Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

TF-OpenSpace – Session 1, room 7.   16 October 2013. 

Lead by: Anders Nilsson & Tom Barton

Attendees: Anders Lördal, Brook, Chad, Paul, José-Manuel, Hideaki, Tom (Barton & Myren), Tomi.

Notes: Brook Schofield

Problem: NRENs an Onboarding providers: Problems & opportunities.

 

In the balance of Connectivity vs Security => Connectivity always wins.

Users will type their passwords into anything to get connectivity.

We need to rebalance that and ensure only "safe" options are presented to the user.

EAP-TLS is loved by security purists. Certificate deployment is problematic.

Username/Password is better for users. Perceived as easier. They want the experience to "just work".

 

The problem with Android

There are insufficient Android devices that perform certificate validation (for EAP-PEAP/TTLS).

Solved on v4.4 - but where is that? http://developer.android.com/about/dashboards/index.html

EAP-pwd solves this on Android and with versions since 4.0 (approx 70% of the market)

NIKHEF Helper application (https://play.google.com/store/apps/details?id=org.nikhef.eduroam) is in the Google Play store and generates EAP-TLS in exchange for federated credentials.

 

EAP-TLS => Per device profile is a good idea and easy to revoke access for individual devices rather than hard password reset which interrupts everything.

 

InCert

  • Native Store (multiple)
  • Check validity on Login
  • EAP-TLS
  • Local Device Setup
  • VPN and other services
  • Windows, MacOS & iOS (TODO next is Android)

 

NRENs as onboarding providers

Three (3) components exist:

  1. Certificate Issuing (Confusa)
  2. Provisioning (Configuration Assistant Tool, CloudPath, InCert)
  3. IdP (DEAS)

Could be deployed as a Centralised services OR Confined Environment.

 

ActiveDirectory -> Cloud RADIUS service is harder than deployying RADIUS locally.

EAP-TLS - Why? Home Orgs w/o IdPs (Google Apps) are still an opportunity.

 

[ACTION] InCert + NIKHEF to investigate collaboration on the Android platform.