UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
eduroam Development VC Minutes 2020-07-07 1530 CEST
Attendance
Attendees
- Stefan Winter (RESTENA)
- Miroslav Milinovic (Srce/CARNET)
- Zbigniew Ołtuszyk (PSNC)
- Philippe Hanset (ANYROAM)
- Chad Bauer (ANYROAM)
- Stephanie Cooper (ANYROAM)
- Maja Gorecka-Wolniewicz (PSNC)
- Mike Zawacki (Internet2)
- Dariusz Janny (PSNC)
- Tomasz Wolniewicz (PSNC)
- Hideaki Goto (Tohoku University/NII)
Apologies
Agenda / Proceedings
- Welcome / Agenda Bashing
- OpenRoaming SP trials - current status
- Paul’s RADIUS/UDP endpoint works
- SW connected RESTENA Offices to it
- add OpenRoaming app (Google, Apple)
- and then nothing happened
- Android 9 on Fairphone FP3 does not support Hotspot 2.0
- Android 7 on Samsung Galaxy S6 does not support Hotspot 2.0
- Android 10 on Samsung Galaxy A6 2018 DOES but still doesn’t want to connect @RESTENA
- Android 10 on Samsung Galaxy S10 connects @PAUL
- Why does it not work? Noone knows.
- If someone in the group has APs with HS20 capabilities - please connect to Paul’s proxy, get the OpenRoaming app and see if things work out for you
- OpenRoaming IdP agreement - implications for eduroam IdPs
- OR has an IdP agreement every IdP must sign / agree to
- there are also the end-user Terms of Use at https://wballiance.com/openroaming/toc-2020/
- Privacy Policy https://wballiance.com/openroaming/privacy-policy-2020/
- one clause in the IdP agreement means a lot of work: IdPs must make end users aware of those T&Cs
- T&Cs on a consortium-wide level were not a topic in eduroam (IdP has some, SP has some, users should be made aware that both apply)
- https://wiki.geant.org/display/H2eduroam/Terms+and+Conditions
- CAT can do the display-T&C job for those IdPs who use it
- if we have “superglue” (backup NAPTR zone on eduroam.org), request routing will work regardless if admin wants to participate or not - then device config decides whether a connection attempt will happen (RCOI is configured or not)
- corner cases around manual connection attempts by end users - those might authenticate users even if IdP did not tick the box
- to prevent that: do not use superglue - every IdP has to set NAPTR records themselves. CAT could police this - if checkbox for OpenRoaming RCOIs is set, but NAPTR doesn’t exist, do not let admin configure
- AOB / Next VC
- 21 Jul 2020 1530 CEST