UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information: Update

Development VC, 20250506

Created by Stefan Winter, last modified by János Mohácsi on May 06, 2025

eduroam Development VC Minutes 2025-05-06

Attendance

Attendees

Stefan Winter (Restena)
Stefan Paetow (Jisc)
Janfred Rieckers (DFN) (late)
Tomasz Wolniewicz (PSNC)
Ed Kingscote (CANARIE)
Ed Wincott (Jisc)
Alan DeKok (FreeRADIUS)
Maja Gorecka-Wolniewicz (PSNC)
Louis Twomey (HEAnet)
Mary Bull (Internet2)
Paul Dekkers (SURF)
Janos Mohacsi (Pro-M)

Regrets

Zenon Mousmoulas (GRNET) (child duty)
Anders Nilsson (SUNET) (Stuck in a SUNET meeting in Luleå)

Agenda / Proceedings

Welcome / Agenda Bashing
CAT
- self-registration feature: in need of a value for “entitlement”
- urn:geant:eduroam exists
- urn:geant:eduroam:XY01:inst:admin ? (Tomasz)
- urn:geant:eduroam:XY01:inst-admin ? (Stefan W)
- contact Nicole Harris to get the URN sub-space
geteduroam
- certificate fragmentation observed in EAP-TLS
- but not with geteduroam: generated certs are intentionally small (using ECC etc.)
- there was a time when geteduroam generated (big) RSA certs, and was (more) subject to fragmentation issues.
- Are logs of geteduroam auth attempts available?
- Not really. Paul investigating to send failure info in RADIUS attributes, to give some insight.
Operator-Name
- can extract peer certificate names from TLS connections
- international auths often do not have Operator-Name
- can this be retrofitted by proxies please?
  - The NROs have the clients of their organisations, so if their members don’t/can’t inject O-N, please do it for them.
- There is also Eduroam-SP-Country if no specific operator name is known; there is scripting to extract this info from the cert subject and inject into there
- Eduroam-SP-Country is probably good enough for our own (eduroam) uses; RFC5580 Civic may be needed for OpenRoaming though
Event reminders
- MOBILITY DAY! at TNC2025 (Monday 9 June, 2PM) - needs separate registration and attendance fee https://wiki.geant.org/display/TFMNM/Mobility+Day+at+TNC25
- GeGC at TNC25 (Wednesday 11 June, 9AM) - part of normal programme
- TNC25 also has a Tuesday session about OpenRoaming
IETF
- no updates on proxy document, but questions about clients trying repeatedly
- feedback is to not change behavior without updated standard?
- having a stab at last remaining issues on RADIUS/TLS document:
  - there is a GitHub repo with issues and pull request: https://github.com/radext-wg/draft-ietf-radext-radiusdtls-bis
OpenRoaming
- two transacting OR ANPs in Lux now
- LoA 0 IdPs…
AOB
Next VC
- 20 May 2025, 1530 CEST

No labels