Friday August 4, 11am-12:30pm ET
Attendees:
Brett Bieber - Nebraska
Jeff Egly - UETN
Kendra Ard - CSU
Amel Caldwell - UW
Rob Gorrell - UNC Greensboro
Josh Howlett - Federated Solutions
Saira Hasnain - University of Florida
Dion Baird - Oregon State University
With:
Romy Bolton
Sara Jeanes
Ann West
Kevin Morooney
Mike Zawacki
Regrets:
Tom Rixom
Michael Dickson
- Intellectual Property Reminder - All Internet2 activities are governed by the Internet2 Intellectual Property Framework
- Public Content Notice - eAC minutes are public documents. Please let the eAC and note taker know if you plan to discuss something of a sensitive nature.
- Agenda bash
- Amel: Revisit cloud based multi tenant topic. If we don’t cover it today we can add it to next month’s agenda
- Approval of last meeting’s minutes
- https://spaces.at.internet2.edu/display/eduroam/eAC+Meeting+2023-7-7
- Saira moves to approve, Amel seconds
- Majority approves.
- Support Organizations Update (Mike)
- Sun Corridor Network
- Proof of concept for eduroam enabled mifi hotspots for students/staff. Gabriel Lopez has been engaged with Maricopa county on municipal eduroam covering schools as well.
- Link Oregon
- Working with a few pilot districts including google integration. There is a requirement for MFA use and they’re trying to understand the relationship/impact to wifi.
- UETN
- Jeff: Amanda Molinari updated eSO community on new support for Wifi6 and WPA3 transitional mode for Cisco APs. Looking into working with the Salvation Army for hotspot deployments in support of afterschool programs. User Group meeting August 17th, 4:30-5:30pm ET
- (link)
- Nebraska
- Brett: Have added 25 new schools over summer. Omaha public schools has signed up - largest district in the state, so big win. Working with parochial schools as well. Had annual administrator conference, enabled eduroam for conference venue, high usage during the conference. Have been working with municipal hotspots with Allo, work progressing with residential deployments (more on that later). Working with our districts on understanding the eSO support model, encouraging more expertise building within our community. Full thanks to Josh for helping out with some of those issues!
- Working Group Updates
- Transitional Technologies
- Publish knowledge base articles, spin down group
- Amel: Feel like we have the three articles finalized. No public comment received
- Brett: Move to approve them to publishing those articles.
- Amel motions to approve, Jeff seconds
- Majority approves.
- Brett: Next steps?
- Mike: Close public comment page. Add to Knowledge Base
- Rob: Would there be a blog post or something similar?
- Sara: Could post to eduroam-admin list, also include in InCommon newsletter
- Rob: I can draft a note.
- AI Rob: draft and share with committee
- Best Practices Update
- Mike: Group met, assigned
- AI: Mike will coordinate meeting with eSO volunteers. Will provide them with current section on K12 considerations from BPG, ask them to notate and come to a meeting ready to discuss
- Rob: Could be useful to share some of the notes from Tom ROlfes on ERate concerns, also encourage additional discussion on topic of filtering
- Brett; We could ask Tom to join us for discussions or input as well.
- AI Brett: Contact Tom
- Cert redesign
- Sara: Cert Services currently has about 650 subscribers, mostly purchasing SSL certificates for websites. Have added additional services (code signing certs, user certs) but have increasingly heard from the community about needs to be updated. Shortening of cert lifetimes is one driver. Focus of group is on automation and delegation to reduce workload, increase flexibility. Also hearing that there are needs that aren’t being met - devops lifecycles, private CAs, etc. Latter is especially valuable to eduroam as we move toward cert based authentication. Nadim and Josh have been attending the calls as well. Currently reviewing use cases, including eduroam use cases around private CAs, and will check in with committee on prioritization. That will help inform the group’s direction of work.
- Josh: Issue that Sara laid out around credentialing devices and 90 day cert expiration are particularly important and will drive interest/need for private CAs. Good use case for eduroam. Issue hasn’t gotten a lot of attention in the supplicant and RADIUS server vendor space yet. More focus on web based certs.
