eduroam Development VC Minutes 2019-11-26 1530 CET

Attendance

Attendees

  • Stefan Winter (RESTENA)
  • Mike Zawacki (Internet2)
  • Stephanie Cooper (ANYROAM)
  • Chad Bauer (ANYROAM)
  • Maja Gorecka-Wolniewicz (PSNC)
  • Tomasz Wolniewicz (PSNC)
  • Dariusz Janny (PSNC)
  • Zbigniew Ołtuszyk (PSNC)

Apologies

Agenda / Proceedings

  1. Welcome / Agenda Bashing
  2. CAT 2.0.3 software roll-out to cat.eduroam.org and hosted.eduroam.org
    • cat.eduroam.org updated a few weeks ago
    • There was a problem with language mixup which time-wise coincided, but was independent of the software update (root cause was Apache optimisation from “worker” to “event” request handling)
    • hosted.eduroam.org in the queue, waiting for a maintenance window slot
  3. Report from eduroam Managed IdP webinar for NROs
  4. Progress on eduPKI CA certificates with automated API
    • Meeting with eduPKI/DFN-Cert personnel to figure out details
    • NRO can request certificates
      • for itself (NRO-level cert) or one of their IdPs
      • by uploading a CSR (all fields except public key and CN ignored)
      • issuance prerequisite: requested hostname MUST be listed as an server hostname in eduroam DB (schema v2.0.1)
      • issuance prerequisiste: entity must have a role-based, public email contact in the eduroam DB (schema v2)
      • the O attribute will either be "NRO of <country>" or the corporate name of the IdP in question
    • NRO operator still has to provide info on whether they want an NRO cert or IdP cert, and for which IdP/NRO (hostnames are not guaranteed to be unique, and one admin can be NRO operator for more than one eduroam country or territory)
    • renewal notices etc. will be sent to that role-based mail contact
    • Should this be exposed via admin API? Only relevant if you plan to deploy to IdPs at scale…
    • BTW, root CA expires in about 10 years. We will need to start thinking of a rollover plan in 5.
  5. AOB / Next VC
    As per schedule, 10 dec 2019, 1530 CET
  • No labels