Date, Time, and Location

Thursday, May 21, 2020
1:00pm ET | 12:00pm CT | 11:00am MT | 10:00am PT

Minutes

eAC wiki: https://spaces.at.internet2.edu/display/eduroam/eduroam+Advisory+Committe

Attendees: Rob Gorrell, UNCG Neil Johnson, UIOWA, Kim Owen, NDSU, Jeremy Livingston, NJEdge, MIroslav Milinovic, SRCE, Tim Cappalli, Microsoft, Tom Jordan, Wisconsin-Madison, CACTI chair

With: Mike Zawacki, Shannon Roddy, Ann West, Jessica Fink, Romy Bolton, Steve Zoppi

Regrets: Stefan Winter , Theresa Semmens, David Morton

Agenda and Minutes

Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework.

Public Content Notice - eAC minutes are public documents. Please let the eAC and note taker know if you plan to discuss something of a sensitive nature.

  • CACTI introduction - Tom Jordan, chair
    • Recap of May 12th meeting
    • Working together: CACTI committee work/processes; vision for eAC interface with CACTI
      • Advisory group to I2’s Trust and Identity group. Reports up to Kevin Morooney, VP of T&I
      • Similar mission to eAC - advise, form working groups, create documentation and training, etc - but chartered to cover topics across IAM
      • Rob - High level points/areas of focus from CACTI supporting eAC focus
        • Broadening the connector community
        • Building best practices guide
        • New - Delivering connectivity to run eduroam
        • Star Link - space X internet satellite program
        • “Starbuck”s SP only value proposition 
        • What does eAC need CACTI assistance with
      • Kim - Define/clarify Official relationship between CACTI and eAC
        • CACTI chartered the eAC
          Emerging relationship on how best to support each other
        • Looking for crossover/similar project objectives
        • Tom: Suggest we add eAC representation on the quarterly working group meetings. Jessica: I’ll add Kim and Rob to that meeting. 
        • Be as efficient and effective as possible engaging our community
  • Best Practices guide (Rob/Kim)
    • Tom's thoughts on best practices
      • Think about ways to talk about the underlying technology, work that into output. 
      • Guest access for those not formally with the organization. Contractors, other loosely affiliated groups
      • How to onboard organizations - fit into existing Internet2 training offerings
    • Leverage CACTI efforts on cookbook:
      • AI Ann: Tom had some ideas for doing that sharing. I can send those out
    • Audience for the best practices guide
      • CACTI’s will be aimed at IAM technology staff, vendors and providers
      • Rob: Wonder how that would translate down to smaller schools that don’t have on-staff expertise
      • Tom: We’ve been thinking of how to calibrate documentation to audiences with less extensive experience with the technology
      • Miro: GEANT has a Managed IdP service which might be a good fit for smaller institutions. Main message is use eduroam everywhere (locally and when roaming). Wonder if documentation should be aimed at IdPs and SPs.  Good to promote common understanding of both aspects of the service, but also want to be careful to keep messaging to both sides clear.
      • Tom: Highlights some of the documentation CACTI is putting together - need for highly technical documentation but also need broader architecture and strategy. Miro’s point is a good demonstration of this. 
      • Miro:  lowers burden on your home IT staff and standardizes technology
    • Timeline
      • CACTI started the year with aggressive plans but pandemic has scrambled those time tables. Need to be sensitive to committee and working group needs/cycles as they deal with conditions on the ground. Two main things are guiding our prioritization:
        • Thinking about handling needs for remote instruction and other business processes. Was a driver for community best practices and solutions. 
        • Helping campuses deal with staffing and training restrictions, especially with financial fallout from pandemic
    • Architecture piece is key.  Unless you're a huge organization, securing wifi and networking is a big challenge.  Often the two disciplines aren't included in the conversation at the same time
      • The question is taking that sort of cross discipline vision, and Miro’s point of including a holistic view and including it in this sort of documentation/communication. Helping to foster that understanding is very important. Resource shortages are real and should be considered
      • At the outset of eduroam rollout in EU we did something similar, offered training to potential and existing connectors. It also resulted in trainees becoming trainers and community experts. Look at offering training on a subset of platforms at first to keep scope manageable. Also helped fix or head off bad implementation practices. This training is still available (based on demand)
      • With emergence of Hotspot2.0 and other technologies need to think about how to communicate what eduroam is and what it does. Understand that may be a controversial topic but a good one to have. There’s already some confusion in parts of the community on that point. Is it a network? Is it access?
      • Kim: How will these best practices be communicated out? Are there organizations that could use a cohort?
        • Ann: We’re in the process of developing training with community SMEs (including Rob). The training will incorporate these best practices. Idea is to offer bulk/all of the training for free to current subscribers. We’re also working on a containerized RADIUS container, could be informed by the output of the guide. CACTI will also work with eAC to publish document through existing community channels.So many great resources in eAC, consider eAC office hours. 
    • Think about providing best practices for vendors/providers as well. A developer guide to make the vendors aware and responsive. 
      • GEANT has the the managed IdP and CAT, which helps with service standardizations, but haven’t formally approached vendors. Working with WBA, other industry/tech groups possible
      • Interest in an API or other resource for commercial vendors to automate deployment of eduroam on their platforms. Could we do that? Geant hasnt approached the topic from that angle, but it's interesting. There are some solutions developed but no BCP documents for commercial vendors
        • AI: Tim: Rough out a guide. Should run parallel or behind the best practices document
        • AI: Tim to send Mike Z a link to google doc
        • AI: Mike to post in eAC wiki space

