Advanced notice :
We will be upgrading wiki.geant.org from the current version of Confluence Server to the current LTS version 8.5. During the maintenance window we expect that there will be an outage of 20 minutes.
Maintenance start time: 22/10/2024 16:00 UTC. Maintenance end time: 22/10/2024 18:00 UTC.
eduroam Development VC Minutes 2024-01-02 1530 CET
Attendance
Attendees
- Stefan Winter (Restena)
- Stefan Paetow (Jisc)
- Tomasz Wolniewicz (PSNC)
- Ed Kingscote (CANARIE)
- Zbigniew Ołtuszyk (PSNC)
- Maja Górecka-Wolniewicz (PSNC)
- Chris Phillips (CANARIE)
- Halil Adem (GRNET)
- Zenon Mousmoulas (GRNET)
- Ed Wincott (Jisc)
Regrets
- Guy Halse (TENET)
Agenda / Proceedings
Welcome / Agenda Bashing
geteduroam: new Apps!
- release on 2 Jan (thanks for not doing it just before Christmas!)
- some translations in (Android has almost all recent translations, Apple prod version not yet)
- time for updating user instructions etc.
- local downloads on cat.eduroam.org need to be updated, too
- criticism on translation sources: the source language is not always aligned/identical between the two apps
- glossary function is now available to mitigate slightly mismatching terms
- inst and profile names are still in English language, regardless of existence of a name variant in a language that matches the app language
2a. CAT/geteduroam vs. Microsoft InTune?
- If using InTune, need to curate your Wi-Fi profile data there.
- But then need to sync between two places, InTune and CAT - why?
- There are probably(?) more devices covered in CAT than in InTune; so working just with InTune is insufficient
- Could exclude the Wi-Fi bit from InTune management, and do all eduroam things from CAT/geteduroam.
- Is that acceptable to typical admins?
- Demarcation line could be along corporate (use InTune for the entire device mgmt) vs. BYOD (use CAT/geteduroam, less intrusive on BYOD devices); this seems to be a generally accepted and working messaging
Add a CAT API call for all info about a federation
- Combination of DATADUMP-FED + all STATISTICS-INST calls in one go. Thoughts?
- Could be included in the DATADUMP-FED call?
- SW, TW to investigate this in code
- https://github.com/GEANT/CAT/blob/master/web/admin/API.php#L194
Read-only mode for fed admins?
- special device for dump of inst data exists ( call with ?hidden=1 and then download the “Test” device - which is a ZIP file with all data settings)
- a more integrated approach with real read-only access in the UI to see, but not change, settings, could be useful
- lots of support from attendees of the call
- maybe not display the full list, but allow to search for single inst
show/warn expired intermediate or root CAs in admin mode
- CAs are flagged visually only if they are of a wrong type; expiry has no UI bearing
- realm checks already to consider expiry and will warn when executed (but execution of those is manual)
- should print the expiry date, and alert on/near expiry
- https://github.com/GEANT/CAT/blob/master/web/lib/admin/UIElements.php#L334
OpenRoaming + anonymous outers
- OR settlement-free is looking into the privacy implications (returning CUI and/or Class) and anonymous outer
- CAT should also take into account the above
- problematic spot is if CAT settings enable OpenRoaming, but no anon outer ID is set; this would expose the actual username
- ideally, enforce that anon outer ID is set when IdP wants to enable OpenRoaming support
- issue on GitHub to be opened by StefanP
- ChrisP: @stefanP: anonymous123456@realm.tld is one we’re using - and should be a valid one…
AOB / next VC
- 16 Jan 2024, 1530 CET