Date, Time, and Location
Friday, March 18, 2022
11:00am ET | 10:00am CT | 9:00am MT | 8:00am PT
Minutes
eAC wiki: https://spaces.at.internet2.edu/display/eduroam/eduroam+Advisory+Committe
Attendees:
- Brett Bieber, Nebraska
- Jeff Egly, UETN
- Michael Dickson UMA
- Rob Gorrell - UNCG
- Neil Johnson - IOWA
- Amel Caldwell University of Washington
- Kim Owen, NDSU
- John Buysse, Notre Dame
- Jeremy Livingston, Stevens Institute of Technology
With:
Mike Zawacki, Kevin Morooney, Steve Zoppi, Ann West
Regrets:
Michael Hacker, Sara Jeanes
Agenda and Notes
- Approval of last month’s meeting minutes
- https://spaces.at.internet2.edu/display/eduroam/eAC+Meeting+2022-02-18
- Neil Johnson, Amel Caldwell approve
- SO update (Brett/Jeff/Mike)
- Network Nebraska
- Continuing to roll out to K12 districts, also with Cox on public wifi, transit companies for deployment on busses. Logging released, shared with our constituents. Tested it out, looks like it will be useful. Support org reports and logs = better support options. Next up is the NETA (state edu tech conference) will be presenting on eduroam.
- The Sun Corridor Network
- Nearly complete with their pilot school district, Pinal. Looking to work with next districts. Working on a contract vehicle for SP-only as well as IdP Constituents. Doing more promotion at state conferences and looking towards libraries next.
- UETN
- TCC (K12 tech director meeting) - presented on eduroam, engaged with community and followed up with last few districts that haven’t made full deployments. Attended the edu tech conference (UCET), had eduroam available on site. Eduroam user group for K12 tech staff. Reviewed reports, options for user onboarding (geteduroam was discussed). Working on updated promotional campaign
- Nebraska is also looking at creating promotional materials. Need to coordinate with UETN on that.
- Also good for SPs in the community, especially window clings, other highly visible materials. Fosters community awareness. Have also had good luck with bookmarks
- UETN brands their eduroam materials - it’s well incorporated in the design.
- Interested in standardizing and buying in bulk
- Link to GEANT promo materials, branding guidelines)
- Updates to program, fees
- Fees adjusted after analysis of staff hours, resources
- On-ramp: Provides a “try it out” period where an organization can sign up to 5 IdP
- Note that K12s would need to be working with a state level organization.
- Could a larger school be a proxy for smaller K12s? Or could a Higher Ed become the On-Ramp?
- Great to have HEs involved, but it needs to be coordinated at the state level. That could be the state dept of education or a regional network. Starting at the “top level” could simplify the process of joining for other folks downstream. There is a lot of benefit to having a statewide involved
- For a state that doesn’t have an SO or SO of interest a K12 would need to work with a Regional and Internet2 is happy to help facilitate those discussions and coordinate with regionals or state education departments
- eAC doesn’t want to shut the door on K12s if there’s nobody in their state who will step forward but Internet2 feels that the benefit to k12s is limited without coordination at the state level. For the long term sustainability of the service we feel this is a good approach
- UETN has seen some involvement from HE to help with the infrastructure
- Concern is that K12s could be stymied if they have to wait for state governments, but the committee understands the perspective of Internet2. The states/regionals can really deploy at scale and may be able to leverage funding and grants more
- The state dept of education could broker those relationships with HEs and other entities. Supportive of giving the states the leeway to organize themselves as they see fit.
- Announcement of March 22 SO webinar
- Formal call for proposals to join 2022 SO cohort, overview from current SOs on what participation has been like, what their process was to form up their proposal, and what they’re planning to do in 2022
- Standing check in on work priorities for the eAC in 2022 (Jeff/Brett)
- Global perspective - GÉANT paper, high level overview of trust and identity services. Excerpt covering eduroam to provide context on priorities, areas for improvement, threats to service
- Service delivered:
- Core services: European Top-level RADIUS
- Supporting services: monitor.eduroam.org (metrics and diagnostics), CAT,eduroam Managed IdP, eduroam Managed SP, OpenRoaming, geteduroam
- eduroam secretariat, eduroam support, business development, eduroam trainings, European membership management
- Areas for improvement/new development and opportunities:
- Reduce friction for users in deploying a safe configuration
- This ties into the User/Device Onboarding group’s work as well as some of the work the SOs are doing.
