Hi. Yes, interesting. We have been working on this very thing up at UHI.
Basic concept: Using a linux box running ipfilters, it walls off a subnet
to all unknown machines, throws the unknown user out to an IdP, and upon
auth, throws the user's (now known) mac into the filter with a timeout to
allow them through.
Is it worthwhile us putting in a blurb to the consultation about this,
Nicole, or would it simply distract?
Would other people find this approach useful or not?
<quote who="Nicole Harris">
> Hi Jon
> The simple answer is that the issue of integrating Shibboleth with radius
> eduroam / 802.1x is being discussed and taken forward within an
> international working group and it is very likely that the eduroam
> and shibboleth technology will interact - in the same way that the
> Netherlands use A-Select and 802.1x together.
> The larger argument is all about AA for network access and AA for
> application access - which is quite neatly discussed in the following
> to save my brain: http://www.surfnet.nl/info/attachment.db?97653.
> The University of Helsinki has explored shibboleth-based roaming, so this
> not an impossibility. There is information about the trials here:
> However, I think it is sensible for UKERNA to align themselves as closely
> possible with the standards mandated within eduroam as a whole, and use
> international working group to bring this work together with shibboleth -
> rather than starting from a different position to the rest of eduroam
> if we are being very English and using a different name).
> Hope that helps
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Jon Warbrick
> Sent: 08 December 2005 12:56
> To: [log in to unmask]
> Subject: Re: Janet roaming consultation exercice
> On Thu, 8 Dec 2005, Jon Warbrick wrote:
>> Are people who are working on Shibboleth in the UK aware of the current
>> 'Janet Roaming Consultation Exercise'...
> Sorry, intended to say: "... details at
> Jon Warbrick
> Web/News Development, Computing Service, University of Cambridge
Head of e-Frameworks
Learning and Information Services