Date, Time, and Location
Friday, May 13, 2022
11:00am ET | 10:00am CT | 9:00am MT | 8:00am PT
Minutes
eAC wiki: https://spaces.at.internet2.edu/display/eduroam/eduroam+Advisory+Committe
Attendees:
Jeff Egly - UETN
Rob Gorrell - UNCG
John Buysse - Notre Dame
Jeremy Livingston - Stephens
Brett Bieber - UofNebraska
Neil Johnson - IOWA
Mike
Amel Caldwell - University of Washington
With:
Kevin Morooney
Sara Jeanes
Mike Zawacki
Regrets:
Kim Owen
Agenda
- Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework
- Public Content Notice - eAC minutes are public documents. Please let the eAC and note taker know if you plan to discuss something of a sensitive nature.
- Agenda bash
- Bashed
- Approval of last month’s meeting minutes
- https://spaces.at.internet2.edu/display/eduroam/eAC+Meeting+2022-04-15
- Amel - approve contingent on removal of slide deck link
- ..
- SO update (Jeff/Brett/Mike)
- Report out from Jeff/Brett/Michael H on review of proposals
- CEN - https://docs.google.com/document/d/1oBHg4q6ZwN7CIRS9po8EAQHQdGsZA_er/edit
- Jeff: Feels like a solid proposal, similar approach to Network Nebraska and UETN
- Brett: Agree. They’ve been engaged for some time and reached out a year ago to discuss strategies for us
- Jeff: Strong organizational ties to state government is a big plus for them
- Mike; CEN had turned up 5-6 K12 districts already. Will be participating via the On-Ramp option
- Link Oregon - https://docs.google.com/document/d/1Co2xtK3NwrHWwza2zEcIDjlEvnzu-un2/edit#
- Jeff: Have been showing interest and participating in discussions around promotion of SP-Only/hotspots. Another good candidate. Lots of focus on building out fiber and increased connectivity for their schools. Have some strategic partnerships with OSU and PSU, will help with supporting On-Ramp efforts. Like the On-Ramp option - seems to have lowered barrier to adopt
- Brett: Interesting candidate, newer organization. This could be an opportunity to capitalize on eduroam to demonstrate value to their community. The fact that they already have alignment with their higher ed partners is great
- Jeff; Any additional comments?
- Sara: I think it’s a good group. Have been working with them for some time. Should stress the importance of developing their support plan during the onramp. Great to highlight their work during the monthly state/Regional eduroam calls.
- Jeff: Agree with the above. Interested in seeing how the pipeline shapes up with other regionals (Merit and work with Wayne State, tribal governments)
- Ann: Thanks to all of you for reviewing proposals and adding feedback. Always great to get another set of eyes
- Next steps/timeline
- Inform CEN, Link Oregon
- UETN
- Working on video for promotion of SPs/hotpsots. Will also leverage the promotional material we’ve been developing in conjunction with Link Oregon, SCN, and Internet2. Got a good bit of feedback from users who’ve benefited from the public deployments in DMV, state buildings. Looking at project to make it easier for SP/hotposts to come up (“eduroam in a box”.
- Sara: We’ve been looking at calling SP-Onlys “hotspots”. Would be interested to hear from this group on that. “SPS” is a technical/industry term. “Hotspot” feels more accessible, familiar.
- Mike D: I like that idea. Makes it more vernacular, familiar concept.
- Jeff: I agree. In our experience when we’re working with folks outside of the edu community it’s helpful to use terms that are more familiar. How do you see this rework playing out
- Sara: In marketing materials, like the SP-Only/Hotspot promo sheets we’ve been working with SOs. Also think about impact on eFM and other technical documentation and in legal agreements
- Mike D: Good for SP/hotspot operators given increased security and community assurances
- Brett: Wonder if that’s something to consider including in future documentation and promo materials. eduroam ‘secure hotspot’ marketing label
- Mike D: Yes. Can help give users a sense of familiarity and comfort with their devices connecting automatically
- Ann: We’ll be in touch with you to record a promo ;)
- Network Nebraska
- Brett: Sara put together a summary for the PAG which covers stats for Nebraska. One thing that has big potential are the conversations we’re having with Nebraska based fiber provider, which also serve CO and (especially interesting) with AZ. They’re already making public wifi available in 10 cities. Want to have a conversation with their main equipment provider (fiber modem/wireless AP). Looking at how to allow customers to make eduroam available within their home. Need to make sure we’re doing this in an architecturally sane and sustainable way. Potential to develop a strategy for engaging with ISPs on wider public/private deployments. Will be meeting with them on Monday.
