UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
eduroam Development VC Minutes 2019-12-10 1530 CET
Attendance
Attendees
- Stefan Winter (RESTENA)
- Tomasz Wolniewicz (PSNC/UMK)
- Maja Gorecka-Wolniewicz (PSNC/UMK)
- Miroslav Milinovic (SRCE)
- Janos Mohacsi (KIFU)
- Zbigniew Oltuszyk (PSNC)
- Dariusz Janny (PSNC)
Apologies
- Zenon Mousmoulas (GRNET)
Agenda / Proceedings
- Welcome / Agenda Bashing
- eduroam CAT and Linux installers
- suggestion from a German user to use the NetworkManager CLI (with bash) instead of D-BUS (with Python)
- development is happening in a separate device module, able to switch dynamically
- current state: it runs, probably rather close to completion
- could be rolled into 2.0.4 (date flexible)
- Progress on eduPKI CA certificates with automated API
- demo of the prototype
- Takes CSR, replaces C, O, CN with dummy values (in future, found in eduroam DB)
- adds dummy person and mail (in future, taken from eduroam DB)
- sends request to eduPKI Test CA
- picks up issued certificate after approx. 3 minutes
- CSR needs to have three specific “DC” components
- generated with openssl like this:
openssl req -new -newkey rsa:4096 -out test.csr -keyout test.key -subj /DC=test/DC=test/DC=eduroam/C=XY/O=WillBeReplaced/CN=will.be.replaced - is the hostname going to be checked by actual RADIUS server implementations? If it is, make everyone aware - not currently mandated by the policy…
- One certificate with all hostnames, or should admin be able to select a subset?
- demo of the prototype
- DjNRO
- Can this be brought into the GEANT project? In principle yes, but precendent exists where it was and development did not take off anyway.
- If there is a good agreement and active interest by sufficient count of NROs, can go for another try.
- Ideally, gather community first and make a proposal.
- AOB / Next VC
skip two, then as per schedule, 21 jan 2020, 1530 CET