[isf-wifidog] update from Saturday and continuing discussion of v2 WAS: Re: WifiDog v2 development update?

[wlanmac]

For a little background on RADIUS:

- It's a protocol based on UDP packets (like DNS), as such it is
stateless and you never are "waiting" on a TCP connection. 

- It's *designed* for provisioning and accounting, particularly useful
when the logins have "attributes" or session specific settings.

- Pretty much most authentications systems do or can support RADIUS.

- RADIUS "realm based roaming" is a built-in way for authentication
roaming where the RADIUS protocol can route authentication and
accounting request to the appropriate "home provider". 

- Nearly all quality WiFi gear supports RADIUS. Even stock Linksys can
do RADIUS for WPA Enterprise authentication (though no accounting is
provided). There are 'vendor specific' ways to set RADIUS attribute, but
the underlining protocol is the same. 

One thought is that there could be a middle-ware server running which
can translate RADIUS into WiFiDog HTTP provisioning. It could be a small
server running as an extension to chilli on the router, or it could even
be centralized (possibly tying together several RADIUS based networks).
The proxy would be enabling chilli to run as the access controller and
WiFiDog (as is) as the portal.

Some thoughts on the topic:

- easy to wrap into a router to seamlessly resemble a WiFiDog router
(but with all the added features of chilli). 

- equally easy to centralize the proxy - potentially to handle multiple
WiFiDog portals and/or RADIUS networks (essentially, creating a RADIUS
realm-based WiFiDog authentication broker). 

- the process of converting RADIUS to WiFiDog/HTTP will drive the
portal/protocol development to cover more underlying chilli (and general
NAS) features. 

 - will serve as an example of how to integrate the WiFiDog/HTTP
protocol with other access controllers (for instance, utilizing APIs of
commercial vendors). 

- can focus on RADIUS (plus proxy) to solve many roaming and
single-sign-on issues - including linking with other RADIUS-based home
providers - in a non-portal specific way. 

David

LinkedIn? http://www.linkedin.com/groups?gid=158903




On Mon, 2009-05-04 at 15:24 -0400, Michael Lenczner wrote: 
> Hello all,
> 
> On Sun, Apr 5, 2009 at 1:52 AM, wlanmac <wlan at mac.com> wrote:
> > Yes, RADIUS is powerful and ideal for access provisioning. Implementing
> > your 'business logic' in RADIUS also has the benefit of being usable
> > with multiple types of access controllers, using some standard (WISPr)
> > or vendor specific attributes. Though, RADIUS doesn't make any
> > guarantees about the features of the access controller.
> >
> > This could be a turning point for the WiFiDog project. As a portal
> > project, I'm guessing that the WiFiDog community might break up into
> > smaller projects (already happening, it seems) as it is VERY difficult
> > to find a web development platform/framework that everyone is happy
> > with. It also sounds like people are willing to dump the v1 web
> > framework, which will no doubt further break up the community unless
> > there is a clean upgrade procedure. This is bad news for any open-source
> > project that struggles to maintain their community and attract more
> > contributors (especially developers)...
> >
> > My two cents for the project:
> >
> > - To keep WiFiDog an access controller AND portal project, WiFiDog
> > should be more active in defining the "protocol" and development of the
> > gateway. The project should encourage and embrace the use of multiple
> > kinds of portals and web frameworks - don't push away those who break
> > away from the portal.
> >
> > - To turn WiFiDog into a portal project, then don't necessarily keep the
> > gateway portion when there are other options available which can do more
> > things. Even if it means adding the WiFiDog "protocol" to something like
> > Chilli, at least you don't have to reinvent the wheel in terms of basic
> > access controller features.
> >
> > David
> >
> >
> <snip>
> 
> 
> Update on the weekend meeting and background context:
> 
> So there was a meeting last saturday in Sherbrooke where 6-7 community
> wireless groups from Quebec and Ontario (about 20 people) got together
> and discussed Wifidog and something we're calling the ZAP Stack.
> 
> (Several of the community wireless groups in Quebec have taken the
> label ZAP Cityname with ZAP refering to Zone d'Acces Public (Public
> Access Zone). )
> 
> The ZAP stack is the entire ecosystem of tools needed to run a
> community wireless group of the wifidog model.  There is a focus on
> hotspots, with a serious intention of including mesh capability in the
> near future.  All of the groups use Wifidog.  We're looking at using
> the term "ZAP Stack" to differentiate between Wifidog and the overal
> technical toolset needed by a Community Wireless Network.  ZAPStack
> could be easily called CWNStack.
> 
> The groups present this weekend represented a total of more than 500
> hotspots and 150,000 users, and several of them have recently received
> government funding to extend their operations.
> 
> Sylvain Carle led the day's discussion and will be coordinating the
> contributions of the Quebec groups to the creation of a stack of
> software (ZAP Stack) that addresses their needs.  This stack involves
> Wifidog but the exact relation of the technologies to Wifidog and the
> specific role of Wifidog is still to be determined.
> 
> </weekend update>
> 
> I found this thread (WifiDog v2) really interesting and informative.
> I hope we can continue the discussion.
> 
> To enable the larger discussion of what our (the Wifidog community)
> individual / collective needs are and how they fit in with wifidog
> development Gabe and I created a page listing some of the interesting
> / relevant tools in the CWN space.  Richard added to it and David
> added and fixed it up. (Thanks David!).  And I've taken some content
> from this thread and added it to the Wifidog TNG page so that it isn't
> lost. (http://dev.wifidog.org/wiki/TNG)
> 
> Personally I'm trying to understand the relationship between Radius
> and Wifidog, and if Chillispot / CoovaChilli and or Radius could have
> a role to play in addressing some of our needs for better network and
> user management at our hotspots (ergo including the above text.  Any
> thoughts, pointers would be helpful.  I know that there are others
> that understand the pieces of this puzzle better than I do, but
> sometimes newb questions can be useful.
> 
> Please feel free to ask any questions about the Quebec CWN situation.
> There will be updates and clarification posted here by either Sylvain
> or David from ZAP Quebec in the near future.  We're still figuring
> this stuff out ourselves. :-)
> 
> mike
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog