========================================================================

city of trento : wilma project =>for andrew : timing

1:30 to 9:30pm
========================================================================
c:\documents and settings\ashish.kumar\spark\user\ashish.kumar@primaryad\downloads
http://en.wikipedia.org/wiki/radius
http://en.wikipedia.org/wiki/captive_portal
http://www.zeroshell.net/eng/
http://networking.dit.unitn.it/unify-main.html
http://en.wikipedia.org/wiki/dhcp
http://www.voip-info.org/wiki/view/sip+authentication
http://en.wikipedia.org/wiki/session_initiation_protocol
http://en.wikipedia.org/wiki/component_object_model
http://programmerworld.net/books/visual_c%2b%2b.htm // free ebook on vc++
download
http://www.freeradius.org/rfc/attributes.html
http://aspnet.4guysfromrolla.com/articles/030503-1.aspx#postadlink //google web-
services

http://www.dslreports.com/forum/r19290029-captive-portal-and-radius-servers-for-
hot-spots
http://www.ban-solms.de/t/ipcop-copspot.html
http://images.google.co.in/imgres?imgurl=http://www.ibm.com/developerworks/eserver
/library/es-
radius1/figure1.gif&imgrefurl=http://www.ibm.com/developerworks/eserver/library/es
-
radius1/index.html&h=365&w=300&sz=11&hl=en&start=17&um=1&tbnid=z5vhsnb3x9ogjm:&tbn
h=121&tbnw=99&prev=/images%3fq%3dradius%2bserver%26svnum%3d10%26um%3d1%26hl%3den

==========================================================
http://www.voip-info.org/wiki/view/sip+authentication
==================================================================================
=========
-----------------------------------
sip(session initiation protocol)
-----------------------------------
provides a stateless, challenge-based mechanism for authentication that is based
on
authentication in http. any time that a proxy server or ua receives a request
(with the exceptions given in section 22.1), it may challenge the initiator of the
request
to provide assurance of its identity. once the originator has been identified,
the recipient of the request should ascertain whether or not this user is
authorized to
make the request in question. no authorization systems are recommended or
discussed in this
document.

------------------------------------------------
dynamic host configuration protocol (dhcp)
------------------------------------------------
is a protocol used by networked devices (clients) to obtain various parameters
necessary for the clients to operate in an internet protocol (ip) network. by
using this protocol, system administration
workload greatly decreases, and devices can be added to the network with minimal
or no manual configurations.
=========================================================================
http://en.wikipedia.org/wiki/dhcp =dynamic host configuration protocol
==================================================================================
=========

capwap = control and provisioning of wireless access points (capwap)

radius = remote authentication dial in user service (radius)

is an aaa (authentication, authorization, and accounting)

protocol for controlling access to network resources.
radius is commonly used by isps and corporations managing access to
internet or internal networks across an array of access technologies
including modem, dsl, wireless and vpns.

------------------------
uni-fy at a glance
------------------------
uni-fy is a wireless lan and hotspot management system based on the general idea
of captive portal,
with distributed authentication, security, firewalling, and similar capabilities.
it smoothly interfaces with dhcp management, nat/firewalling and capwap features.
external vpn access can be supported if needed and multiple parallel
authentication data bases are natively supported.

---------------------------------------
the ``captive portal'' technique
----------------------------------------
when the client obtains an ip address, it still cannot browse the web.
when the browser is pointed to some url, it will first perform a dns query, to
which the gateway is transparent
the dns query will concern either the domain name of the requested website or, if
the proxy server has been correctly set,
the proxy ip.
this technique is generally known as captive portal, and nocat[2] is probably the
best known open source implementation.

-------------
realm:
-------------
a string to be displayed to users so they know which username and password to use.

this string should contain at least the name of the host performing the
authentication and might additionally indicate
the collection of users who might have access. an example might be
"registered_users@gotham.news.com".

----------------------------------------
failure to authenticate - 401 or 407?
----------------------------------------
1. if the origin server does not wish to accept the credentials sent with a
request, it should return a 401 (unauthorized)
response. the response must include a www-authenticate header field containing at
least one (possibly new) challenge
applicable to the requested resource.

2. if a proxy does not accept the credentials sent with a request,

it should return a 407 (proxy authentication required). the response must include
a proxy-authenticate header field
containing a (possibly new) challenge applicable to the proxy for the requested
resource.

==================================================================================
=====================================
http://networking.dit.unitn.it/unify-main.html
==================================================================================
=====================================
==================
captive portal
==================
the captive portal technique forces an http client on a network to see a special
web page (usually for authentication
purposes) before surfing the internet normally. captive portal turns a web browser
into a secure authentication device.
this is done by intercepting all packets, regardless of address or port, until
the user opens a browser and tries to
access the internet. at that time the browser is redirected to a web page which
may require authentication and/or payment,
or simply display an acceptable use policy and require the user to agree. captive
portals are often employed at most wi-fi
hotspots, and it can be used to control wired access (e.g. apartment houses,
hotel rooms, business centers, "open"
ethernet jacks) as well..

========================
wilmagate
=======================
is a collection of open source tools for authentication, authorization and
accounting on an open access network.
it has been initially developed by the computer networks and mobility group at the
university of trento (italy).

its development has been part of the locally-funded wilma project and is now being
prosecuted by the twelve project
under the name uni-fy. it is currently being used for wireless authentication at
the faculty of science at the
university of trento and by the uniwireless network of italian research groups
participating to the twelve project.

==========================
peap
==========================

protected extensible authentication protocol, protected eap, or simply peap

(pronounced "peep"),
is a method to securely transmit authentication information, including passwords,
over wired or wireless networks.
it was jointly developed by cisco systems, microsoft, and rsa security. note that
peap is not an encryption protocol;
as with other eap types it only authenticates a client into a network.