eduroam Development VC Minutes 2019-05-14 1530 CEST
Attendance
Attendees
Stefan Winter (RESTENA)
Stephanie Cooper (ANYROAM)
Pedro Simoes (FCCN)
Mike Zawacki (Internet2)
Gareth Ayres (Swansea University)
Philippe Hanset (AnyRoam)
Marina Adomeit (AMRES)
Zenon Mousmoulas (GRnet)
Brook Schofield (GÉANT)
Apologies
Tomasz Wolniewicz (PSNC)
Maja Gorecka-Wolniewicz (PSNC)
Zbigniew Oltuszyk (PSNC)
Ingimar Örn Jónsson (RHnet)
Louis Twomey (HEAnet)
Agenda / Proceedings
Welcome / Agenda Bashing
Focus Topic: eduroam Managed SP initial design
Stefan shows the initial implementation
integrated into CAT code, “hosted” part (synergies with Managed IdP)
synergies explained
main interface: now has separate IdP and SP functions
NRO invitations are now indicating whether to sign up institution for IdP, SP, or both
Marina comments that it should be possible to invite an organisation for a /subset/ of what it is eligible for as per eduroam DB
Zenon notes that we are bound long-term on the IP addresses; renumbering might be an issue after a while
Geolocation might not be accurate. Allow admin to override?
Rather than setting up a new VM, could spin up a new radiusd process (-> new file descriptors)
reminder that this is a tool; policy decisions remain with the NRO (do watch the movie “Lord of War” and observe the perfectly constructed argument of innocence that is “I only sell the tools, everything else is the responsibility of the person at the trigger”)
Zenon: what about RADIUS/TLS or IPSec? Later maybe; makes things more difficult for SP admin.
