eduroam Development VC 2017-01-10, 1530 CET
Attendance:
  1. Alan Buxey (UK)
  1. Mike Zawacki, Internet2
  1. Miroslav Milinovic (Srce/CARNet)
  1. Marko Eremija (AMRES)
  1. Louis Twomey (HEAnet)
  1. Maja Górecka-Wolniewicz, PSNC
  1. Stefan Winter, RESTENA
  1. Philippe Hanset, ANYROAM
  1. Tomasz Wolniewicz, PSNC
  1. Juha Hopia, Funet
  1. Zenon Mousmoulas, GRNET
  1. Scott Armitage (UK)
Apologies:
1. Jørn Åne, UNINETT
   
Agenda:
    
    1. Welcome, Attendance, Agenda Bashing
    2. Minute 'security' 
    3. eaaS (<- how it's not called): Status, Pilot Phase preparations
    4. AOB
    
    Minutes:
   
   2. Minutes should be on a place where they can't be silently edited later on. Wiki.geant.org is probably good (any edits leave traces). Stefan to transfer and announce URL.
   
3. volunteers for testing wanted (this is external testing phase, not pilot phase):
  • UK
   
   
   
   OCSP: open question is how to respond with Unauthorized (could be a static blob needing no changing at all; if so, grab from a real CA, store, and re-use) - or maybe do not reply. Check what FreeRADIUS does when receiving Unauthorized. If it goes into same code path as soft-fail then Unauthorized apparently has no effect and it doesn't matter.
   
   
   testing URL to be defined - cat-test.eduroam.org/eaas/  initially?
   
   Statistics....
   
   number of profiles created
   number of auths for an Org
   number of auths per user?
   
   Miro suggests to use F-Ticks for that (eaaS generates unique realm per IdP, so easy to collate - also no anon outer ID with the use of EAP-TLS). Alan Buxey to sketch the needs for statistics; Miro will investigate.
   4. nearest eduroam hotspot:
       this should be a central function for everybody - not something every NRO needs to care about themselves. Code is there (part of DjNRO), so ideally run it on eduroam.org. Miro: maybe a license issue (number of allowed impressions with Google Maps).
   
   Probably a good idea to add IP-based geolocation if run on eduroam.org. A default location of "Ionian Sea" is not exactly suitable for the entire planet's eduroam population :-)
    For DjNRO the default location comes from settings.MAP_CENTER; it is trivial to add an XHR to a GeoIP service as a fallback for navigator.geolocation. GeoIP service could be external or not, however properly running a production GeoIP service is less trivial to maintain.
   
   to make things easier/standard, do we want to suggest using the eduPersonTargetedID as the descriptor....for the Orgs to easily reverse-check the user. Could aid when it comes to helping orgs to troubleshoot. Sites should be able to readily create CSV with such value, email and number of tokens allowed....
   ePTID is certainly an option for orgs that have SAML. eaaS currently doesn't expect or makes use of that.
   
   
   
   google maps API/licence costs to be investigated - Miro to request finances if that's the way to go to provide end users nicer mapping information
   
   Paul to provide updates on LetsRADSEC! project
   
   Next VC: 07 feb 2017, 1530 CET
   
  
  • No labels