EduVPN Programme

Funded in 2017

– eduVPN is an initiative to make VPN technology commonly available, by building better and more user-friendly tools.

We live in a society that wants to be online whenever possible, and WiFi is popular technology for achieving this. Unlike the “home” situation which could be described as a trusted network, we also make heavy use of public offerings of WiFi, which we describe as guest networks, and which are in a special position that could make them perform a number of rogue attacks on our connections.

A number of dangers of using WiFi on such guest networks has been identified, and methods of running a trusted network over such potentially rogue connections have been devised. EduVPN is an implementation of such facilities which was originally designed with educational institutions as an audience.

 


Searsia Project

Funded in 2017

– Searsia is an open source engine and a protocol, created by academic researchers. The Searsia software is open source and available from the Searsia project website.

Searsia provides the means to create a personal, private, and configurable search engine, that combines search results freely from a very large number of sources. Searsia enables existing sources to cooperate such that they together provide a search service that resembles today’s large search engines. In addition to using external services at will, you can also use it to integrate whatever private information from within your organisation – so your users or community can use a single search engine to serve their needs.

Using Searsia you can :

* Manage and share large collections of independent sources;
* Select for each query the most relevant sources;
* Combine sources in an aggregated search interface;
* Searsia learns over time what kind of information each source provides.

To see it in action check the search engine of the University of Twente that combines the results of about 30 sources, including results from Google’s web crawl, from Courses, from News, the Telephone directory, the Timetables, as well as results from social media, such as Facebook, Twitter, Pinterest, and Flickr.


FedLab Test Harness

Funded in 2016

– Federated Identity Management (FIM) is being used increasingly for different Internet applications, including web and mobile. The demand for cross-organizational collaboration and the proliferation of cloud applications is driving the demand to federate identities. To support FIM there are two main protocols established: SAML and OAUTH2/OIDC, with SAML being used in the majority of use cases for cross-organizational collaboration.

Interoperability between products for FIM, in particular commercial offerings, is still an issue 11 years after the SAML V2 standard was published. Many products lack conformance to the SAML profiles used in federations, leading to extra effort in the integration process. While standards and specifications are available, implementations frequently do not follow these.

There are no comprehensive testing suites available that would provide the metrics to get better. The GÉANT project had funded initial efforts to remedy this situation, which resulted in a proof of concept implementation of a SAML2 test tool, published at Federation Labs (www.fed-lab.org). In the meantime, related test suites have been developed for OIDC has just been initiated.

This project is underway to take FedLab from its current status as a research project and bring it towards service operation. This phase will focus on making a comprehensive test suite available at Federation Labs, which features an improved architecture that will allow improved flexibility in test configurations and easier to use for deployers. It shall establish a community process by being open source, allowing users to contribute and improve test cases and profiles.

As a result, we expect to improve the conformance of products to increase and show clearly where products are failing to meet the profile. Improvements will trickle down in implementations and make federation integration quicker and cheaper. For the end user, access to external resources without giving up security and data protection will proliferate.