eduroam Development VC Minutes 2020-03-31 1530 CEST
Attendance
Attendees
Stefan Winter (RESTENA), Ingimar (.is RHnet), Dariusz Janny (PSNC), Mike Zawacki (Internet2), Zbigniew Ołtuszyk (PSNC), Tomasz Wolniewicz (PSNC), Miroslav Milinovic (SRCE/CARNET), Maja Gorecka-Wolniewicz (PSNC)
Apologies
Zenon Mousmoulas (GRNET)
Agenda / Proceedings
Welcome / Agenda Bashing
OpenRoaming Trials - current status working POC:
eVA and Managed IdP are enabled
(NAPTR set, installers generate RCOI value)
proxy that is listening with RadSec is up, serves as entry point to eduroam
If you walk past an OpenRoaming hotspot which has the RCOI set, you will magically authenticate
Nice for a POC but many open questions remain
eduroam does not distinguish between categories of IdPs or SPs
OpenRoaming does - but PKI is single-rooted and making decision on whom to transact with are more than “verify certificate”
mechanisms for this granularity are still in the works - likely involves SPs sending RADIUS attributes with identifier, and IdPs sending their own back
Trials already revealed that “reject” without being able to talk to the user is a significant UI problem
Cisco and others are taking this to the WFA Hotspot 2.0 working group, which Stefan will attend
If you want to be part of it, put the following NAPTR record into DNS for your realm. Remember to also configure client devices with the eduroam RCOI so they will actually realise that OpenRoaming hotspots are accepting eduroam users.
