Versions Compared

Old Version 30

changes.mady.by.user Stefan Winter

Saved on

compared with

New Version 31

changes.mady.by.user Stefan Paetow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Starting with version 2.1, the eduroam onboarding toolset (eduroam CAT and eduroam Managed IdP) integrates Passpoint network definitions in general, and OpenRoaming settings in particular, in its standard workflow. This version is currently available for testing on https://cat-test.eduroam.org with a stale copy of production data.

CAT eduroam Passpoint settings

CAT automatically injects network definitions based on the eduroam Roaming Consortium Organisation identifier (RCOI 00-1B-C5-04-60 with the Display Name "eduroam®") on all platforms where this is possible and does not create nuisances for end users.

CAT OpenRoaming settings

When their eduroam NRO has enabled the feature set in their country's tenancy (which they do by setting "OpenRoaming: Allow Organisation Opt-In" in their NRO settings), eduroam IdPs can easily have CAT create OpenRoaming enabled installers by adding a single attribute in the "Media-Specific" category. This will include the RCOIs 5A-03-BA-00-00 "OpenRoaming for All Identities, settlement-free, no personal data requested, baseline QoS") and 5A-03-BA-08-00 ("OpenRoaming for Educational or Research Identities, settlement-free, no personal data requested, baseline QoS") in the installers. The attribute is called "OpenRoaming" and can take one of four values:

ValueMeaning
Ask UserDuring download on the web interface, users will be actively asked whether they want to have OpenRoaming access included in their installer (on platforms where OpenRoaming installation is technically feasible). They are shown and need to acknowledge the OpenRoaming T&Cs before the download starts. Where not technically feasible, users will get a standard eduroam installer download and won't see the OpenRoaming T&Cs.
Ask User, T&Cs pre-agreedDuring download on the web interface, users will be actively asked whether they want to have OpenRoaming access included in their installer (on platforms where OpenRoaming installation is technically feasible). By selecting this value, the IdP asserts that their end users have already seen and accepted the OpenRoaming T&Cs; the download flow does not repeat this acknowledgement. Where not technically feasible, users will get a standard eduroam installer download and won't see the OpenRoaming T&Cs.
AlwaysInclude the OpenRoaming access details in all installers (where technically feasible). The users are shown and need to acknowledge the OpenRoaming T&Cs before the download starts. Where not technically feasible, users will get a standard eduroam installer download and won't see the OpenRoaming T&Cs.
Always, T&Cs pre-agreedInclude the OpenRoaming access details in all installers (where technically feasible). By selecting this value, the IdP asserts that their end users have already seen and accepted the OpenRoaming T&Cs; the download flow does not repeat this acknowledgement. Where not technically feasible, users will get a standard eduroam installer download and won't see the OpenRoaming T&Cs.



Device support

Windows before 10

...

eduroam Passpoint profiles and the optional OpenRoaming Passpoint profiles can be installed only with the new geteduroam app (i.e. not with the predecessor "eduroamCAT"). geteduroam has varying support for Passpoint profiles depending on the Android version and whether the IdP chose "Ask" vs. "Always" - the "Always" variant currently has better support across all supported Android versions; "Ask" support needs special IdP workarounds.

Intrinsic support for OpenRoaming exists on later (read, newer) devices and versions of Android. For example, recent Google Pixel devices (Pixel 5 and later) show "OpenRoaming" as a network when a HS2.0 hotspot is detected. You then have the choice to enable roaming to this network by choosing to use your Google account associated with your Android phone. Apps like 'Cisco Openroaming' also enable an account on the same network. CAT profiles installed with geteduroam will show "<realm name> via Passpoint" instead but do not associated with the "OpenRoaming" SSID. On some Samsung devices, you may see "OpenRoaming available using Samsung Account" instead, which will function in a similar fashion as the Google Pixel. 

Linux

TBD.

ChromeOS

TBD.

Infrastructure

...