Error!

Spaces has been migrated to the cloud. Please go to https://ucla-confluence.atlassian.net to update your space/s.

IT Services has migrated the content of spaces.ais.ucla.edu to Atlassian Confluence Cloud. Please visit https://ucla-confluence.atlassian.net to update your space/s. Spaces.ais.ucla.edu is now in read-only mode through July 31st, 2024
Child pages
  • UCTrust Wireless Approach after the Eduroam-US Announcement

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

DRAFT - UCTrust Wireless Approach after Eduroam-US Announcement - DRAFT

In July of 2010, Eduroameduroam-US was announced.  As a result the UCTrust Wireless group has been reevaluating it's original strategy, as outlined in UCTrust Wireless Approach Discussed by the CPG. This document describes an alternative proposed strategy for review by the UCTrust Work Group and the Communications Planning Group.

...

When the UCTrust Wireless project started, Eduroameduroam-US did was not existwidely deployed, and our strategy was "... that federating our web portals with Shibboleth is the best first step.  We will track eduRoam progress in the US and plan to federate access to our encrypted networks when it seems appropriate to do so."  We did this, as it seemed the most effect way to make quick progress toward federating UC's wireless guest networks.

While there are issues associated with adopting Eduroameduroam-US as it is today, we now propose that our first step toward that goal be Eduroamto join eduroam-US, with the , start using its services, and work within it to resolve the issues. The originally-planned federated captive portal as will be the strategy for situations where the risks are too great, or where 802.1x is not a feasible technically, or where the operational impacts of eduroam-US are too great. The captive portals are likely to take longer to implement, however, as Eduroameduroam-US is a relatively fast implementation for many campuses.

Issues Associated with

...

Federated Guest Wireless Access

The group has identified the following issues with Eduroam-US.  UC campuses that join Eduroam-US will work to resolve these issues within the Eduroam-US structure.associated with the management of a federated guest wireless service.

  • Host institutions require information Eduroam-US provides only minimal information to host institutions about their guests.  This will make communicating information is used to communicate with guests difficult or impossible in the following situations:
    • A security vulnerability is suspected on a guest's computer.
    • A copyright infringement notice is received for a guest.
    • A security investigation involves a guest.
  • The 802.1x technology utilized by Eduroam-US does not support presentation of a host's Host institutions need to present local information, such as its network policy, to guests.
  • Eduroam-US does not yet have a formal set of policies governing A wireless guess access federation needs policies to govern operational issues and other interactions among its members.

These issues that are not currently well-addressed by eduroam-US, and campuses joining eduroam-US now will need to accommodate. These are, however, issues for any federated guest wireless service, and will need to be addressed in the implementation of the "federated captive portal" strategy.