- Brett: Thinking about current Best Practices Guide emphasis on cert based authentication. Good to have a way forward to balance the benefits of cert based auth and changing landscape in areas like cert lifecycle. Very important to eduroam community, particularly for newer adopters. Sara, any other requests for the eAC on this?
- Sara: Continued participation by Nadim and Josh is great. Will likely be coming back to this group for focus groups, other community inputs.
- TechEx 23 Mobility Day
- Report out from program committee
- TechEx 2023 Mobility Day program committee calls
- Page 2 has a rough agenda and presentations proposed to date
- Brett: Thanks to Sara for securing a half day slot on Monday 18th. Currently soliciting proposals for presentations and panels. Main update is that we haven’t had external submissions but have identified a number of speakers, one has confirmed (Nash Higgins from Texas A&M on 5G deployments).
- Brett: Wanted to get input from this committee - any gaps? Additional topics that should be included?
- Jeff: Good discussion at last meeting, lots of progress on firming up agenda. Still room for additional topics
- Brett; Next steps for program committee is send another push for proposals. Then send note on agenda to community
- Mike: Will also look at posting agenda on wiki, possibly in eAC’s area, will include links to decks, etc. Similar to TNC’s mobility day
- Sara: Would encourage members of this committee to direct folks who are working on/have presented on mobility topics (eduroam, private LTE, IoT, etc) toward the intake form
- Amel: Would be great to include WPA3/WIfi6E as a topic. I have one person who might be good to present on that
- Brett: I can include that as a potential topic in my reminder to the eduroam-admin list. Program committee will meet one more time before August 18th, will publish agenda at that time.
- Brett expects any attendees of TechEx to join us for Mobility Day :)
- OpenRoaming paper/IAMOnline update (Saira)
- Have an older draft that I’ll base my article on. Have been dealing with a lot of fires in day to day and want to turn back to that soon
- Update on industry engagement (ISPs and hardware manufacturers)
- Draft ISP Guidance
- Brett: Being driven by work in Nebraska with Cox Communications in Omaha and Allo in Lincoln. We’ve found that we continue to revisit some of the same subjects, felt it would be helpful to have talking points/framework for how these partnerships could look. Important as more K12/eSO engagement happens in these spaces. Draft above is my attempt to articulate the challenges might be with these larger scale deployments and solicit feedback from the community. Shared with the eSO on our regular coordination call earlier this week, generated good discussion. Would welcome any thoughts, opinions, questions from this committee
- Sara: Ann and I have officially engaged some folks who have expertise in wireless and cable industries to work out what it looks like to engage with this industry segment. Would value and appreciate feedback from this community - we’re early in our engagement here, but this is an important segment of the service so want to be transparent and build things out sustainably.
- Rob: Really excited about starting to explore this. Many thanks to Brett for this document. I read through it and think it’s great.
- Jeff: Agree with that. Good detail, thoughtfully addresses critical issues like dealing with balance of privacy when mapping residential hotspots, etc. Based on some of the activity we saw during pandemic we could really see the value of broader deployments in public spaces.
- Brett: In the spirit of seeking out conflict wanted to gauge everyone’s interest/thoughts about the opt in vs. opt out nature of ISP enabling eduroam for residential customers. So they’re deploying a configuration for eduroam hotspots. Would be very helpful to articulate a position on opt in/out approach. Also feel it’s important that whatever the approach is, it’s important that both the ISP and any eSO involved in deployment are in agreement.
- Saira: Do we spell out what data elements the ISP would have access to as part of their hotspot deployments? Think we need to clearly state that, both for residential customer information and for ISP.
- Brett: Great point. For ConnectEd Nebraska we would want to hold ISPs to standard hotspot requirements around logging, etc. But you’re speaking more to what the residential customers would hear?
- Saira: Yes. Believe it’s important to be transparent with them about who’s involved in the transaction - ISP, eSO, others? And to help them understand what participation entails. Also consider legal aspects/requirements.
