Friday April 14, 11am-12:30pm ET
Rob Gorrell - UNCG
Brett Bieber - Nebraska
Josh Howlett - Federated Solutions
Mike Dickson - UMass Amherst
Jeff Egly - UETN
Kendra Ard - CSU
John Simpkins - University of Michigan
Amel Caldwell – University of Washington
Michael Hacker - University Heights Charter School District
Dion Baird - OSU
Saira Hasnain - UF
- Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework
- Public Content Notice - eAC minutes are public documents. Please let the eAC and note taker know if you plan to discuss something of a sensitive nature.
- Agenda bash
- Future standing agenda item - trip reports on industry/technical conferences?
- Approval of last meeting’s minutes
- Jeff approves
- Kendra seconds
- OpenRoaming Update
- Discussion with John Simpkins on University of Michigan’s deployment
- Link to John’s slides: https://docs.google.com/presentation/d/1y1ZFW_WKxcK8F5SRIYCikA40Eb0sYy8DXSfQhKEYc3k
- Brett: Why do you think AT&T was interested in this? Did the folks you worked with there focused on Ann Arbor/Michigan area? Or were they interested in a broader scale deployments?
- John: IO think they were most willing to participate because they’ve been doing it longest (since 2010). They see the value of this sort of offload and are open to collaboration- bandwidth constrained. We have an MSA with them, amended agreement for this pilot. WRT scale of their interest, they were enthusiastic about the idea of expanding this out in R&E, were okay with this smaller scale pilot. They aren’t in a position to enter into a bunch of bilateral agreements with individual schools/institutions
- Brett: What did other carriers say?
- John: T-Mobile participates in OpenRoaming, also Airpass. They seem set up for something like this. VZ has shown no interest in this, at least not as of 18-24 months ago.
- Brett; Maybe mention that you have some buildings with poor coverage 🙂
- Brett: You mentioned hardware complexities - for this PoC in the 7 buildings, did those all have similar/same hardware?
- John: Yes, all buildings are in Ann Arbor, same/similar hardware.
- MikeD: So you initially deployed with Aruba’s Airpass feature, but moved to roll your own to work around different AP flavors?
- John: We didn’t even get that far. Had an initial, single deployment with Airpass but there were cloud architecture requirements that we don’t have, don’t plan on getting
- MikeD: For users that blow away their wireless profile, connect via SIM is there a way to trace back to users for DCMA/CALEA//etc compliance
- John: Passpoint authentications include information that we can provide to AT&T and they can give us user identities.
- MikeD: If there’s a failure will it fall back to SIM authentication? Or does it must die
- John: We haven't tested that, but likely comes down to client behavior. We could test it thoug
- John: WRT RADIUS traffic, we talk directly with SingleDigits
- Sara: So they’re serving as an aggregator? Sounded like you signed your agreements with AT&T.
- John: Correct. SingleDigits sits behind that agreement
- Brett: For scaling considerations, is the ideal outcome to sign with a “SingleDigits” like entity which then handles relationships/auth flow with cellular carriers
- Sara: Looking at this diagram, wondering what role OpenRoaming/WBA plays. Whoever sits in the clearinghouse position might not need any intermediaries between themselves and cellular carriers correct?
- John: Yes. That’s the ideal set up from our point of view. It wasn’t clear to me which carriers would be participating with OpenRoaming/WBA. Getting various levels of readiness, interest from carriers. Removing the intermediary clearinghouse would reduce overall complexity (even though it would add complexity for whomever ends up acting as the clearinghouse)
- Sara: Sounds like it would just be 3 carriers to deal with, could tackle MVNOs later, or let the main 3 handle the downstream there
- John: One of the issues we had with Airpass is that the vendor is collecting money on both ends. Settlement free agreements seems like a better fit for the R&S space.
- Sara: Worth noting that this discussion is not explicitly OpenRoaming related. It would be a matter of eduroam US/Internet2 doing offload with carriers.
- Josh: WOrth noting that we’re already seeing instances of this traffic at the eduroam US proxies. They always fail, but moving in this direction wouldn’t be inadvertently denied service. Question about MAC address - mostly seem to be randomized, so hard to capture actual usage data. WRT RadSec why did you use that?
- John: It was a “nice to have” and turned out to be easy to configure, so we did it.
- Brett: How will you measure the success of this project?
- John: We’re seeing more usage at these sites that would otherwise not be able to auth, or that would have a worse experience. Strong incentive from our leadership to solve for poor coverage without using a bunch of DASes. The criteria our leadership has put in place is that emergency calls will always go through, will not get dropped on handoff, won’t get lost in wifi vs. cellular decision logic, and will allow for reliable location info. We’re working toward those foals and that will continue to be a priority for our team.
- Michael: Was that the main project goal for your leadership?
- John: Yes, that was the main driver
- Michael: Have you started looking at how to inform your staff that an E911 call has been made?
- John: I don’t know that we will. There are regulatory considerations if the E911 call is made from a personal phone rather than a campus VOIP device.
- Brett: Some good benefits outlined here - reducing number of SSIDs, better user experience, safer for staff/students.
- Next steps?
- Jeff: Wondering if there’d been any discussion about how this could fit into a private LTE deployment
- John: Big carriers provide us with a list of PLNNs for Passpoint authentication. Thinking ahead, if we include campus/private PLNNs it would be great if those were Passpoint enabled
- Amel: Have seen other LTE deployments that have MOCNs that can point to commercial networks.
- Amel: We’ve been doing a Passpoint deployment at one of our buildings and have seen much more traffic that ends up there as opposed to on our wifi. Have you looked at network/capacity implications?
