WBA Policy Updates:

  - WRIX Pack 3.4.0 released
    - Includes a lot of change requests over the last year

  - The use of Chargeable-User-Identity (CUI), Class
    - Required for IdPs in Settled (i.e. paid-for) accounting
    - Optional in Settlement-Free (i.e. eduroam + OR Settlement-Free)
      - Ideally, eduroam should lead by example
        - populate CUI by default
      - eduroam EU/UK proxies could do that if IdPs don't support CUI

  - Privacy in CUI
    - CUI in earlier iterations provided usernames, but for anonymous
      access, this is now defined for an anonymised ID
    - Similar to established eduroam norms: 
      Function: base64_encode(sha256(username/uuid + operatorname 
                              + secret key))

  - Operator-Name
    - 4<WBA ID>:<country code>
      - ALL CAPS, standard
      - Easily done in FR + Radiator
      - Example: 4EDUROAM:EU
    - 1<BASE64-encoded WBA ID>.wballiance.com
      - Case-sensitive, because BASE64
      - Meraki/ClearPass/NPS/ISE UI
      - Example: 1ZWR1cm9hbS5vcmc.wballiance.com

  - Publication of the WBA Openroaming map (hooray!)
    - Borrowed concept from eduroam Map
    - WBA officially releasing it during WBA WGC Dallas this week.

  - Push for TLSv1.3 in RadSec
    - TLSv1.2 is currently accepted as the minimum requirement