...
- Stefan shows the initial implementation
View file name eduroam Managed SP RADIUS Design Considerations.pdf height 250 - integrated into CAT code, “hosted” part (synergies with Managed IdP)
- synergies explained
- main interface: now has separate IdP and SP functions
- NRO invitations are now indicating whether to sign up institution for IdP, SP, or both
- Marina comments that it should be possible to invite an organisation for a /subset/ of what it is eligible for as per eduroam DB
- Zenon notes that we are bound long-term on the IP addresses; renumbering might be an issue after a while
- Geolocation might not be accurate. Allow admin to override?
- Rather than setting up a new VM, could spin up a new radiusd process (-> new file descriptors)
- reminder that this is a tool; policy decisions remain with the NRO (do watch the movie “Lord of War” and observe the perfectly constructed argument of innocence that is “I only sell the tools, everything else is the responsibility of the person at the trigger”)
- Zenon: what about RADIUS/TLS or IPSec? Later maybe; makes things more difficult for SP admin.
...