- John: We’re monitoring impact over time. To Josh’s point, device MACs aren’t a good metric.
- AMel: Do you put Passpoint users on a separate VLAN?
- John: No, they go on the same VLAN as eduroam traffic, but have policy we apply to external eduroam users and use that for Passpoint connections.
- Brett: Other institutions that might be interested in doing something similar? How could we get this opportunity in front of the community?
- Sara: We can work on that. As John’s framed this out it sounds like something that would be good for the eAC to look into. You all could put together a requirements document as you have for other services, and then present to Internet2.
- Brett: Like the idea of sharing more of the architecture diagrams, sharing with the community, and look at further work by the eAC.
- Updates from around I2
- CACTI - Rob
- Rob: Joined March 29th meeting. Two points CACTI wanted to bring back here
- IETF working on FIDO as a means for eduroam authentication.
- Update to RADIUS protocol. Will impact routing approach.
- MikeZ: IETF is forming up a working group, Margaret Cullen looking into that as well.
- Sara: Could make request routing easier, faster, more reliable, particularly for international roaming.
- WG updates
- Best Practices Guide refresh
- Rob: Continuing to work on restructured guide (broken up into IdP and SP/hotspot sections)
- Transitional Technologies
- MikeD: Have been meeting weekly, discussing problems/issues in ancillary systems (TLS versions, etc) and new technologies (WPA3, Wifi6e, etc). Have set up a wiki page to track, provide updates for issues. Structured in a release notes like format. Each note includes description of issue, provides work arounds for short term and longer term fixes.
- In draft state, publicly viewable but not yet linked
- Brett: This is great. What are next steps for communicating out to community.
- MikeD: Have talked about including links to the space in monthly report.
- Brett: Could send note to admins that this info is available, suggest they use “watch” function. Could you and MikeZ work on getting a note out to the admin list, start with TLS 1.2-3 WIndows 22 issue?
- Rob: We’re also going to invite Stefan Winter from GEANT eduroam-dev group
- MikeZ: We’ll also post to the eduroam US knowledge base
- Rob: Also discussed adding to upcoming draft of Best Practices Guide
- Service Level Requirements
- Brett: Kendra, Rob, and I met, discussed this and came up with some possible next steps for this committee. Recap - Looking at a set of baseline expectations for all eduroam participants. One question is how we can tell when a site is “working” (e.g. does the hotspot portion allow raomers to authenticate, does the IdP portion allow its users to authenticate, etc). Want to talk through methods to gather the data needed to inform work, define success.
- Brett: Question for this committee - what sorts of requirements should we develop? What does baseline look like?
- Support Organizations Update (Brett, Jeff, MikeZ)
- eSO summaries
- Link Oregon
- Firming up project team, bringing on additional expertise from OSU. Making good progress on first pilot districts. Looking at ways to leverage pending state broadband funding into eSO work, bringing on new districts as part of that effort.
- ConnectEd Nebraska
- Continuing to share expertise with new SO members. Discussing plans for this year and continuing to plan for transition from Project to Program and incorporate offering into Network Nebraska membership.
- The Sun Corridor Network
- Shifting project personnel around, working with new candidate districts in Yuma. Recent progress on integrating with Google ID is making conversations easier with districts.
- Jeff: Focus has been on hotspots. Amanda (PM for eduroam effort) has been approaching candidates for hotspots, looking for advocates within community to help those conversations as well. Have also been opening discussions with SLC city council on public deployments. Will be presenting on “eduroam2go” (turnkey eduroam hotspot devices) at Utah’s Tech Summit (virtual participation is an option)
- Report out from CoSN23 presentation
- Brett; Jeff, Amanda, and myself presented on eSO work. Good conversations, also met with commercial ISPs. New community for us, good to build connections.
- Jeff: Agree. Had a neat conversation with Minnesota parochial school that had seen benefit of K12s and eduroam as their students move into HE. Also had some good engagement with TX schools as well.
- Update on 2023 cohort
- Now accepting proposals for 2023 cohort
- GeGC update (Sara)
- Sara: Would like to make sure we capture Saira’s work on OpenRoaming, get a quick report out, and get her blog post published and promoted
- Saira: Met with John Simpkins, reviewed WBA’s documentation. Working on a draft of blog post and will have it together within the next few days. Structured as a sort of “eduroam or OpenRoam”. Covers considerations around onboarding difficulties with OpenRoaming, etc.
- Sara: We’re also working on an IAMonline presentation on OpenRoaming, will likely be tapping you on the shoulder for that.
- Looking to update compliance statement
- Sara: Currently reviewing with I2 counsel. Open for comment until May 5th. Main bit that might interest this committee is change to log retention requirements. Will send draft out to this committee next week for comment.
- Mobility day 2023
- Sara: Ann, MikeZ will be attending. Amanda’s eduroam2go presentation would probably be a good candidate for presenting there!
- MikeZ: Sara and I will also be presenting on the work of the eSOs
- Campus Technology Interview with Brett and Saira
- Proposals for new topics, standing agenda items (Brett)
- More integration with eSO community
- Brett feels that the eSOs represent the future of growth for eduroam. Interested in cultivating an understanding of of what the eSOs do, what their challenges are. eAC is more technical minded, less involved in the K12 perspective.
- Identify infrastructure, resources, skillsets that might be missing in the community to enable more integration, more adoption in smaller/less resourced organizations
- Quarterly retrospective with eAC members
- Goal: Check in on direction, make adjustments. See if members are getting what they expected.
- Next meeting time
- Friday, May 19 , 11am-12:30pm ET