eduroam Development VC Minutes 2024-09-10 1530 CEST
Attendance
Attendees
- Stefan Winter (Restena)
- Ed Kingscote (CANARIE)
- Chris Phillips (CANARIE)
- Christian Rohrer (Switch)
- Tomasz Wolniewicz (PSNC)
- Derek Eiler (NSHE)
- Maja Górecka-Wolniewicz (PSNC)
- Janos Mohacsi (KIFÜ)
- Paul Dekkers (SURF)
- Mike Zawacki (Internet2)
- Louis Twomey (HEAnet)
- Martin Stanislav (SANET)
- Hideaki Goto (Tohoku University / NII)
Regrets
- Zenon Mousmoulas (GRNET)
Agenda / Proceedings
Welcome / Agenda Bashing
Deployment status CAT release 2.1.2
- fully online now
- only minor issues during update
- feature request: be more verbose when uploading CSRs
- Can we get a list of the most common problems with CSRs, so we can catch these issues ourselves before the CA throws an Exception?
- janfred will ask for a list possible return errors.
- remember the existence of https://cat.eduroam.org/diag/diag.php to check someone else’s realm
geteduroam.app onboarding
- discussion on metadata (eduGAIN: good, automated; Entra ID: bad, manual, needs frequent reloads)
- NRO is deciding which organisations to let into geteduroam pseudo-accounts
- workflow should be documented clearly
OpenRoaming updates
- to become an I-CA or not…
- for operating eduroam/OpenRoaming IdP and SP proxies, purchasing a few single certificates would be enough
- Is there sufficient appetite to set up and operate our own CA in OpenRoaming?
- I-CA certs are only useful for NROs that want to shorten their RADIUS paths with a more direct OpenRoaming connection. Everyone else can use the central proxies.
- Field evidence suggests that I-CA certificates are not in high demand; so the I-CA doesn’t have much business.
- Changes when approaching 2030, as eduPKI expires and we will need to run a new CA anyway.
AOB / Next VC
- 24 Sep 2024, 1530 CEST