Building a federation at the Interop Labs Hot Stage

by Matthew Gast

Related link: http://www.oreillynet.com/pub/a/wireless/2005/01/01/authentication.html



This past week, I've been at the Interop Labs hot stage in Belmont, California. For a week, we get together to built the set of demonstrations that will appear in the iLabs booth on the Interop show floor. This year, I'm working with the Full Spectrum Security technology initiative, which has been a good way to indulge my interest in authentication systems.

Networks that are confined to a relatively small geographic area and under homogenous administration are fairly easy to build. The challenge comes when you have multiple political divisions and wide geographic scale. Universities are tackling the problem largely because departments are distinct political entities, though some state-wide systems may also need to deal with large geographic scales. I've also worked with quite a few multi-national companies that have grown through acquisition, and have not yet stitched together disparate IT systems.

The iLabs team is using the authentication system we built for the show to run a few experiments that are relevant to federated environments. One experiment is to assess the interoperability of different RADIUS servers in a proxy environment, and to determine how well new security services function in a proxy environment. The next step is to take the demonstration to the show floor at Interop in a month. We will be attaching the iLabs authentication system to Eduroam to see how well authentication works when sent through multiple levels of proxy. A test account will be set up at the University of Oslo in Norway. We will connect directly to Norway and assess the user experience. Eduroam is being extended to the United States, and we also plan to connect the iLabs to the United States root server at the University of Utah.