eduroam Development VC Minutes 2022-11-08 1530 CET

Attendance

Attendees

  • Stefan Winter (Restena)
  • Tomasz Wolniewicz (PSNC)
  • Wenche Backman-Kamila (CSC/Funet)
  • Ed Kingscote (CANARIE)
  • Mohit Sharma (CANARIE)
  • Chris Phillips (CANARIE)
  • Stephanie Cooper (ANYROAM)
  • Philippe Hanset (ANYROAM)
  • Zbigniew Ołtuszyk (PSNC)
  • Paul Dekkers (SURF)
  • Guy Halse (TENET)
  • Stefan Paetow (Jisc)
  • Maja Gorecka-Wolniewicz (PSNC)
  • Mike Zawazcki (Internet2)
  • Anders Nilsson (SUNET)
  • Ed Wincott (Jisc)
  • Arnaud Lauriou (RENATER)
  • Kilian Krause (Uni Stuttgart)
  • Janos Mohacsi (KIFU)

Regrets

Agenda / Proceedings

  1. Welcome / Agenda Bashing

  2. Chris: inquisitive on sentiment on 2.4ghz /5ghz trajectory and sentiment on base eduroam support (obligations?? --> is it still ‘eduroam’ if not on 2.4ghz?)
    no policy issue with providing only 5 GHz - it is still eduroam (for those who are still able to connect)

  • observations
  • no 2.4ghz reduces coverage as it is capable of increased range than 5ghz
  • the 6ghz range (future) requires 5ghz for wifi alliance acredited
  • experience is that users are driven to cheaper devices thus cannot use eduroam (if 2.4 disabled, sacrifices these users)
  1. IETF Update (short - immediate meeting follow-up)
    • radextra BoF
      • -> forming working group (will update RFC6614 as one of the first; define an SRADIUS that gets rid of shared secrets; deprecates RADIUS/UDP when not on secure networks)
      • https://www.ietf.org/mailman/listinfo/radext
      • vendors and deployers in the room, broad support for implementing and deploying this
    • emu discussing
      • onboarding issues and server validation
      • even eap-metadata was a topic
      • private vs. public CA

3a. Backward compatibility discussion

  • lots of fancy new stuff comes out of IETF, WFA, …
  • but there are many devices and people out there that need support for “legacy”; sometimes for 10+ years
  • need to strike a balance between embracing new things vs. caring for the long tail of existing deployed tech
  • We should try our best to conserve the long tail connectivity (but not be shy to include new things so long as the don’t break a large part of our userbase)

  1. CAT feature requests:
    a. “CAT Lower Decks”
    * entry-level administrator privileges that can do realm testing, but no config changes
    * Good idea?
    * Might be useful, via the invitation workflow (choose to invite either a “real” admin or the new role - new roles could age-out automatically)
    * Generally interest in this. Investigate how easily this is doable.

    b. “NRO View Institution”
    * Ability to view only in the UI for institution/profile without taking full control of the organization.
    * Good idea?
    * Also nice to have.
    * Ephemeral equivalent of “Take Control” - only impersonate IdP for the session.
    * maybe even higher prio than a)

    c. MAC randomisation control in profiles
    * This has been raised before (back when iOS 14 arrived)
    * Useful motivations for this?
    * Exposure to liability (OS provides Privacy and you block it)
    * Bad messaging in OSes if such a feature is on - marketing impact “eduroam is insecure”
    * Conclusion: Not every IdP in the world has to use CAT. Maybe a different product is better for them.

  2. Crazy IETF idea (deferred)

    • in an earlier call, someone mentioned the word Passkey; and it happened again during the IETF emu meeting
    • It is probably possible to use FIDO2 security keys / Passkeys also for Enterprise Wi-Fi authentication
    • We’re talking no less than a brand new EAP type here (“EAP-FIDO”)
    • (this agenda item can and will suck up every minute the other topics still leave free)

  3. Recurring: Passpoint hardware and onboarding chit-chat

  4. AOB / next VC: 22 Nov 2022 1530 CET

  • No labels