Page History

...

• • One way to possibly approach this would be to point to UETN’s documentation as a case study and GEANT’s documentation as a reference source for more in depth information, but focus on creating our guide specifically for consumption by US subscribers. Pointers to UETN and GEANT resources would round out content and serve to inform the US eduroam community about these parallel efforts. 
  • Consider new subscribers, especially from segments like K12, and how we can guide them through implementation and support. 
    • Maybe jot down key decision points that could come up for each item. Gather recommendations from group on each point (e.g. going EAP-TLS vs EAP-PEAP, anonymizing outer identity vs allowing user names)
    • Logging requirements would be good to include Miro - in line with global requirements and recommendations
    • Include distributed approach to support - what’s expected of participants in their various roles. 
    • Could use a security section. WPA3-Enterprise considerations, RadSec, EAP server certificate options, etc would all be in that section
    • AI Mike add 1) security, 2) logging practices to the outline
    • Include reference to document on EAP server cert considerations and eduroam IdP considerations
    • Format suggestion -  Ultimately there needs to be a "here's the recommendation" at the top and then "Here's alternative options" aka, you should be using EAP-TLS and non-public EAP server certificate because XYZ. "Here are alternatives ... blah blahetc. Most secure = recommendations. Alternative = additional info"

    • Best Practices Guide working group review the resources listed here and come to that call ready to discuss.  Mike will include the list in the meting invite to the working group.
  • Would also be good to include SP only info, keeping in mind that ANYROAM is the owner of most of those SP-only relationships. Advise having a callout to the role of IdP/SP members of the academic community, and explaining the difference between that community and SP-only subscribers
  • Unsure the SP-only option is only for private/corporate entities. Consider teaching hospitals - they need to allow students to connect while on prem, but may not need to allow their employees to roam.  Could be a technical or organizational question. For example, teaching hospitals could be IdP/SP, maybe with main university managing both the IdP and SP portion, etc. In Croatia, Slovenia, Hungary for example, the NREN provides Wifi for K12s and acts as SP.,  Similarly, in Luxembourg there is a national database for all K12 students which serves as an IdP. Schools are  SP-only. Not sure we should be overly picky about SP-only, everyone loves more service. Restrictions do make sense for IdPs to ensure they stick to the RE “mission” of eduroam.
  •  Reference role of GeGC, other NROs
    • Add section for content/URL filtering practices? Especially critical as we look toward K12 
      • Tim might present on this at a later date future
    • Could be included under the security section 
    • Need to make it clear that filtering at a K12 location won’t extend to other service locations, set expectations 
    • Tim is happy to talk offline with people about emerging tech that could help K12s with filtering outside of their schools. 
  • Working group composition - UETN representative, Neil, Tim, Andrew, Mike Z/Romy
  • Timeline - Draft available for July 9 meeting.  Understand the need for the aggressive timeline
• Next meeting of eAC: July 9th, 1pm-2:30pm ET
• Next meeting of BPG working group TBD. Mike will send out scheduling poll.