Advanced notice :
We will be upgrading wiki.geant.org from the current version of Confluence Server to the current LTS version 8.5. During the maintenance window we expect that there will be an outage of 20 minutes.
Maintenance start time: 22/10/2024 16:00 UTC. Maintenance end time: 22/10/2024 18:00 UTC.
eduroam Development VC Minutes 2023-07-18 1530 CEST
Attendance
Attendees
- Stefan Winter (Restena)
- Stefan Paetow (Jisc)
- Anders Nilsson (SUNET)
- Christian Rohrer (SWITCH)
- Fabian Mauchle (SWITCH)
- Ed Kingscote (CANARIE)
- Tomasz Wolniewicz (PSNC)
- Maja Górecka-Wolniewicz (PSNC)
- Zbigniew Ołtuszyk (PSNC)
- Ed Wincott (Jisc)
- Louis Twomey (HEAnet)
- Martin Stanislav (SANET)
- Janos Mohacsi (KIFÜ)
- Ingimar Jonsson (RHnet)
- Guy Halse (TENET)
Regrets
- Chris Phillips (CANARIE)
- Zenon Mousmoulas (GRNET)
Agenda / Proceedings
Welcome / Agenda Bashing
CAT 2.1.1 maintenance release
- in the process of packaging
- first eduPKI “prod” cert issued
- <suggested>CP: thoughts/comments on the feedback on cat from the mailing list on enhancements/UX items?</suggested>
- it’s always possible to deep-link installers and provide the support from your own IT helpdesk page - avoiding any UX issues in the default interface
- There is no ETA for a CAT 3.0; but it is certainly subject to major re-design decisions (e.g. end user download interface could go away and be replaced by geteduroam in-app workflows; this makes many of the pain points mentioned OBE)
- geteduroam is constantly being worked on; no ETA for full replacement
EAP-FIDO update
- If you missed TNC Mobility Day: it works!
IETF update / Deprecating RADIUS/UDP in favour of RADIUS/TLS
- CP: Suggested in absentia: will GEANT Workplans include/allocated time for work on deprecating RADIUS over UDP per the IETF activities. NRO sentiments welcomed.
- GEANT sphere is only the European top-level servers - which can probably simply be updated easily when software is available.
- NROs need to do same work, in larger numbers
- work time could go into software development and further spec work @IETF (both of which is already in the GEANT plans)
- possible to tap marketing resources from GEANT (advisory, updated guides etc. to help deployments out there)
- dynamic discovery is not critical to RADIUS/TLS, but nice add-on
- CAT issuing RADIUS/TLS certs now allows a quick move on NRO level!
- Inst level needs TLS-PSK work to complete.
- software to put in front of NPS will be needed (radsecproxy dev work @AlanD?, cygwin, WSL2) - all but a “Click next” executable may be too hard for many
- radsecproxy is all but done for TLS-PSK, Fabian has tested against himself and thinks it should probably be ok with FR, but it’s worth testing against radiator once 4.28 is out.
- StefanP: will try a cygwin compile of radsecproxy
Recurring OpenRoaming chitchat
- auth issues openroaming.goog ?
- Nobody in the call to elaborate on that.
- eduroam proxies work; problem must be elsewhere.
AOB / next VC
- 1 Aug 2023 1530 CEST (or holiday gap?)