Roaming Network Access Using Shibboleth

There are activities aiming at abling users to dock to a wireless or wired network while visiting organisations outside the premises of their usual connection to the network. These activities, known as roaming access to network, are usually based on well-known technologies, such as RADIUS, IEEE 802.1X, VPN or HTTP redirection. On the other hand, there are applications, usually on the web, that are supposed to be accessed across organisational boundaries. The required infrastructure, known as identity federation, takes care of user authentication and authorisation in the participating organisations. Federating software, based, for example, on XML and SOAP, is being developed in the Internet and academic communities. This research combines the two and implements roaming access to network on Shibboleth, a federating software developed in Internet2. As a result, a unified model was achieved for authentication and authorisation both for network and application access. The architecture makes rolebased authorisation easy and provides a single sign-on while preserving the user's privacy. A practical experiment is going on at the University of Helsinki.