Scribd Logo
Upload

Welcome to Scribd!

  • 08 Moonshot RhysJohn

    Uploaded by

    vimal_rajkk
    53 views24 pages
    Moonshot

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Moonshot

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    53 views24 pages

    08 Moonshot RhysJohn

    Uploaded by

    vimal_rajkk
    Moonshot

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Project Moonshot

    TF-MNM
    Project Moonshot

    Use cases

    2
    Grid computing @ STFC

    STFC operates the UK’s National Grid Service

    •Existing X.509 authentication is too complex for users

    •Goal to simplify authentication across distributed computing Grids

    “We aim to streamline access services using Moonshot technology, which will
    take the burden of authentication out of the hands of our users.”

    Dr Peter Oliver, Group Leader, Science and Technology Facilities Council

    3
    Console access @ Diamond Light Source

    The UK’s national synchrotron facility

    •Piloting Moonshot within the PANDATA project, which supports


    30,000 scientists at 20+ photon and neutron facilities

    •Federated access needed to physical and remote (SSH) consoles

    “Moonshot has thought beyond websites, and looked at what is really required in
    authentication – right down to the point when you open your laptop to begin work.”

    Bill Pulford, Head of DASC, Diamond Light Source

    4
    Sharing data @ Cancer Research UK
    Cancer Research UK is the world’s leading charity dedicated to beating cancer
    through research.

    •The institutes form ad hoc relationships to collaborate for research purposes,


    but when the need arises to share data and documents, each institute can only
    authenticate within their own organisation.

    “Moonshot is a valuable enabler for Cancer Research across the UK. It will make
    collaboration systems easy to build internally so that we can quickly share large data
    sets between institutes, without complicating the management of that system.”

    Peter Maccallum, Head of IT & Scientific Computing, CRUK Cambridge Research Institute

    5
    Cloud services @ Janet Brokerage
    The Janet Brokerage works with the community and suppliers to provide solutions
    based on ‘IT as a service’, facilitating the uptake of data centre, hosted and cloud
    services

    • Create efficiencies and cost savings

    • Accelerate and improve services and add value

    • Reduce risk in adopting new services

    • Address technical and business questions

    • Create a competitive market based on sound technical platforms

    6
    The main challenges from our customers

    Extend the use of federated identity to all network-connected


    systems, applications and services

    Support any deployment model: centralised, distributed & cloud

    Enable the use of any kind of authentication credential

    Supersize it! Enable this for millions of system entities and users

    7
    Project Moonshot

    Technology overview

    8
    Moonshot technologies

    Moonshot builds on the eduroam technologies


    • EAP (RFC 3748): strong mutual authentication
    • RADIUS (RFC 2865): federation between domains

    To this, Moonshot adds


    • SAML, for rich authorisation semantics
    • Integration using operating system security APIs
    • SSPI: Windows
    • GSS-API (RFC 2078): Other operating systems
    • SASL (RFC 4422): Windows and other operating systems

    9
    Deployment requirements
    Most Higher Education organisations are nearly Moonshot-ready today

    • A connection to eduroam

    • A RADIUS server (any modern RADIUS product should support pre-


    production testing today). There is also an experimental capability to integrate
    FreeRADIUS with the Shibboleth IdP

    • Moonshot client and server plug-in


    • Linux: packaging available for Debian & RHEL; Scientific Linux soon
    • Windows: native support using prototype plugin
    • Mac: Packaging almost complete for Snow Leopard and Lion

    • Moonshot Identity Selector to facilitate the selection of an identity to use,


    for GUI environments (Windows, Mac & Linux)

    10
    Architecture

    (1) Credentialing

    (6) SSH session (3) Authentication


    (5) Attributes

    (2) SSH negotiation (4) RADIUS


    SSH client SSH server RADIUS server

    OpenSSH used as example of application; many others also apply

    11
    Application support

    Most modern applications use at least one of the security APIs


    supported by Moonshot

    Correctly written applications will ‘just work’ without modification


    or recompilation

    Less correctly written applications may require minor modifications

    Project Moonshot is testing applications and sending patches


    upstream

    12
    PuTTY  OpenSSH

    13
    IE  Apache

    14
    Outlook 2010  Exchange 2010

    15
    Examples of other tested scenarios
    • OpenSSH client  OpenSSH server (GSS)

    • OpenLDAP client  OpenLDAP server (SASL)

    • OpenLDAP client (GSS)  Windows Active Directory (SSPI)

    • Firefox  Apache (GSS)

    • Internet Explorer  IIS (SSPI)

    • MyProxy client  MyProxy server (SASL)

    • Adium  Jabberd (SASL)

    • Console authentication using PAM/GSS on Linux and SSPI on Windows

    16
    Standardisation

    The architecture is currently being standardised within the IETF’s


    ‘Abfab’ working group

    See https://datatracker.ietf.org/wg/abfab for documents

    The key documents are


    •draft-ietf-abfab-arch describing the high-level architecture
    •draft-ietf-abfab-gss-eap describing the core “GSS EAP” technology
    •draft-ietf-abfab-aaa-saml describing the use of SAML
    Get involved!
    The project is Janet-led initiative, with contributions from GÉANT and others

    •http://www.project-moonshot.org/using describes installing, configuring and


    using Moonshot. An installable Live DVD (Debian-based) is available, in addition
    to Debian, CENTOS and Scientific Linux packages

    •https://www.jiscmail.ac.uk/MOONSHOT-COMMUNITY is our community


    mailing list

    •We also have a Jabber room at moonshot@groupchat.nordu.net


    Project Moonshot

    Technology pilot

    19
    Technology pilot goals

    1. To test the suitability of the Moonshot technology


    for deployment, focusing on e-Research use cases

    1. To identity what further work is needed to support


    the wider community’s use of the technology

    2. To plan, implement or support this additional work

    20
    Current status

    • Pilot sites connected to Janet’s eduroam infrastructure

    • Software ready for pre-production testing only

    • Production-quality environment due Q1 2012

    • IETF standardisation approaching completion

    • On-going discussions with OS and application vendors

    21
    Project Moonshot

    Future plans

    22
    The next six months
    The primary activities will be

    • Continuation of existing Technology Pilot

    • Improvement and refinement of core software

    • Out-reach to other stakeholders

    • Development the final element needed for a production-ready service

    • Completion of standardisation

    23
    Conclusions

    Moonshot provides a standardised next-generation identity & trust


    technology

    Moonshot builds on widely deployed technologies and


    infrastructure

    Moonshot provides a cross-platform implementation ready for pre-


    production testing

    Moonshot will provide the trust & identity platform for Janet’s
    services

    24

    You might also like