eduroam Development VC Minutes 2020-07-07 1530 CEST

Attendance

Attendees

  • Stefan Winter (RESTENA)
  • Miroslav Milinovic (Srce/CARNET)
  • Zbigniew Ołtuszyk (PSNC)
  • Philippe Hanset (ANYROAM)
  • Chad Bauer (ANYROAM)
  • Stephanie Cooper (ANYROAM)
  • Maja Gorecka-Wolniewicz (PSNC)
  • Mike Zawacki (Internet2)
  • Dariusz Janny (PSNC)
  • Tomasz Wolniewicz (PSNC)
  • Hideaki Goto (Tohoku University/NII)

Apologies

Agenda / Proceedings

  1. Welcome / Agenda Bashing
  2. OpenRoaming SP trials - current status
    • Paul’s RADIUS/UDP endpoint works
    • SW connected RESTENA Offices to it
    • add OpenRoaming app (Google, Apple)
    • and then nothing happened
      • Android 9 on Fairphone FP3 does not support Hotspot 2.0
      • Android 7 on Samsung Galaxy S6 does not support Hotspot 2.0
      • Android 10 on Samsung Galaxy A6 2018 DOES but still doesn’t want to connect @RESTENA
      • Android 10 on Samsung Galaxy S10 connects @PAUL
    • Why does it not work? Noone knows.
    • If someone in the group has APs with HS20 capabilities - please connect to Paul’s proxy, get the OpenRoaming app and see if things work out for you
  3. OpenRoaming IdP agreement - implications for eduroam IdPs
    • OR has an IdP agreement every IdP must sign / agree to
    • there are also the end-user Terms of Use at https://wballiance.com/openroaming/toc-2020/
    • Privacy Policy https://wballiance.com/openroaming/privacy-policy-2020/
    • one clause in the IdP agreement means a lot of work: IdPs must make end users aware of those T&Cs
    • T&Cs on a consortium-wide level were not a topic in eduroam (IdP has some, SP has some, users should be made aware that both apply)
    • https://wiki.geant.org/display/H2eduroam/Terms+and+Conditions
    • CAT can do the display-T&C job for those IdPs who use it
    • if we have “superglue” (backup NAPTR zone on eduroam.org), request routing will work regardless if admin wants to participate or not - then device config decides whether a connection attempt will happen (RCOI is configured or not)
    • corner cases around manual connection attempts by end users - those might authenticate users even if IdP did not tick the box
    • to prevent that: do not use superglue - every IdP has to set NAPTR records themselves. CAT could police this - if checkbox for OpenRoaming RCOIs is set, but NAPTR doesn’t exist, do not let admin configure
  4. AOB / Next VC
    • 21 Jul 2020 1530 CEST
  • No labels