eduroam Development VC Minutes 2020-05-12 1530 CEST
Attendance
Attendees
- Stefan Winter (RESTENA)
- Mike Zawacki (Internet2)
- Ingimar Jonsson (RHnet IS)
- Miroslav MIlinovic (SRCE / CARNET)
- Tomasz Wolniewicz (PSNC)
- Maja Gorecka-Wolniewicz (PSNC)
- Dariusz Janny (PSNC)
- Zbigniew Ołtuszyk (PSNC)
- Stephanie Cooper (ANYROAM)
- Philippe Hanset (ANYROAM)
- Chad Bauer (ANYROAM)
- Marina Adomeit(SUNET/GEANT)
- Janos Mohacsi (KIFU)
- Hideaki Goto (Tohoku University / NII)
Apologies
Agenda / Proceedings
- Welcome / Agenda Bashing
- OpenRoaming Trials - current status- GEANT is joining Wireless Broadband Alliance on a new “Implementer” membership level
- Community will have access to (only) the OpenRoaming relevant working groups
- eduroam will be issued its own WBAID, which is likely to be, well, “eduroam”
- WBAID is used to identify SP and IdP in RADIUS attributes
- Open Q1: NAPTR records - there /may/ be a way to auto-enable all eduroam realms via a fallback mechanism. Still under discussion
- Open Q2: How should we configure supplicants?- Of course with the eduroam RCOI; hotspots which explicitly enable eduroam will be recognised by devices
- There is also an “OpenRoaming All (No Fee)” RCOI which is meta RCOI for hotspots who don’t care who comes. Do we want supplicants to react on that? Problem is that such hotspots have not knowingly signed our SP-side policy. Need to review the OR-All Participation Agreement to see if compatible clauses are in there by default.
 
- Remark: Beware the power of the market :-) We discussed lack of NAPTR support in Azure DNS as a possibly significant barrier to adoption, and were told that people in OpenRoaming have the necessary contacts to trigger a change there if need be.
- GDPR is a question here: we may need to update (data sent to more third parties, and outside community)
- RCOI OR-All: can we get the eduroam SP policy into the general RCOI T&Cs? Would be nice to try.
 
- Passpoint implementation findings- Setup: AP with SSID+one RCOI (eduroam…f)+one RCOI (eduroam…0)
- Windows saw four networks instead of two - both RCOIs applied to both beacons
- Stefan asked about this in Wi-Fi Alliance … last digit of 5-byte RCOIs are somewhat undefined
- Linux: wpa_supplicant works fine - but no NetworkManager connection (i.e. no D-BUS or wpa_cli :-( )
- macOS: possible display bug (or worse) when multiple RCOI-based networks are in the same mobileconfig file. Stefan is investigating.
 
- A possible extended use of the CAT realm reachability checks for proactive monitoring- unrelated work has led to point-in-time reports about health state of an IdP (to be sent in a static link in email during error reporting)
- could be used for regular checks, and sending emails if things of interest are found (following static link does not need admin auth)
- needs to have email contact to IdP - use data from eduroam DB (role-based contacts only?)
- opt-in for IdP admins (or rather opt-out?) or on fed level
- retain data for “some time” but not long - week or so?
- federation overview
 
- eduroam Managed SP- Small steps forward: Ansible automation for both the web part and the RADIUS SP server parts is progressing well. We should “soon” be able to roll out a scalable, working system.
- GEANT “stand-up” eduroam hotspots at conferences etc. are a good potential pilot participant
 
- AOB / Next VC
 26 May 2020, 1530 CEST