- Improve visual representation of usage statistics
- Reduce friction for users in deploying a safe configuration
- Threats:
- Decreased incentive due to lowered cost of 4G/5G and roaming; eduroam will still be go to for more "serious" (bulk download etc.) and indoor use of WiFi
- Experienced this within the largest K12 district in Nebraska. They have a 1-to-1 device program, each laptop has 4G LTE connectivity. That’s dented the standard value prop for eduroam in their minds. Interested in hearing from others on 4G/5G work
- In some cases, UETN has folded eduroam into their 4G/5G deployments, using private LTE as backhaul for APs which then broadcast eduroam SSID. This is in the early phases of work. On the other side, our schools put a lot of MiFi hotspots into their students’ hands during lockdowns. Caused some congestion on local cellular providers’ networks.
- Good to talk about cellular connectivity as complementary to eduroam. Helpful for the committee to anticipate more of these issues and plan for those conversations. Consider how this could be folded into this group’s work.
- OpenRoaming — it provides an eduroam like experience for everyone on the planet, including but not limited to education which means it could subsume eduroam .
- Another thing to consider is the notion of passwordless infrastructure. Certs feed into that well, PEAP and other username/password methods do not. We need to be mindful of reliance on usernames and passwords and how that could make eduroam appear as obsolete. Figuring out approaches to handle cert installation and management puts us in a better position and is also consistent with the guidelines we developed for the Best Practices Guide.
- Internet2 has some discussions internally about working with Sectigo on offering certs and cert management for K12. If interested in that we can set up a conversation.
- Could see K12s being interested in that and also interested in it for HE. Having a way to issue certs to users AND devices would be powerful for HEs, K12s, and others in the community. Password infrastructure feels “legacy”.
- As a school that still uses EAP-TTLS we’re looking at moving toward a cert-based environment. Recently attended a vendor webinar that dealt with cloud-based auth. They offer a PKI solution but there are heavy limitations on OS and browser. They’re partnering with Azure and other cloud providers to offer a PKI option. Right now, there’s no ability to manage certs through their service so we should consider the need for orgs to manage certs.
- Ideally there would be a service that could apply not just to wireless for other identity services that rely on certs. Internet2 is working with Sectigo on integrations into services like Service Now, other applications. Also looking at cert management services via cloud providers.
- Decreased incentive due to lowered cost of 4G/5G and roaming; eduroam will still be go to for more "serious" (bulk download etc.) and indoor use of WiFi
- Full document: GÉANT T&I Briefing Paper
- Update on User/Device Onboarding group (Brett/Rob/Mike)
- Requirements document
- This group reviewed documents and met last week. User/Device Onboarding requirements are starting to feel like a thought experiment that could be handed to a development team. Fits in closely with our early discussion about moving away from username/password and into certs and other passwordless options.
- Looking at the three components, the PKI has been identified as the most complex and as such would be best shifted away from the peering organization. Also looking at the other two components (RADIUS, client configuration) to see what can be moved off peering organization
- A community needs sections could expand the discussions to provide more clarity on our goals, thought processes. Also may need to identify available community services that could be leveraged, like geteduroam. It’s like we’re creating another spec for containers/infrastructure parts that could incorporate those existing elements.
- Also considering which components could be shared, which would need to/could be per-subscriber.
- Requirements document
- eduroam service, next up solution reviews (Sara)
Could convene smaller team to talk through these documents. Broader group can make notation There’s some time sensitivity so we’d like your feedback before the next meeting
- Brett and Amel volunteer
- One thing to remind constituents of is that this isn’t just about feature parity, it’s about feature parity at scale and *future* scale.
- Mike will set up scheduling poll, send calendar invite for group to meet and review docs.
- The committee will add notes/feedback/questions to the solution review docs
- Input/feedback/thoughts on applicability re: Stefan/GEANT’s OpenRoaming summary for end users (Sara/Mike)
- https://eduroam.org/eduroam-openroaming-end-user-information/
- The topic of OpenRoaming has come up for UETN so this is really helpful
- It’s helpful to understand how OpenRoaming and eduroam overlap, complement.
- eduroam service updates (Sara)
- Logging
- Guide for Logging: https://spaces.at.internet2.edu/display/eduroam/eduroam+log+viewer+Basics
- Rate limiting
- Next up - self-serve admin signups
- Collecting beta tester names
- The use of beta testing concept is something new and signals increased openness to engagement and responsiveness to community. SOs have features they want and I’m hopeful that this sort of engagement will help
- NN appreciates the opportunities being presented to eAC and SOs. Sara has been doing a good job of being open and available. I could see benefits for the developers as well.
- eAC was intended as a way into the community for this development and feedback and like the idea of expanding that list of potential testers.
- AOB?
- Cool story from UETN - we had a staff member and their family travel to DC and had connectivity the whole time at places like the Smithsonian.
Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework.
Public Content Notice - eAC minutes are public documents. Please let the eAC and note taker know if you plan to discuss something of a sensitive nature.
3 Comments
Romy Bolton
Kim Owen approves
Brett Bieber
I approve.
R. Jeff Egly
I approve. Jeff Egly