The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,


Tomasz already teased about OpenRoaming support for the CAT 2.1 release 
we have rolled out minutes ago.


So here is a slightly more elaborate description. Forgive me for not 
repeating everything inline and providing pointers to the background 
instead:

General info

===========

* OpenRoaming is a WPA-Enterprise based Wi-Fi roaming consortium, with 
its own governance under the umbrella of Wireless Broadband Alliance, on 
no specific SSID - it is based on Wi-Fi Certified Passpoint 
functionality for network discovery: https://wballiance.com/openroaming/

* OpenRoaming is not education specific, and not all hotspots are 
free-to-use. eduroam is a member of OpenRoaming to enable eduroam 
Identity Providers (and their users) to use the slice of OpenRoaming 
hotspots which *are* free-to-use, and which do *not* solicit personal 
information about the users from the IdPs. NROs should read our 
information page here: 
https://eduroam.org/openroaming-and-eduroam-useful-information-for-eduroam-national-roaming-operators-nros/ 
and concerned end users should read the information here: 
https://eduroam.org/eduroam-openroaming-end-user-information/

* Educational institutions with an interest in OpenRoaming are invited 
to use our OpenRoaming -> eduroam proxy and CAT configuration services 
which makes the sign-up easy (but not effort-free). They can of course 
also decide not to make use of our eduroam integration services and sign 
up to OpenRoaming with any other provider of OpenRoaming services. IdPs 
may want to read our information page here: 
https://eduroam.org/openroaming-and-eduroam-useful-information-for-eduroam-identity-providers-and-service-providers/

If you have read all this, and don't want to integrate with OpenRoaming, 
then you can stop reading here - all of the integrations we have in CAT 
2.1 are strictly opt-in, and if you do nothing, you will get only the 
"traditional" eduroam installers.

CAT and OpenRoaming

==============

Since you are still reading, here is what we can do for you in CAT.

NROs

--------

On first tenancy level: the NRO has the ability to decide whether the 
IdPs in their country or region should see the OpenRoaming functionality 
in CAT at all. Since this is opt-in, as an NRO you need to take action 
once to enable the feature. This is done by adding the checkbox 
"OpenRoaming: Enable organisation opt-in" in your NRO properties. The 
CAT manual for NROs has been updated to include this in some more 
detail, see 
https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+2.0+and+eduroam+Managed+IdP+for+National+Roaming+Operator+administrators#AguidetoeduroamCAT2.0andeduroamManagedIdPforNationalRoamingOperatoradministrators-NROProperties

IdPs

------

On the IdP tenancy level, OpenRoaming has to be turned on (there are 
four variants to choose from) and the realm checks can be used to verify 
that the required DNS settings for the IdP's realm are correct. Please 
see here for details: 
https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators#AguidetoeduroamCATforIdPadministrators-Optional:OpenRoamingsupport

End Users

--------------

These are of course our most important stakeholders - but they are also 
those who are least subjected to the complexities of OpenRoaming setup 
(just like it should be).

Depending on the choices their NRO and IdP made, they will get either 
one download button or two download buttons, and possibly a checkbox to 
tick for "I agree to the OpenRoaming Terms and Conditions". There is no 
specific documentation targeted at end users - all the resulting choices 
are explained in the IdP manual, as per the link above.


Final Words

=======

This is the first release with OpenRoaming support. There are some known 
limitations, be it in CAT code or device manufactorer capabilities, and 
there are only comparatively few OpenRoaming hotspots (you are, after 
all, spoiled by the vast outreach we have in eduroam), and not 
everything will work smoothly on day one. Please keep this in mind; e.g. 
you may want to set up a dedicated profile for testing out all those 
features before releasing it to your full main audience.

Please do not take the "tick the box" OpenRoaming Terms and Conditions 
lightly. OpenRoaming is an entirely different and independent roaming 
consortium; which merely happens to nicely overlap with eduroam 
Operations on a technical level. So, while we do our best to exploit the 
technical similarities to make integration easy for you if you so wish - 
primarily, it still is a conscious decision to make on non-technical 
level whether you want to integrate with OpenRoaming or not.


Greetings,


Stefan Winter


--
This email may contain information for limited distribution only, please 
treat accordingly.

Fondation Restena, Stefan WINTER
Chief Technology Officer
2, avenue de l'Université
L-4365 Esch-sur-Alzette