- Jeff; Eager to hear how that conversation shapes up. With all the work you’ve done on ISP partnerships we’re rethinking our approach, looking to follow in your footsteps.
- Sun Corridor Network
- Brett: Allo (ISP that NN has been partnering with on public deployments) reached out to SCN. Also potential to piggyback work NN is doing with Cox into AZ. Looking at how NN can support SCN in their engagement with Cox. Anything else from others?
- Mike: Other main news is pivoting to new K12 districts for deployment
- Updates from advisory/community meetings
- InCommon Quarterly Advisory-Chairs call (Jeff/Brett)
- Use of PM software (Monday.com) to coordinate across committees
- Jeff: Interested to start working with Mike on getting our work reflected in Monday.
- Ann: Some additional background - this is a quarterly call with our committee chairs to coordinate, foster better understanding of the work being done by you all and your counterparts in other areas of the community. Netta Caligari (I2 community lead) looking to provide a platform for greater transparency to community, provide opportunities for advisory groups to work cooperatively and stay in touch on activities “across silos”
- Brett: Really excited about this. Coming into eduroam fairly new seeing lots of opportunities from this sort of cross pollination.
- Jeff: Internet2 will be hosting meetings on IAM, users.
- Ann: We do this every few years - looking at how we talk about ourselves, services, and the work we do. One example is the previous discussion of “hotspot” vs SP-Only. Developing a two page document on what InCommon does, how it offers services to meet community needs. Audience is those who have less familiarity with InCommon. Focus group wil lbe convened to help tune this messaging. Advisory chairs will be able to sit in on some/all of this discussion
- Kevin: The way we talk about what we do is always changing and evolving. Big changes a driven by need to adapt to community needs and conditions on the group. This is a chance to reboot how we talk about what we do.
- Jeff: Think that does speak to earlier example of hot spot/SP. Can see this coming up as we look at things like OpenRoaming, other big changes int he eduroam community.
- PAG presentation (Sara)
- eduroam Updates for TI PAG - May 2022 (please hold out of notes)
- Sara: The slide deck is largely a report out on what you’ve all been doing - nothing new content-wise, just presented for new eyes in community. Main thing to point out are the new features for eFM like ability for eduroam admins to add new admins, see existing admins for their organizations. Also be functionality for SO admins to add SO admins and constituent admins. Should make life easier for all - ability to self service help everyone. Also finishing up work on needs/solution documenting on IdP and SP testing. Those functions will come after “admin adding” functionality. Have included deck for reference and happy to answer questions after the call.
- Standing check in on work priorities for the eAC in 2022
- Jeff: Have had dialog in these meetings about areas to focus on. Have had input from GEANT giving global perspective. Next agenda item is probably next big priority for this group. Any items from others we should be paying attention to?
- Rob: thoughts around external testing?
- Sara: Two pieces - one easy, one less easy.
- IdP testing easier - will leverage lots of existing tools
- SP/RP testing - Less easy. Per requirements doc it requires short lived external credentials that test an org’s SP/RP. We will need to create some additional infrastructure. Interestingly, it will leverage some of the work of the User/Device Onboarding solution.
- Guest Access follow-ups (Brett/Jeff/Sara)
- Jeff: Sara, can you speak about the office hour sessions you hosted?
- Sara: Yes. Also covered in the deck linked above. Prompted by questions and concerns in the community WRT the turning off of ANYROAM’s guest access service. Some confusion about the timeline of change to that service and how the infrastructure migration figured into the turn down (also, thanks to those from this group who jumped into mailing list discussions, and to those who attended the office hours calls). Invited ANYROAM to attend but they opted not to participate. Some additional discussion with David Bantz on calls and on list. Feels like this particular topic has been resolved, though there’s still the matter of the work that the Guest Access working group has done. Guest Access is very much on our (I2’s) mind, though it’s one of several competing priorities. My ask of this group is if development of Guest Access is worth taking cycles form work on eFM enhancements and User/Device Onboarding
- Rob: Also feel it’s largely resolved. But am wondering if there’s a way to see if ANYROAM guest accounts are hitting our servers? If so, can we reach out to orgs who are routing requests to I2?
