Comparison of Alternative Federated Wireless Authentication Strategies
This page provides pros and cons for the three federated wireless authentication strategies discussed in UCTrust Wireless Notes - 2010-07-26.
|
eduroam |
ucroam |
UCTrust Wireless |
---|---|---|---|
Contact information |
Eduroam does not provide contact information to the hosting campus. This causes problems in the event of infringement notices, legal investigations, and or vulnerabilities detected in guests' computers. |
ucroam could be built to support sending contact information. This could cause problems for future interoperability with Europe, because of their privacy laws. |
UCTrust Wireless could be built to support sending contact information. This would not cause interoperability problems with Europe, as Shibboleth can obtain end-user permission to release contact information. |
Campus readiness |
UCD will likely join eduroam, as will UCLA. UCB and UCR do not currently support 802.1x, a prerequisite for eduroam. |
UCD and UCLA should be able to join without much effort. UCB and UCR do not currently support 802.1x, a prerequisite for ucroam. |
UCLA has integrated Shibboleth into its captive portal but would need to add attributes for contact information. Other campuses would need to integrate Shibboleth and the contact attributes. |
Automatic presentation of host campus policy, etc. |
The 802.1x technology used by eduroam precludes automatic presentation of policy and other information about the host campus. |
The 802.1x technology that would be used by ucroam precludes automatic presentation of policy and other information about the host campus. |
The "captive portal" technology that would be used by UCTrust Wireless would allow host campuses to present arbitrary information at login time. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|