Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

eduroam Development VC Minutes 2019-05-14 1530 CEST

Attendance

Attendees

  • Stefan Winter (RESTENA)
  • Stephanie Cooper (ANYROAM)
  • Pedro Simoes (FCCN)
  • Mike Zawacki (Internet2)
  • Gareth Ayres (Swansea University)
  • Philippe Hanset (AnyRoam)
  • Marina Adomeit (AMRES)
  • Zenon Mousmoulas (GRnet)
  • Brook Schofield (GÉANT)

Apologies

  • Tomasz Wolniewicz (PSNC)
  • Maja Gorecka-Wolniewicz (PSNC)
  • Zbigniew Oltuszyk (PSNC)
  • Ingimar Örn Jónsson (RHnet)
  • Louis Twomey (HEAnet)

Agenda / Proceedings

Welcome / Agenda Bashing

Focus Topic: eduroam Managed SP initial design

  • Stefan shows the initial implementation
    View file
    nameeduroam Managed SP RADIUS Design Considerations.pdf
    height250
    • integrated into CAT code, “hosted” part (synergies with Managed IdP)
    • synergies explained
    • main interface: now has separate IdP and SP functions
    • NRO invitations are now indicating whether to sign up institution for IdP, SP, or both
    • Marina comments that it should be possible to invite an organisation for a /subset/ of what it is eligible for as per eduroam DB
    • Zenon notes that we are bound long-term on the IP addresses; renumbering might be an issue after a while
    • Geolocation might not be accurate. Allow admin to override?
    • Rather than setting up a new VM, could spin up a new radiusd process (-> new file descriptors)
    • reminder that this is a tool; policy decisions remain with the NRO (do watch the movie “Lord of War” and observe the perfectly constructed argument of innocence that is “I only sell the tools, everything else is the responsibility of the person at the trigger”)
    • Zenon: what about RADIUS/TLS or IPSec? Later maybe; makes things more difficult for SP admin.

AOB / Next VC

  • as per schedule: 2019-05-28 1530 CEST