eduroam Development VC 2016-11-29, 1530 CET
Stefan Winter, RESTENA
Žilvinas Vaira, Klaipeda University (LITNET)
Gareth Ayres, Swansea University, UK
Maja Gorecka-Wolniewicz, PSNC
5. Mike Zawacki, Internet2
6. Marko Eremija (AMRES)
7. Miroslav Milinovic (CARNet/Srce)
Philippe Hanset, ANYROAM
1. Zenon Mousmoulas, GRNET
2. Tomasz Wolniewicz, PSNC/UMK
3. Alan Buxey, JISC
4. Hideaki Goto, Tohoku University/NII
5. Ingimar Örn Jónsson, RHnet
6. Jørn Åne, UNINETT
7. Reimer Karlssen-Masur, DFN-Cert
1. Welcome, Attendance, Agenda Bashing
2. CAT feature request: "which IdP did I use to enroll as an admin?"
doable as sketched on ML (send mail to user with reminder); doesnt always work but can do good if it does
we can easily display the entityID, but not the "pretty-print" display name - that would require digging in SAML metadata. Philippe suggests its good enough to start with that and get more fancy later if need be.
should this be in 1.1.x or 1.2? Philippe fine with 1.2
3. eaaS:
- any additional thoughts about client CA? [includes expiry time max. 3 years...]
lazy admins exist, so "some" mitigation should be in place
but an arbitrary upper limit is not fitting with real needs (also consider IoT things...)
Reimers idea: grant as long lifetime as you want, but enforce a "dead man switch" for the admin
Q: what if crypto makes long lived certs turn inappropriate before expiry? A: too bad If worse comes to worst, revoke all such certs and ask for admins to issue new ones.
- any thoughts about server CAs?
- Status of RADIUS IdP
GEANT IT provided us with dev VC (with root! and IPv6!); FreeRADIUS IdP config being developed on GitHub. Possibly up and running very soon.
- demo time!
4. GEANT Trust&Identity working meeting announcement
5. AOB
6. Next VC
4. GEANT Trust&Identity programme ("JRA3") is doing an all-hands working meeting in Zurich, CH, on 12+13 dec (12 lunchtime til 13 lunchtime). There is an eduroam track (but more parallel tracks about eduGAIN'n'stuff as well). Since it's not the kind of event that typically warrants intercontinental travel, I've requested VC dial-in capabilities at the place for everyone who wants to attend the eduroam track. Exact timing and dial-in details TBC.
6. Next VC
- next scheduled VC (13 dec 2016 1530 CET) coincides with the GEANT T&I meeting (where you can VC in both days), suggest to skip
- next one after that (27 dec 2016 1530 CET) is in the middle of winter holiday season, suggest to skip
- next one after that is 10 jan 2017 1530 CET