The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Zenon Mousmoulas <zmousm AT noc.grnet.gr>]

Hi Tomasz,

On 2016-04-05 13:52, Tomasz Wolniewicz wrote:
> W dniu 2016-04-05 o 11:59, Zenon Mousmoulas pisze:
> > brief answers to your questions:
> >
> > I see your point about inner identity. Making this configurable as an
> > on/off option next to anonymity support (general profile properties)
> > would be OK. I wouldn't even care if it defaults to enabled, as long
> > as the option is there. It would be fine to just suggest (in a label
> > next to the actual text input) something like
> > username@realm-configured-on-profile. No pre-fill or enforcement, I
> > believe we can revisit this later if necessary.
> I wonder if people are aware that in CAT itself you can set additional
> hints which are displayed in the GUI  before the download is started.
> For NCU this hint says "For eduroam use the same username and password
> as for USOS"  (USOS is our study support system).
> Perhaps, if people used this more then the problem would go away?

Yes, but that option is "hidden" under device-specific or 
eap-type-specific options. You also need to set it per language. And 
this comes at a different point in time, not when the user is prompted 
to enter their username. Which prompts for a different question: Do the 
android app users get to see this text when they pick a profile from 
within the helper app?

In any case, I am not a UX person, so if this is how/when you think 
users should get prompted, I wouldn't object to that either. I 
understand that is a more flexible option, but it still feels different 
from the sort of hint we are discussing.

> > As for realms: On the CAT profile an exact (not a suffix nor a
> > wildcard) realm is configured so far, as that is used for
> > reach-ability checks (the only visible use AFAIK). If the semantics
> > were to change, I would prefer itif CAT would support a list of realms
> > associated with a profile, as I think we are trying to do away with
> > suffixes and wildcards in general (in an eduroam db context). In such
> > a case the label/descriptive text should say something like @<realm>
> > where <realm> can be one of: ...
> The realm is used to set the outer identity for methods that use one.
> If you do not set the realm then the anonymous identity option is not
> available. Thus is the *main* use of the realm, reachability tests are
> just an ad-on utility.  This is why we cannot have a list of realms or
> wildcards there. If I correctly understand your need for lists or
> wildcards this would be for sanity testing of user input, I would
> consider this to be an overkill. For sanity testing I would for suffix
> testing only based on the current realm setting, with an option to turn
> this all altogether.

You are right, I totally missed that. The last proposal about sanity 
checking sounds good as well.