JRA3-T4 VC 2017-09-19, 1530 CEST
=============================

Attendees
--------------
Jørn Åne de Jong, UNINETT AS
Žilvinas Vaira, LITNET
Maja Gorecka-Wolniewicz, PSNC
Tsotne Gozalishvili, Grena
Louis Twomey, HEAnet

Apologies
--------------
Brian Epstein
Reimer Karlsen-Masur

Agenda and Proceedings
-----------------------------------

1. Welcome, agenda bashing

2. Managed IdP updates
   - updated code on cat-pilot: 
    * things actually work again
    * code for Android support is in; minor adjustments may be needed to actually enabled
   - demo at GEANT Symposium
   - demo at EC review

3. "geteduroam"
   - an alternative approach to Managed IdP based on eduGAIN
   
   This is an initiative by NORDUnet (five northern Europe NRENs), who want to do this work inside the GEANT project as a new sub-task in eduroam Development.
   
   In essence, geteduroam is an eduGAIN Service Provider which, upon successful end-user authentication, issues (and regularly refreshes) an eduroam EAP-TLS credential. User interaction is confined to an in-app experience.
   
   This is similar in technology to Managed IdP, but taken to the extreme: unless an eduGAIN IdP blacklists the eduGAIN SP, his own users will have an (alternative) way of getting an eduroam credential.
   
   If the eduGAIN IdP is at the same time a "proper" eduroam IdP, his user has now two accounts; the institution can then optionally discontinue their RADIUS-based eduroam IdP. If both ways of getting access are maintained, blocking of a user requires doing it on both sides.
   
   There really should be an NRO-level opt-out. Re-use of apps where possible; easy for Android but since CAT has nothing for Apple or Windows in the app stores, geteduroam is first. Convergence on all platforms may be desirable, but reamins to be seen.
   A possibility exists for individual institutions or NROs to opt-out from the central geteduroam service and use their own instance of the service instead, insuring local certificate insurance and verification.

4. Android app redesign
   - as part of geteduroam, can get expertise by commercial app developer
   - also, new opportunities on 6.0+ arise:
     * Instant App: download an on-demand ephemeral copy of an app just to execute once (e.g. install EAP config)
     * being able to handle specific URLs directly by the app "AppLinks". Easy to register cat.eduroam.org to directly link to eduroamCAT app; might be possible to also get cat.eduroam.de etc. on board but need to check how to entangle a domain not owned by GEANT with an app controlled by GEANT.

5. Apple iOS 11 changes
   - also possibly of (much) interest for geteduroam

5a. Linux installers
There is a Linux installer as result of the SENSE project which can consume .eapconfig files already; this could be a good starting point for geteduroam.

6. AOB / Next VC
  
  * we could use another PHP developer for Managed IdP and eduroam CAT in general.
  
   * suggest to SKIP 03 Oct 2017 as it coincides with bespoke GEANT Symposium
   * 17 Oct 2017 1530 CEST (no need to mind any timezone change just yet) is TENTATIVE

  • No labels