eduroam Development VC Minutes 2023-02-14 1530 CET
Attendance
Attendees
Stefan Winter (Restena)
Dubravko Penezic (Srce)
Zbigniew Ołtuszyk (PSNC)
Zenon Mousmoulas (GRNET)
Maja Górecka-Wolniewicz (PSNC)
Stefan Paetow (Jisc)
Tomasz Wolniewicz (PSNC)
Thomas Bärecke (SWITCH)
Anders Nilsson (SUNET)
Ed Wincott (Jisc)
Ed Kingscote (CANARIE)
Chris Phillips (CANARIE)
Guy Halse (TENET)
Louis Twomey (HEAnet)
Janos Mohacsi (KIFÜ)
Mike Zawacki (Internet2)
Sara Jeanes (Internet2)
Regrets
Agenda / Proceedings
Welcome / Agenda Bashing
radsecproxy development
NetworkRADIUS (Alan DeKok) offered to put work into radsecproxy (focus on “more than 256 packets in flight”)
Compile on Windows? SW to put question forward
Interest to review his PRs in the team? (Fabian Mauchle, Janfred Rieckers, … community to test code)
invite Alan DeKok to next call to discuss plans in more detail
CP: what’s the technical roadmap for eduroam geant investments? is there a place to go/ url to take a look at?
GEANT project has time and money set aside and “general areas” to work on. No specific activities set in stone.
This group here can define concrete projects to work on - if they halfways fit into the funding limits, it can be project funded; if not - we are a big community
Chris: be aspirational, not tactical: what if NPS gets discontinued, AzureAD takes over the world (and doesn’t allow MSCHAPv2 any more)? Best to develop answers and alternatives just-in-case
Are passwords becoming a thing of the past? How else to authenticate users?
Talk at mobility day? GeGC?
Create a discussion space for those “big topics” to get community onboard. Maybe blog post, wiki entry with promotion, … “the future of Wi-Fi as seen by eduroam R&D” / wifi futures - outlook by the eduroam community
also use opportunity to ask inst admins out there what they feel they need.
Check if we can have a blog section on eduroam.org, to post not-authoritative, but important upcoming things
EAP-FIDO updates
(postponed for next time)
more thoughts for EAP-FIDO: need key derivation (no secrets available on both sides)
probably best done by doing a post-authentication Diffie-Hellman exchange
How to do onboarding/registration?
one-time token as User-Name (as initially sketched)
web registration, with same-scope as subsequent EAP conversation
TEAP with an initial username/password authentication, doing a step-up to FIDO?
Recurring: Passpoint hardware and onboarding chit-chat
AOB / next VC: 28 Feb 2023 1530 CET