Versions Compared

Old Version 3

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Link to the eduroam Best Practices guide
  • Overview:
    • This Best Practices Guide was an important deliverable for eduroam Advisory Committee (eAC)
    • Developed in context of using US policies and regulations
    • Guide is not intended to be highly technical
    • Provides best practices for forks in the road, where as an eduroam deployment you could go in different directions
    • New communities, including K12, libraries, and museums are interested in eduroam
    • The Best Practices Guide is intended to be updated over time
  • Comments from CACTI 
    • Use cases provided are helpful
    • With RadSec moving to TTP, will an update to the guide be needed around load balancing?
      • Yes, the guide is intended to be a living, evolving document.  
    • Are there cloud based approaches that should be mentioned in the guide? More plug and play?
      • RobG: the best practices guide will evolve to address eduroam next generation
    • Document could benefit from list of references, example definition of radiostatus server
      • For example, In public school systems, some may not be familiar with RADIUS
    • When eAC was chartered, there was awareness that other countries, in Europe have similar committees. How are those committees working together if at all?
  • Authentication Methods
    • There is a push for MFA, including from the NIH  
    • RADIUS uses older authentication methods 
    •  web protocol would be tricky in this context, but some sort of MFA would make sense
    • RobG: currently the Best Practices Guide focuses on certificate-based methods for authentication, not username and password
    • If RADIUS evolves, that could change
    • Eduroam versus MDM?
    • RobG: did not tackle MDM in this best practices guide
    • Recommend ETLS on server end
    • Do not recommend on client end 
    • End user provisioning is a pain point, especially student owned equipment and devices
    • In K12 especially, there are not MDM solutions that Higher Ed may have
    • Will be helpful to get feedback from support organizations on device provisioning
    • sites with difficulty with RADIUS , might think ETLS means a need for PKI
    • More info on ETLS could be helpful for this guide
    • RobG: we tried to keep the best practices guide broad
    • But there may be a gap in supporting documentation

  • DECISION: CACTI provides conditional approval to the eduroam Best Practices Guide with note of recommendation to add appendix to the guide, as well as coverage of stronger authentication within RADIUS, and discussion of ETLS without PKI per the discussion above.
  • Thanks to the eAC for the excellent work 

...