Friday May 19, 11am-12:30pm ET
Attendees
Brett Bieber - Nebraska
Amel Caldwell – University of Washington
Josh Howlett - Independent
Jeff Egly - UETN
Tom Rixom - SecureW2
Mike DIckson - UMass Amherst
Rob Gorrell - UNCG
Nadim El-Khoury - Springfield College
With
Sara Jeanes
Mike Zawacki
Romy Bolton
Regrets
Kendra Ard
Saira Hasnain
- Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework
- Public Content Notice - eAC minutes are public documents. Please let the eAC and note taker know if you plan to discuss something of a sensitive nature.
- Agenda bash
- Bashed!
- Approval of last meeting’s minutes
- https://spaces.at.internet2.edu/display/eduroam/eAC+Meeting+2023-4-14
- MikeD motions to approve, Jeff seconds
- Approved by consensus
- Mobility day for TechEx
- Sara: Modeled on TNC’s (GEANT networking conference - https://wiki.geant.org/x/mwBpIw) Mobility Day event. Covers eduroam and other mobility technology (wifi, cellular, etc). Chris Philips (CANARIE) suggested we have something similar at TechEx.
- Scheduled for 1pm-4pm ET on Monday (Sept 18th - avoids conflicts with any of the other tracks)
- Interest for planning committee volunteers?
- Chair (solicit talks, promote within the community)
- Program committee
- Jeff Egly
- Mike Dickson
- Nadim El-Khoury
- Brett Bieber
- Possibly Chris Philips (advisor, other role?
- AI Sara: Look into logistics, meal, etc
- AI Mike: Set up initial meeting
- Possible topics include 5G, cellular offload, Wifi 6e, and other emerging technologies
- Brett: Like this idea - lots of topics in the community that could be addressed. Chris signaled willingness to participate/lead?
- Sara: He offered to participate but we’d like to see this group and others from the eduroam US community lead the charge. Want to ensure that conversation is lead by topics that are important/relevant to our community
- Brett: Thoughts from the committee? Good idea?
- Josh: Yes
- Jeff: I like this as well, think it’s very timely. May or may not be able to attend but worth noting that we (UETN) are heavily engaged with CBRS/private LTE projects and eduroam comes up in those discussions. Also mentioned in connection with WiFi6. Jim Stewart (UETN CTO) has expressed interest along these lines as well.
- Questions of ssid name - followup to eduroam-admins list WRT adding a spectrum related suffix/prefix to eduroam SSID
- Brett: Kicked off on list by Mary Bull. Thought it was great that she brought a topic to the community. Feel it’s important to make newcomers feel welcome, engage in discussion. Topic of handling transition to newer tech is important, worth discussing. Thoughts from others
- Josh: Could you provide a little more context of the initial message?
- Brett: Question was around how to handle different spectrum on same network WRT eduroam? Is it worth denoting that there are different options via the eduroam SSID. Original message: https://lists.internet2.edu/sympa/arc/eduroam-admins/2023-05/msg00002.html
- MikeD: Understand the desire from a technical perspective, but it can break the service when users travel. Can also put end users in the position of having to make decisions without fully understanding the context and in ways that can cause them to fail when they roam. Lots of ways to address availability of multiple bands other than SSID names, most can be optimized without requiring user input. I think those are better ways to support our users.
- Josh: Generally speaking this seems like a terrible idea. Devices can be promiscuous with trust. Users tend to “click through” prompts without considering implications. Having a standard eduroam SSID is better for security. The objective has to be preventing the behavior of users to connect to SSIDs that look safe but might not be
- MikeD: Agree with this. Bad actors could set up an AP broadcasting “eduroam-slow”, for example, and harvest credentials.
- Sara: Thread started with a conversation at CommEx between Mary and myself - appreciate this group’s help in addressing points on the list. Worth noting that updates to eduroam compliance statement (see link below) forbids modifying eduroam SSID.
- Brett: Agree with concerns around security. As we expand into new segments of the community like K12 we’ll be increasing the number of eduroam admins. How do we facilitate conversations with these folks around best practices, common challenges, sharing expertise, etc? Don’t recall that security was mentioned as a concern on the mailing list but it’s worth including in discussion
- Rob: Another angle to consider is what are the impacts on eduroam from new tech like Passpoint, OpenRoaming, etc. SSIDs might become less important. How do we guide the community through those decision points.
- Nadim: Agree. Do we need to mention security concerns around SSID names in the Best Practices Guides? Could be worth including. Also, want to second the importance of creating a welcoming environment for newcomers.
- Rob: Also consider trust framework impacts of the SSID name being changed.
- Brett: Could we ask the BPG working group to include a mention of this in the update to the guide?
- Rob: I’m a little conflicted about this as the naming of SSID isn’t a recommendation but a requirement. But we can make that clear, explain a bit why that requirement exists
- OpenRoaming update - Stefan’s email
- Response to Stefan from his Microsoft contact "The NPS RADIUS server does not support the TLS 1.3 versions of the EAP methods and there is currently no concrete plan to add that functionality."
- Stefan’s take: “I had specifically asked about Server 2022. Since that is released and shipping, and their answer is fresh from this weekend, I would interpret that absolute statement as: no, not even Server 2022 supports TLS 1.3.”
