata file from the federation operator • Download the file • Verify it has not been modified using the signing key • Repeat every hour When IdP or SP metadata changes… • The change is made in Jagger • It is published to the federation metadata and signed The change is then consumed by all federation members
  • 13. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate How Federation Works?
  • 14. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Applications • eduGAIN • eduroam • OpenRoaming • Research Paper Access • Zoom as a Service • Other Applications
  • 15. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata Now to extend into eduGAIN…
  • 16. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
  • 17. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
  • 18. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
  • 19. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
  • 20. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
  • 21. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN Metadata
  • 22. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduGAIN links What is eduGAIN… https://edugain.org/ Who is participating… https://technical.edugain.org/status What services are available… https://technical.edugain.org/entities Which IdPs are participating… https://technical.edugain.org/entities What about the policy… https://technical.edugain.org/documents
  • 23. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduroam => what it is? • eduroam is a global WiFi roaming consortium which gives members of education and research Community access to the internet for free on all eduroam hotspots on the planet.
  • 24. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduroam hierarchical structure .bd BdREN NRSs BdREN SUST SAU SBAU BUET IUB MBSTU JUST PSTU PUST DUET BRUR KUET IU BSMRAU IUT CUET EU BoU .bd Federation Operators IdPs and SPs Inter- Federation Operatos
  • 25. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Service/Identity Provider Eduroam -->> flow of authentication (local) BdREN NRS HERNET/AARnet TLR mafiz@ru.ac.bd mafiz@ru.ac.bd mafiz@ru.ac.bd RU IRS DTU IRS Rajshahi University Technical University of Denmark DeIC NRS Local Authentication Access Accept/Reject
  • 26. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Eduroam -->> flow of authentication (In-Roamer) BdREN NRS HERNET/AARNet TLR Martin@dtu.dk Martin @dtu.dk Martin@dtu.dk Martin@dtu.dk Martin@dtu.dk RU IRS DTU IRS Rajshahi University Technical University of Denmark DeIC NRS Martin@dtu.dk Martin@dtu.dk Foreign Authentication Access Accept/Reject Service Provider Identity Provider
  • 27. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduroam security Concern (is it safe?) AUTHENTICATION: 802.1x AUTHENTICATION [INNER TUNNEL] MSCHAPV2.0 AUTHENTICATION [Outer TUNNEL] EAP-TLS
  • 28. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate MSCHAPv2.0 -->> Inner Tunnel Authentication I would like to login, username: james Here’s your challenge message: 15472a309fe22789efa522d45c7af9ad pass111+ 15472a309fe22789efa522d45c7af9ad Hashing Expected challenge response: db3fc40e6439d4d972870252ccc11f99 Pass111+ 15472a309fe22789efa522d45c7af9ad Hashing Challenge response: db3fc40e6439d4d972870252ccc11f99 Challenge Response: db3fc40e6439d4d972870252ccc11f99 Access Accept Username: james Password: pass111 MSCHAP Server Client Challenge Response Matched Challenge Message 15472a309fe22789efa522d45c7af9ad
  • 29. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate eduroam authentication -->> full flow Supplicant Radius Server Authentication Server Certificate Supplicant Certificate Authentication Server Certificate Supplicant Username, Password Hash Exchange of Information and Creation of Outer Tunnel MSCHAP Challenge Authenticator EAP Request-ID EAP Response ID Radius Request ID EAP-TLS Start Client Hello Radius Server’s Public Key Supplicant’s Public Key Radius Server’s Public Key  Client and Server both have valid Certificate containing their “Public Key”  Client and Server share their Certificate thereby share their “Public Key”  Client encrypts its credentials using Server’s Public Key  Server encrypts its traffic using Client’s Public Key Outer Tunnel: EAP-TLS Provide/Reject Access Initialization Outer Tunnel Inner Tunnel
  • 30. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate Eduroam security • Framework 802.1x: – Radius with tunneled EAP (TTLS, PEAP) Outer Tunnel Outer Tunnel Inner Tunnel
  • 31. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate • ISPs can come forward to allow their hotspots under the coverage of eduroam for the benefit of education and research community. What ISPs will require?  Access Point with Dual SSID broadcast facility  Access Point having 802.1x authentication feature Hotel Airport Fervent Appeal
  • 32. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate • Challenges: • Routing Radius Request: • Need an hierarchy same as NRENs • IRS  NRS  TLR/eTLR • Also can be accomplished by dynamic resolution of RADIUS service from Domain Name Server using SRV record resolution [Overcome using OpenRoaming] • Billing: • Not an NREN concern as NRENs are non-profit organizations • A real challenge for ISPs as they need to charge the subscribers [Yes, it can be accomplished using OpenRoaming as well] Can Commercial ISPs do it?
  • 33. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate OpenRoaming -- >> Architecture
  • 34. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate OpenRoaming => Authentication Flow Configure DNS Enterprise based security and Hotspot 2.0 IDP Discovery EAP/TLS Authentication, Policy and Accounting WPA2 EAP/TLS WPA2
  • 35. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate OpenRoaming Requirements • Wireless Networks • Cisco Wireless Networks • Cisco AireOS based WLC running AireOS 8.3 or later plus Cisco DNA Spaces SEE • Cisco Catalyst 9800 WLC running IOS-XE 16.12 or later plus Cisco DNA Spaces SEE • Cisco Meraki® plus Cisco DNA Spaces SEE • Service Provider • Top Venues in the world including Cannery Wharf, Clair and the Fira de Barcelona • Identity Provider • Samsung, Boingo Wireless • Apple ID • Google ID • End device • Samsung Devices [Android 10 or higher] using Native OS • iPhone [iOS 13.3 or higher] using OpenRoaming Mobile App • Android [Android 9.0 or higher] using OpenRoaming Mobile App • Google Pixel [Android 11.0 or higher] using Native OS
  • 36. © Bangladesh Research and Education Network, All Rights Reserved Connect Collaborate Innovate