A Proposal for Extending the Eduroam Infrastructure with Authorization Mechanisms
نویسندگان
چکیده
Identity federations are emerging in the last years in order to make easier the deployment of resource sharing environments among organizations. One common feature of those environments is the use of access control mechanisms based on the user identity. However, most of those federations have realized that user identity is not enough to offer a more grained access control and value added services. Therefore, additional information, such as user attributes, need to be taken into account. This paper presents how one of those real and widely spread identity federations, eduroam, has been extended in order to make use of user attributes and to adopt authorization decisions during the access control process. This authorization framework has been integrated by means of the NASSAML infrastructure, which defines a network access control service based on SAML and the AAA architecture.
منابع مشابه
TITLE: Deploying Authorization Mechanisms for Federated Services in eduroam (DAMe)
Identity federations are emerging in the last years in order to make easier the deployment of resource sharing environments among organizations. One common feature of those environments is the use of access control mechanisms based on the user identity. However, most of those federations have realized that user identity is not enough to offer a more grained access control and value added servic...
متن کاملEduroam: past, present and future
The number of mobile devices within academia has increased significantly over the last couple of years and users expect to be able to get connectivity everywhere, at home, on the road and at educational institutions. At the same time however, the security of wireless LANs becomes more and more of a concern In 2003, the TERENA Task Force on Mobility [1] was created to look at WLAN security issue...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملOperational Support of Wireless Mesh Networks Deployed for Extending Network Connectivity
Wireless mesh networks (WMNs) have shown high potential to extend the coverage of high bandwidth infrastructure networks. We propose a deployment of a WMN for the needs of higher education institutes. In order to provide extended coverage to campus networks, several open issues such as authentication and authorisation of connected nodes, accounting of network usage and auditing of the network, ...
متن کاملPolicy Management and Inter-domain Mobility for eduroam through virtual Access Points (vAPs)
This work studies the application of the virtual Access Point (vAP) technology to the eduroam [1] service. The vAP technology is based on instantiating multiple Access Point instances over a single physical WLAN radio, without requiring support for any special feature on the mobile devices. In this work vAPs are used for the purpose of enabling perrealm policies at the wireless segment, and fac...
متن کامل