- Working Group updates
- Best Practices Guide update
- Brett: Include section around
- Rob: We’ve been doing a lot of asynchronous work over the last few weeks give multiple conferences and other travel
- Transitional Technologies
- MikeD: We have three main topics that we’ve addressed:
- Looking for institutions using MSCHAPv2/PEAP to get their take on impacts of deprecation of protocol in Windows11
- MikeD: Are there members of this committee that could assist with this?
- Nadim has added material to flesh out this article
- Josh: I’ve been very curious about this issue, have dug into some of the technical underpinnings. Can see that this is a real issue for machines that are machine joined, but less critical for those which aren’t (credentials end up in the registry). Wonder if the issue in Springfield College is with machines that are domain joined.
- Nadim: We’ve seen this with non-domain joined machines.
- Josh: So this is more of an issue for managed/staff machines?
- MikeD: Need to talk to a local college that reported this initially. They stated these were student machines. Suspect they weren’t domain joined
- Rob: We did get some conflicting info initially (Windows Home and Pro machines were both impacted). Could be a bigger issue than domain joining. Need to collect more data.
- Nadim: We solved some of the issues by dropping TLS1.3 from our RADIUS config. We purchased a Dell Laptop running Windows 11 22H2 Home edition, which has worked without any issues. We needed to ensure that our FreeRadius Server was configured only to accept TLS 1.2.
- MikeD: We feel we’re nearing completion of these three articles. Want to be mindful of not stepping on topics that the BPG Update working group
- What’s next? Passpoint/Hotspot2.0/OpenRoaming considerations? Other topics?
- Brett: Could we have all three of these articles complete by our next meeting?
- MikeD: I think so. Amel is almost done with his article on WiFi6. I’ll follow up with the local school reporting on MSCHAPv2 issue and fold that into the
- Best Practices Guide update
- Support Organizations Update
- ConnectEd Nebraska
- One of our school districts just stood up 20 more sites. Otherwise, holding steady on deployments.
- Link Oregon
- Working on initial pilot deployments (Lane ESD, Linn Benton Lincoln ESD)
- Working on Google ID integrations
- The Sun Corridor Network
- Engaging with two new districts (Yuma and Maricopa) and Maricopa county government for hotspots
- Finalizing connector agreement
- Interested in Google IDs as well
- UETN
- Getting ready for our Tech Summit. Working on moving eduroam2go project forward, will be presenting on that at the Tech Summit. That presentation will be available virtually as well
- [link, time]
- Developed some additional marketing material, got okay from I2, GEANT
- Getting ready for our Tech Summit. Working on moving eduroam2go project forward, will be presenting on that at the Tech Summit. That presentation will be available virtually as well
- ConnectEd Nebraska
- Compliance statement update (Sara)
- eduroam_Compliance_Statement_v2 DRAFT.pdf
- In Final review, last comments due by May 31, 2023
- Sara: Compliance statement is about 10 years old, hasn’t been updated in that time. International community is working on final draft of updates to address changes in the eduroam landscape. Have been working comments through our legal team as well.
- Sara: Some sections to call out
- Sections on NRO now includes explicit requirements/responsibilities
- Change in log retention period for IdPs. Was 6 months, being proposed to reduce that to 3. Partly in response to updated privacy regulations
- Additional logging requirements (OperatorID, etc)
- Administrative cleanup, updates to old or deprecated technology.
- Rob: To go back to SSID name, the “eduroam-[whatever] seems like it was intended to address saturation in urban areas, etc, especially in the international community. Are there other ways they plan to address this?
- MikeD: If someone’s going to use a new SSID, why even call it “eduroam”? It won’t work for visiting users, your users can’t roam using their profile
- Brett: Feel like there are other ways to address bleedover than changing SSID name
- Nadim: SHould we direct feedback to the list or to you, Sara?
- Sara: Directly to me please.
- Nadim: Do organizations that have technical issues which prevent log retention need to report that to I2?
- Sara: No, it’s more a function of that institution’s interactions with whomever requests log info (e.g. DMCA requests, requests from other institutions for one user’s behavior, etc)
- Quarterly retrospective with eAC?
- Structured discussion?
- Report on accomplishments?
- Brett: Wondering if there’s a way we could develop a survey or other instrument to gauge from you all if we’re focusing on the right areas, topics. Could we look at a report out to the community? Could also draw more attention to the meeting minutes, other artifacts of our work.
- Jeff: Think it helps to share out our work with community. Has there been any discussion on the advisory chair meetings?
- Brett: Yes - we do meet quarterly, discuss your work with that group. Thinking through a survey after hearing about other folks on advisory groups who did something similar.
- CommEx report out (Brett, Sara, Mike, other attendees?)
- Mike: Presented with Brett on eSO program. Gave
- Brett: Outlined ConnectEd work to date, talked through higher level items to reflect the REN/NREN audience. Met with NROs from Zimbabwe and Kenya afterwards who were in attendance
- Sara: eduroam BoF had participants from school board in IL, discussed approaches to ensure organizations that say they’ll deploy the service will actually stand up eduroam. Also talked about how logging updates could address that concern. That work is still pending.
- Next meeting - June 9th
- Many I2 folks will be at TNC23
- Reschedule for Friday, June 16th?
- No objections to moving with that time
- AOB?