Guest IdP (Ann/Mike)

  • Ann: Mike will tee this up.  Need to gauge eAC committee thoughts on GuestIdP service
    • Lots of short term but repeatable users.  Being able to offer them the ANYROAM connection is very useful and convenient. Completely different network profile so they get a guest level access.  Don't require guest sponsorship.
    • Issue is not visitors who are more legitimate - related to the university as a parent, conference attendee etc.  Problem are people unrelated to the university just wanting internet access.  The one year policy could be an issue. Some would be happier not having a full year.
    • What if someone crosses to another country like Canada,  They are not a “regular” user.  ANYROAM can't offer access outside the country.  ANYROAM should make sure people are aware of what they are not getting - international access.
    • Users can connect and say they are bad actors.  Who is liable?  Miro: ANYROAM is liable as the IdP.  Make sure ANYROAM is collecting enough personal information to find the person who causes the damage.  Has concerns that people are using this without verification.  
    • ANYROAM is trying to provide access not identity verification.,  Goal was seamless roaming.  Average user probably does not realize what eduroam really is and what places might have access to track them adnand get their personal information.
    • Do ANYROAM user devices hit against any eduroam SP?
    • ANYROAM is scoped to the US. People may think it's the same as eduroam and it's not.
    • Possible best practice implication: Treat Anyroam users the same as your open wireless users. Users with eduroam creds have more trust.
    • Could be a user confusion issue with eduroam users thinking they need to get an anyroam credential  too. Can't work with both profiles on the same device.

Informational: eduroam Regional Program overview/legal structure (Ann/Mike)

  • Ann: As you all know, we’re rolling out a program for Regional and state level providers to deploy eduroam to K12s, libraries, and museums. 
    • Overview presented to Regionals at February QUILT meeting
    • Forming legal agreement for program.  Separating legal from policy.  Thinking policy needs to move faster. 
    • Developing an eduroam policy statement. Will start with approach for Regional/state partners, then work on adding Higher Ed to policy.
    • Once draft is complete will share with this committee, look for feedback

Meeting rescheduling (Mike)

  • Next meeting is….June 11
  • Moving to every four weeks
  • Next meeting either June 11th (3 weeks from now) or June 25 (5 weeks from now) and go every 4 weeks after that
  • No labels