Proposer | Thijs Kinkhorst, SURF |
---|---|
Area | SECURITY & PRIVACY |
Type of work | DEVELOPMENT |
Output | PROTOTYPE |
History |
The geteduroam service provides a novel way for end users to configure eduroam on their devices. It helps them to get the configuration correct and secure, by combinding federated web login with the provision of an x.509 client certificate to use for authentication, it makes deploying eduroam more secure and minimizes the risk of sensitive credentials leaking due to a mistaken, insecure configuration. The apps provided for Windows, Android and iOS make configuring and keeping this certificate up to date very user friendly. This solves several of the challenges users and institutions had with this process.
What is currently missing is the same convenience for the users of Linux based operating systems, of which there are many in the higher education and research communities. It was hoped that some volunteer from the community would create this but this has not yet materialized.
The incubator can make a Linux client that interfaces with geteduroam and configures and refreshes the credential. This can be a commandline tool, but other types of interfaces can also be considered. If a basic client is available for Linux users, this provides instant value and makes it also easier for the community at large to make more incremental improvement after it.
A Linux client is now a major missing feature of the geteduroam ecosystem so this can be an enabler for further adoption for the service. Providing explicit support -next to the proprietary OS'es- to the open source Linux based systems also aligns with the public values that we as a community stand for.
This topic will be engaged in close collaboration with the eduroam service activity team. A team member from that team will collaborate with the incubator.
The following parties will use the results of this activity:
T&I Service | eduroam |
---|---|
R&E Community | |
External Party |
The following results were created and delivered: