UPDATE ......From Tuesday 8 April 2025 we will change the way that Single Sign-on will work on our Confluence (wiki.geant.org) Please see here for more information: Update

Development VC, 20250311

Created by Stefan Winter on Mar 11, 2025

eduroam Development VC Minutes 2025-02-25 1600 CET

Attendance

Attendees

Stefan Winter (Restena)
Stefan Paetow (Jisc)
Tomasz Wolniewicz (PSNC)
Maja Gorecka-Wolniewicz (PSNC)
Ed Kingscote (CANARIE)
Frederic Gerber (Switch)
Guy Halse (TENET)
Chris Rohrer (Switch)
Louis Twomey (HEAnet)
Hideaki Goto (Tohoku University / NII)
Janfred Rieckers (DFN)
Anders Nilsson (Sunet)

Regrets

Paul Dekkers (SURF, and in a plane I hope)
Mike Zawacki (Internet2, will try to join late)
Zenon Mousmoulas (child commute)

Agenda / Proceedings

Welcome / Agenda Bashing
CAT
- code updates in Git (self-registration based on data in eduroam DB)
- Managed SP updates to support RADIUS/TLS, RADIUS/TLS+PSK
- Updates coming on Mobility Day
WPA3
- Intel PRO/Set Wireless driver update seems to allow peaceful coexistence of WPA2-only and WPA3-only networks with the same configuration (config set to WPA3)
- anecdotal evidence suggests transition mode isn’t that much of a problem in the end
- TENET tried WPA3-only on 5 GHz and WPA2 on 2.4 GHz - also worked fine
IETF
- Bankok meeting coming up
- two new docs:
  - RADIUS/TLS document progressing
  - Status-Realm draft updated (WG document)
OpenRoaming
- Luxembourg still going on
- 1 network with SSID eduroam and RCOI doesn’t work with Apple devices - known bug, reported by eduroamers many years back
- even if we assume that Apple unbreaks auths in that combination, still unlikely that one network for both eduroam and Passpoint will see adoption: needs Passpoint R3 to be able to distinguish whether user connected b/c SSID match vs. b/c RCOI match
- Managed IdP has a NAPTR entry for OpenRoaming - but installers don’t include RCOI in client config (It seems geteduroam configures only the first RCOI. (Hideaki&Farhan))
- How about geteduroam? Q for Paul next time.
- And when does geteduroam get the IdP-less “replacement for Managed IdP” functionality? Another Q for Paul next time
AOB
- Last chance to register for the RADIUS Conference (https://radiusconference.org/)
- If you are registered, links for attendance were in the registration confirmation
- Janfred is investigating wired eduroam - and interested to hear of actual deployments. Please get in touch with him personally.
Next VC
- 25 Mar 2025, 1600 CET

No labels