terena networking conference 2010

A scalable and reliable roaming system for eduroam JP

Hideaki Sone, Hideaki Goto (Tohoku University)

1. "eduroam JP" The "eduroam JP" started its operation in 2006, and is working for research and development of network roaming systems to solve scalability and security problems in the conventional eduroam architecture. 2. Delegate authentication system as a scalable roaming system The scalability problems in eduroam are caused by a fact that Japan has more than 1200 high-education institutions, and include the high operational costs to build and maintain many RADIUS servers at every institution and a huge nationwide RADIUS proxy tree. Our Delegate Authentication System (DEAS) is a centralized ID provider (IdP) which works in federation with each institution. The DEAS IdM issues user accounts USER@INSTITUTION.eduroam.jp, and registers those accounts in the DEAS RADIUS server to work as a node in the eduroam RADIUS tree. The institution receives the accounts, and assigns those accounts to its members depending on the institution's authentication. The DEAS improves operation and stability of national eduroam, as well as the cost at each institution to join eduroam. The account also works as a countermeasure against the location privacy problem. 3. Collaboration with a commercial WLAN operator The “eduroam JP” and a commercial WLAN service operator Livedoor have started collaboration to provide eduroam service over 2000 access points in the downtown Tokyo region.

Download poster (PDF)