...
As an outcome of the February, 2010 ITLC meeting, the Communications Planning Group (CPG) was asked to work with the UCTrust Work Group to prepare a recommendation report to evaluate the viability, risks, and cost at an institutional level for a common Wireless authentication and access methodology to allow any member of the UC community to use the wireless networks of any other UC entity without need to creation of guest or visitor account status. Suggestion is to specifically specifically investigate the use of InCommon/UC Trust and or Eduroam as an authentication mechanism. This would be in addition to, no not necessarily as a replacement of, current authorization services. Objective would be to have a minimum of four participating UC entities by fall 2010.
This project was discussed in the CPG's May, 2010 meeting, and it was agreed to take the following approach:
- We observed that most (all?) campuses have two wireless networks. One is encrypted and authenticates with 802.1x, and the other is not encrypted and authenticates via a web portal. Guests might use either, but generally would use the unencrypted network.
- UCTrust currently supports Shibboleth for implementing federated access to services. While there has been a little work in using Shibboleth for non-web applications, it is primarily designed for web applications.
- There is a project called eduRoam in Europe that federates 802.1x access, and that is starting to expand into the US.
- We agreed that federating our web portals with Shibboleth is the best first step. We will track eduRoam progress in the US and plan to federate access to our encrypted networks when it seems appropriate to do so. UCD, UCLA, UCB, UCR, and UCSC agreed to be the initial campuses to do this.
Reference Materials
Meetings
Wiki Markup Tuesday, June 22, 2010, conference call \[[Agenda|uctrustwg:UCTrust Wireless Agenda - 2010-06-22]\]
...
Charge from the ITLC to the CPG
Consistent Approach for Guest WiFi Access at UC campuses
Engage the UC Trust Work Group and prepare a recommendation report to evaluate the viability, risks, and cost at an institutional level for a common Wireless authentication and access methodology to allow any member of the UC community to use the wireless networks of any other UC entity without need to establish one-off guest or visitor access.
A suggestion is to specifically investigate the use of InCommon/UC Trust and/or Eduroam as an authentication mechanism. This would be in addition to, not necessarily as a replacement of, current authorization services. Objective would be to have a minimum of four participating UC entities by fall 2010. This report would be reviewed by the ITLC at the July 2010 meeting.
Reports
- Wireless Network Roaming for the University of California
- Final version sent to CPG and the UCTrust Work Group on 9/24/2010
Meetings
- Wednesday, September 22, 9:00-10:00, conference call [DRAFT Notes]
- Thursday, September 2, 1:00-2:00, conference call ?[Notes]
- Friday, August 13, 2010, 11:00-12:00, conference call [Agenda, Notes]
- Monday, July 26, 2010, 10:00-11:00, conference call [Notes]
- Monday, July 12, 2010, 1:30-2:30, conference call [Agenda, Notes]
- Tuesday, June 22, 2010, 9:00-10:00, conference call [Agenda, Notes]
Reference Materials
- DRAFT - UCTrust Wireless Approach after the Eduroam-US Announcement - DRAFT
- Existing Campus Wireless Authentication
- Proposal for UCTrust Metadata Listing IdP Network Addresses
- eduroam
- Comparison of Alternative Federated Wireless Authentication Strategies
Participants
- Robert Cartelli, UCSC
- Dedra Chamberlin, UCB
- Patrick Flannery, UCDHS
- Bob Grant, UCR
- Chris Hain, UCD
- Russ Harvey, UCR
- Stephen Hock, UCR
- Erik Klavon, UCLAUCB
- Gabe Lawrence, UCSD
- ken lindahl, UCB
- Jim Madden, UCSD
- Jeff McCullough, UCB
- Dave Parsons, UCLA
- Mark Redican, UCD
- Andrew Tristan, UCR
- Mike Van Norman, UCLA
- David Walker, UCD, convener
- David Wong, UCD
- Albert Wu, UCLA