Moonshot trajectory
DATE: 21 November 2012
TIME:
ROOM: Alternative
TOPIC:
CONVENER: Lukas
SCRIBE: Lukas
# of ATTENDEES: Rhys
MAIN ISSUES DISCUSSED
Currently, it's difficult to get an overview about Moonshot and all its
technologies. RFCs are to detailed to understand the big picture ->
Documentation clearly has to be and will be improved.
Moonshot can be supported by participating in the pilot starting 2013,
either via eduGAIN task in GN3+ or as independent organisation.
Moonshot is heavily based on Radsec which is a more secure and p2p-based
version of radius. It does not rely on a hierarchy but establishes
direct end-to-end connections.
What has to be deployed/provided by:
NREN:
Deployment guides and instructions for Moonshot-enabling servers
(e.g. ssh, exchange),
Trust router for transitive trust
Home Organisation
Radius server and optionally a SAML server (alternatively pySAML can
query LDAP directly)
Users
Moonshot libraries and on some OS a Moonshot identity selector
Moonshot will also come with a community portal that allows any moonshot
user to create a community with a specific policy for this community.
Realms decide whether a user is in a community. Some trustrouters can be
authoritative for community. Commmunity membership is expressed as
entitlement attribute. Portal bascally is 3rd party attribute provider.
Multiple portals can and probably will be operated (e.g. one per
federation, one in GEANT, ...). Portal is developed by JISC. Uses LDAP
and PHP.ACTIVITIES GOING FORWARD / NEXT STEPS
- ...
RESOURCES
- ...
If slides, websites or other pointers for information are used in the session, please attach them to this page or send them to the secretary for posting.
If you don't have an account on the TERENA wiki you can post your notes as a comment to this page - and they'll be incorporated into the notes and then deleted.