- Sara: Interesting question. We can consider that
- Brett; Agree it might be worthwhile to pursue. The risk is that someone is using an ANYROAM guest account and is trying to use it at site that isn’t set up to route ANYROAM guest services.
- Rob: Agree. It feels like we could fairly easily pull those metrics
- Sara: Two fold considerations. First is that ANYROAM guest users have to affiliation with any institutions, so we can’t see who we would need to follow up with. Could be more valuable to look for institutions that are routing ANYROAM guest traffic wrong.
- Rob: You’d know what institution routed a user to TLRS1/2 right?
- Mike D: Agree. You’d see a failed request from an SP and could run a report to look for those requests. Feels like it’s something that could be done fairly easily. Also, the thread on the mailing list did get contentious - Sara did a good job of responding. Before I joined this committee we were considering how else to handle guests - social credentials, something else? ANYROAM is still advocating the service, though it does require additional configs. Feels like there’s some confusion around their ongoing role, especially as Philippe is on the mailing lists actively promoting the service.
- Rob: I think there’s benefit in doing traffic analysis both to fix technical problems but also as a metric for community perception of the value of their service. Could also help if we need to have this conversation again with the community
- Sara: I’ll take a AI to follow up with the eduroam team and see about what we might do next.
- Jeff: Interesting conversation on the second office hour call with Vantage TC. So is the sense form the group that we’ve addressed this topic?
- Rob: I think these prior conversations are more about making sure that nobody’s “left out to dry” while the WG develops Guest Access solution, and to aim folks toward our work on a new service option.
- Brett: Also consider leveraging existing IAM teams to create identities/accounts for these guests. Only available to mature organizations, though
- Rob: Agree - not an option for everyone but available to some. In my experience where guest access comes up it’s always wifi where you get the first requests.
- Mike D: Have also heard concerns about guests being created locally inflating user counts, skewing metrics. Big driver for guests in HE can be graduations. The notion of those users being enabled to roam doesn’t seem like something we (HEs) would want to be responsible for. One nice thing about ANYROAM’s offering was that it was more tightly scoped, didn’t allow for system-wide roaming
- Ann: It’s a good point. Rob, you treat ANYROAM guest users differently than IdP sponsored users, yes? Global eduroam policy is that users have to be associated with an R&E entity. Nice thing about the proposed Guest Access is that it’s a complete solution that allows for management of users, tighter binding to R&E entities, and is part of a broader offering with better support. Understand the appeal of eVA.
- Mike D: So for the SOs deploying in gov. buildings, do those users need to be associated and R&E institution?
- Jeff: Yes
- Mike D: Loose affiliation also crops up in other contexts in the IAM world. Grow the community. Maybe look at ways to direct student adjacent populations (parents etc) toward the Guest Service
- Jeff; When we started bringing up gov buildings as SPs they often indicated desire to also join eduroam (or govroam)
- MikeD: Feels like a need/request that we’ll continue to hear. Consider govt employee that’s a hotspot - they’d want to be able to connect using it.
- Ann: WRT to govroam, there are countries in the EU that have it. Was developed by GEANT for reasons that Mike D stated above. It’s very informal/not standardized like eduroam is. Have had discussions with GeGC where there’s a concern about offering eduroam credentials to non R&E users. Issue always comes back to trust. If an NRO is too loose in its enforcement of user affiliation with R&E it could damage trust for that country, have an impact on functionality
- Rob: Highlights the value of OpenRoaming.
- Impact analysis
- Timeline analysis
- Re-open requirements doc for comment?
- User/Device Onboarding working group (Brett/Rob)
- Rob: QUick update - group has been meeting weekly, lots of new documentation, expansion of original requirements doc. Currently going over how to stage phases of service versions, other infrastructure requirements.
- Who’s going to TechEx? Have a (mostly) in-person Dec meeting of the eAC? (Jeff/Brett)
- Jeff: Those planning to attend TechEx? Could be an option to have a hybrid in-person meeting. UETN staff may be in attendance as well.
- Rob, Brett
- Brett: If others are interested in attending would be great to meet in person.
- MikeZ: Will take an action item to keep tabs on this, submit request for room at TechEx with gear to facilitate hybrid meeting.
- Next meeting: June meeting falls on top of BaseCAMP. Move to Friday June 17th, same time?
- Seems to work for most.
- AI MikeZ: send out updated invite.
- AOB?
1 Comment
Brett Bieber
I approve