Generic configurator development

Objective

To implement the generic profile definition and universal 802.1x configurators

Motivation

The main goal of the project is to define and promote a universal approach towards 802.1x and EAP configuration. This task will prove the usability of the generic profile by providing two implementations of configurators consuming the profiles – one for Linux and one for Android.

Configurator testing requires various profile samples. The eduroam CAT system can supply a large collection of various real-life examples. This task will expand the provisional code produced within GN3 to produce a production version of a CAT module supplying such generic profiles. This project proposes a new approach to network parameters installation. It differs from the one currently used by CAT, but will rely on parts of the current module code and on the future ability of CAT to deliver generic configuration profiles. This approach will be demonstrated in the case of Linux and Android operating systems.

The current CAT approach to Linux is to build a customised shell script continuing all settings, certificates etc. as well as Python code executed from within the script. The proposed new installer will process the generic XML configuration profile and set up local network setting accordingly. The advantages of having a separate configuration program are obvious and numerous:

  • configurator may be included in a system distribution or distributed from standard package repositories;
  • configurator may register a new MIME type and be automatically called when the user downloads a configuration profile; the configurator needs not be as size limited as in the case of a CAT module and hence may have a much nicer GUI;
  • the configurator may implement configuration profile signature checking, thus greatly improving user’s safety;
  • such configurator can be a universal tool working with a standard generic profile, therefore it can be used outside of eduroam and more generally of CAT based configuration systems.

Android devices are very popular and yet quite difficult to securely configure for 802.1x networks. The model of application distribution via GooglePlay makes it impossible to prepare a preconfigured application for each institution or network, therefore a universal application using an external profile is the only approach. Thus the approach to the Android configuration should follow the rules described above.