eduroam Development VC Minutes 2023-07-18 1530 CEST

Attendance

Attendees

  • Stefan Winter (Restena)
  • Stefan Paetow (Jisc)
  • Anders Nilsson (SUNET)
  • Christian Rohrer (SWITCH)
  • Fabian Mauchle (SWITCH)
  • Ed Kingscote (CANARIE)
  • Tomasz Wolniewicz (PSNC)
  • Maja Górecka-Wolniewicz (PSNC)
  • Zbigniew Ołtuszyk (PSNC)
  • Ed Wincott (Jisc)
  • Louis Twomey (HEAnet)
  • Martin Stanislav (SANET)
  • Janos Mohacsi (KIFÜ)
  • Ingimar Jonsson (RHnet)
  • Guy Halse (TENET)

Regrets

  • Chris Phillips (CANARIE)
  • Zenon Mousmoulas (GRNET)

Agenda / Proceedings

  1. Welcome / Agenda Bashing

  2. CAT 2.1.1 maintenance release

    • in the process of packaging
    • first eduPKI “prod” cert issued
    • <suggested>CP: thoughts/comments on the feedback on cat from the mailing list on enhancements/UX items?</suggested>
    • it’s always possible to deep-link installers and provide the support from your own IT helpdesk page - avoiding any UX issues in the default interface
    • There is no ETA for a CAT 3.0; but it is certainly subject to major re-design decisions (e.g. end user download interface could go away and be replaced by geteduroam in-app workflows; this makes many of the pain points mentioned OBE)
    • geteduroam is constantly being worked on; no ETA for full replacement

  3. EAP-FIDO update

    • If you missed TNC Mobility Day: it works!

  4. IETF update / Deprecating RADIUS/UDP in favour of RADIUS/TLS

    • CP: Suggested in absentia: will GEANT Workplans include/allocated time for work on deprecating RADIUS over UDP per the IETF activities. NRO sentiments welcomed.
    • GEANT sphere is only the European top-level servers - which can probably simply be updated easily when software is available.
    • NROs need to do same work, in larger numbers
    • work time could go into software development and further spec work @IETF (both of which is already in the GEANT plans)
    • possible to tap marketing resources from GEANT (advisory, updated guides etc. to help deployments out there)
    • dynamic discovery is not critical to RADIUS/TLS, but nice add-on
    • CAT issuing RADIUS/TLS certs now allows a quick move on NRO level!
    • Inst level needs TLS-PSK work to complete.
      • software to put in front of NPS will be needed (radsecproxy dev work @AlanD?, cygwin, WSL2) - all but a “Click next” executable may be too hard for many
      • radsecproxy is all but done for TLS-PSK, Fabian has tested against himself and thinks it should probably be ok with FR, but it’s worth testing against radiator once 4.28 is out.
    • StefanP: will try a cygwin compile of radsecproxy

  5. Recurring OpenRoaming chitchat

    • auth issues openroaming.goog ?
    • Nobody in the call to elaborate on that.
    • eduroam proxies work; problem must be elsewhere.

  6. AOB / next VC

    • 1 Aug 2023 1530 CEST (or holiday gap?)
  • No labels