www.canarie.ca

www.canarie.ca www.canarie.ca

Chris.Phillips@canarie.ca

My digital identity . . .

www.canarie.ca www.canarie.ca

Or is it?

Chris Phillips

Chris Phillips

Chris Phillips

Chris Phillips

www.canarie.ca www.canarie.ca

How do you ensure the “right” Chris Phillips

receives access to your resources?

www.canarie.ca

Similar in Name and Mission

Collaborating at a Global Scale

www.canarie.ca

Ensures a trusted, unified, digital identity for research and education

www.canarie.ca | www.restena.lu

How Eduroam Works

Slide 7

id: leandro@rnp.br realm: canarie.ca realm: uni.ca

realm: ca

Confederation Servers

Federation Server

realm: rnp.br

realm: br

realm: uni.br

www.canarie.ca

Over

www.canarie.ca www.canarie.ca

Recent Stats •  Thousands (~10000+) points of presence for eduroam SSID •  60 countries/regions in production, 27 in pilot •  60,000,000+ successful transactions processed monthly •  Between 10-13% is international traffic

-

5,000

10,000

15,000

20,000

25,000

30,000

35,000

40,000

at bg cz dk fi hr ie it mk no pl rs se uk

1hr of Global eduroam successful signons May 14th, 2013 4pm CEST (peak)

161,238

23,553

∑ National ∑ International

Comparing Domestic & International – May 14th, 2013, 4pm CEST (peak)

www.canarie.ca | www.restena.lu

Eduroam Today

Slide 10

id: pleandro@rnp.br realm: canarie.ca realm: uni.ca

realm: ca

Confederation Servers

Federation Server

realm: rnp.br

realm: br

realm: uni.br

Predicting Growth–Hard, but necessary •  Needed for preservation of quality & enough runway to act •  Crystal BallàAssumptions: ratio 2:87:10000:50MM, or

•  10 countries/yr, ea. w/114 ‘domains’ & 575k signons/mth •  Adding another 30 countries, requires 1 more root server •  No one has any more devices than they do today J •  There are 193 countries/regions worldwide •  ..What does this look 3 years out then?

Today: x87 countries

Today: x2 roots svrs

Today: 10,000+ sites

+3yrs: x117 countries

+3yrs: 3? roots svrs

+3yrs: 13,348+ sites

In 3 years from now..

www.canarie.ca

www.canarie.ca

The Virtuous Cycle

A condition in which a favourable result gives rise to another that supports the first

www.canarie.ca

The Virtuous ICT Cycle

www.canarie.ca

The Virtuous ICT Cycle

www.canarie.ca

The Virtuous ICT Cycle Size increase

Announcing new eduroam members Costa Rica (RedCONARE) Argentina (Innova|RED) Colombia (RENATA) Mexico (CUDI) Ecuador (CEDIA)

www.canarie.ca

The Virtuous ICT Cycle Increasing cycle velocity

Recent Activities: Norway – eduroam in 19 airports Japan – hosted RADIUS, emergency network Eduroam Companion, Config Assistant Tool CAF – Appliance approach to eduroam/SAML

www.canarie.ca

eduroam in Norway Airports •  6 month pilot, 19 airports •  SSID is like any other commercial

offering: •  Layer 2 monthly ‘condo fee’ •  Per user MB charges, capped •  Unique MAC counts active users

•  Early #’s:Oslo ~80% MAC+AuthN •  Outcomes – too early to tell.

eduroam in Trondheim •  Offered by local provider •  Relationship is through school, not

centrally •  SSID is available free

www.canarie.ca 18

Japan’s DEAS

RADIUS IdP

RADIUS proxy

auth requests

<secret key 2>

Institution’s RADIUS server

access points

Delegate Authentication System (DEAS) or Shibboleth-based eduroam account issuer

national RADIUS

<secret key 1>

AP system by ISP/carrier

national IdP service

www.canarie.ca

eduroam in disaster-affected campuses •  Borderless eduroam helped suffering staff

–  Nomadic network in temporary evacuation campus •  Tohoku University faced the big earthquake in March.

–  Many buildings were severely damaged. –  Staff moved to other buildings where networks are operated by different

departments. –  eduroam is an effective rescue for them to use network --- Inter-

department roaming network

Additional  APs

Eduroam  APs

Center

Damaged  depts

Network  ID

www.canarie.ca

Eduroam Companion App

•  Based on registry & published by XML •  XML files aggregated centrally by eduroam.org & available for apps •  Designed for global use •  Built by University of Southampton, available on android and iPhone

www.canarie.ca

•  Powerful web based eduroam configuration delivery system

•  Builds & hosts profile installers for all platforms and devices(MSFT,Apple, Linux)

•  Profile = specific configuration on your device to connect to the network

•  Delegated admin for all of eduroam Federation Level down to site level

•  Multi-lingual throughout

www.canarie.ca

CANARIE CAF Identity Appliance Approach

•  Inspired by SWAMID SAML installer work

•  eduroam automated build of FreeRADIUS takes minutes to install on blank CentOS

•  Dramatically reduces overall effort by participant

•  Sometimes longer to talk about policy and get firewall settings in place than to do actual install

•  In pilot phase now.

www.canarie.ca

Eduroam configuration guide by RNP

•  Recently published guide for sites configuring eduroam •  Available in hard copy and electronic

www.canarie.ca

Common Themes •  The tool collection is always expanding and being refined. •  What’s important for you generally will be important to all. •  New or Old, eduroam always has something for you

http://www.flickr.com/photos/chazferret/2075442918/

www.canarie.ca

Consequences of not participating •  You do everything, as a point solution, on your own •  no common good to draw on •  Cost increases •  Reach stays the same – ie. it diminishes compared to others •  Collaboration is more difficult •  Innovation slows down •  Community by passes you because you can’t keep up

www.canarie.ca

What does the future hold for eduroam?

www.canarie.ca

Buckets of Possible Work •  Monitoring and operational improvements •  Network resilience and robustness •  Continue to make it as easy as possible to use, for all aspects •  Communication & collaboration improvements •  Security •  Research

http://www.flickr.com/photos/linneberg/4481309196/sizes/l/in/photostream/

www.canarie.ca http://www.flickr.com/photos/wiemann/1521876735/

www.canarie.ca http://www.flickr.com/photos/wiemann/1521876735/

Some Signs we are preferred… •  Use of eduroam over ‘free’ wifi •  Eduroam SSID is sought after for conferences and events •  Others emulating the service •  Gaining transit in new areas at reduced costs

www.canarie.ca http://www.flickr.com/photos/kalexanderson/8024593675/

Why ‘Free’ is never really free

•  you are always exchanging SOMETHING •  Time – accepting multi-screen Terms & Conditions repetitively. •  Personal data – Do you really need my passport or CPF? •  Security risk - how do I know this wifi won’t do something evil?

www.canarie.ca

Guiding Principles •  Be where the user needs us to be •  Maintain ease of use •  Continue to be vigilant about security •  Continue to be the advocate for the end user •  Do this consistently and reliably

http://www.flickr.com/photos/cmichel67/3899744510/sizes/o/in/photostream/

www.canarie.ca http://www.flickr.com/photos/shutter/105497713/sizes/l/in/photostream/

You’re Invited! To join and/or collaborate and be a part of the vibrant eduroam community.

www.canarie.ca

www.canarie.ca

Chris Phillips

Chris.phillips@canarie.ca

CANARIE, 45 O’Connor St., Ottawa, Ontario