- Brett: Great point. There’s a section on communication where I tried to provide considerations of transparency and think your questions are good to include. Also, consider that we’re expanding participation in the eduroam community to people who’ve never engaged with us (e.g. residential broadband customers) so it’s important to be clear
- Rob: Agree - it’s a new educational challenge in a new sector. Tenants and practices might be the same, but need to ensure they understand some basic and important concepts
- Ann: thinking about this in the corporate context - the compliance statement was written with R&E in mind, not private industry. Saira’s point is important for that reason.
- Jeff: Want to think about who’s providing that messaging. One thing we found when working with partners like transit authorities was that communication and clarity could be a challenge. Good to head off misunderstandings, miscommunications
- Ann: One thing I put in was scaling concerns. Lots of value for eSOs for the service, etc. Thing I’d look at is making sure that the right partners are involved and that roles are clearly defined. There could be a formal relationship that involves industry partners, eSOs, and I2. Brett did a great job identifying strategies that we need to think through. I propose that we use this as a pilot document, and that the explicit approach be opt-in. We can gauge in pilot how the opt-in and residential eduroam deployments are perceived before thinking about how to do it at state or national scale.
- Jeff: From an I2 perspective are there items that give you pause on the back end, once things start to scale up? What are you thinking about for that phase
- Sara: A big one is the perception of eduroam, quality of service, brand reputation. Users rarely differentiate between the service and the network it’s been deployed on. Need to consider that as we look at broader deployments. Privacy is another one. User data tends to be approached differently in R&E vs. private sector. Need to avoid data mining (and concerns from R&E communities around privacy). Another is infrastructure impacts. Also think about the core value of eduroam. Originally imagined as a way for researchers to roam around the world. We’ve added students, staff of HE *and* K12. Want to make sure we’re driving users making use of the service and number of places those service is used.
- Rob: Discussion parallels discussions we’ll be having when OpenRoaming becomes more prevalent. Great to have these sorts of talks now.
- Ann: I’m wondering if Josh has thoughts here, as a long time provider and upport/implementater.
- Josh: Have been public deployments in EU in partnership with commercial provider but it was always the municipality “owning” the hotspots. This is a different model, with industry being more explicitly forward. One thing I’m thinking about is the use of the eduroam trademark. GEANT owns trademark, and commercial providers don’t seem to fall within the R&E requirements to participate in eduroam. Don’t imagine there would be any major resistance to this but suggest reaching out to them
- Saira: From a lay perspective, when a user connects here on campus, they’re behind our firewall. With this approach if I’m at home and participate in this pilot, I’m no longer inside UF’s network. Is there a user perception issue there? Do they need to have the differences made clear/manage their expectations for security and access to resources that are only available to people connecting to UF’s campus?
- Brett; Matter of user training. Drive home that when you roam you might need to use a VPN, as with any other time they access the internet from an off-campus location. So it’s an existing issue but could drive a need for more education.
- Saira: Complicated by instances where users are visiting a business within or very close to UF’s campus and end up connecting to our network. They will still have access to protected resources, etc. I think this is all good - just speaks to considerations around user education
- Brett: Note - I’ll add preamble to this document making it clear that this is a draft doc. Sara, Ann, any updates on reaching out to GEANT on trademark?
- Sara: We’ve engaged with GEANT on this, want to look at a way to streamline approvals and engagements with ISPs and other industry partners.
- Location data/Compliance Statement letter from Brett
- Brett: Letter was sent to GEANT and other governing members of international eduroam community.
- Notice on change of committee nomination process, reminder of dates (Brett, Mike)
- Process will be presented at next quarterly Chairs Committee meeting (later this afternoon)
- Brett: Mike and I will attend that meeting and will report back to this committee.
- CACTI open letter to eAC on security of RADIUS (Rob)
- AI For Rob to share out with committee, would like to check in with eAC once I have a draft reply
- Next Meeting: September 1st, 11:00am - 12:30pm ET
- AOB?