Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Numbered Headings

The Moonshot Test Network

The Moonshot project has created a test network that demonstrates the functionality of the Moonshot technology. Free to use for piloting and testing, this network is designed to be the next step towards a full deployment and joining a Moonshot network. This network includes an identity provider, two service providers, and a trust router and APC.

Domains and realms

To demonstrate the difference between trust realms, identity realms, and the domain name system, the test network uses different values for each of these concepts.

Trust realm

The trust realm suffix on the test network is test.assent. Each of the hosts in the network uses a different trust realm to everyone else.

Identity realm

The only identity realm on the test network is idp.test.assent. While this realm includes the trust realm suffix, its name is different and does not match any other realms, including the trust realm of the identity provider.

Domain names

The domain names for the hosts are registered in the moonshot-playpen.ti.ja.net domain.

Hosts

The Trust Router

The Trust Router (TR) is tr.moonshot-playpen.ti.ja.net. It facilitates the trust amongst the different entities in the network.

The IdP

The Identity Provider (IdP) is idp.moonshot-playpen.ti.ja.net. It serves up the identity realm idp.test.assent. It serves three identities, steve, bob, and hugh.

The SP

The first Service Provider (SP) is sp.moonshot-playpen.ti.ja.net. This SP exposes an SSH service that has only one user: moonshot.

The web service

The second SP is service.moonshot-playpen.ti.ja.net. It exposes a web service both on HTTP and HTTPS. Visiting the root will give you access to four web scripts that expose information about your authentication request in different formats.

Registration for use

To use this network, you must apply for an organisation credential. The credential must be used by all your services to identify them to the test network's trust router. To apply for such a credential, email trustrouter@jisc.ac.uk with details of your organisation, how long your pilot/testing will run, and your domain and host names. We will issue you with a time-limited credential that will expire at the end of your pilot. If your credential needs to be extended, email us with an approximate extension, and we will adjust the expiry date.

There is currently no self-management portal for the test network; when you decide to change some of your realms, domain names, or other settings that affect how your services interact with the test network, email us with the details to allow us to adjust the trust router for those settings.

Once your pilot is concluded and you decide to transition to a production network, see the list of trust router operators for one that suits you.

How to use the network

The network is designed to allow you to use both the services and the identity provider to test your own services and your own identity provider. If you are part of a group of organisations or services trying out Moonshot, you can also test your own services and identity providers amongst your group, using the test network as a facilitator.