TF-OpenSpace – Session 5, room yellow. 12 February 2014.
Lead by: Paul (SURFnet)
Notes: Brook Schofield
Paul introduced the problem:
Stefan: because we don’t distinguish between different classes of users in the research & education space then allowing anyone that an institution recognises as a guest/visitor is acceptable.
“Reasonable Measures” need to be satisfied in being able to identity the user in future if there is a breach of their account.
Setup is easy (or getting easier) but de-provisioning is problematic.
Less SSIDs is better for the network.
Tomasz: Has a conference network that is used to support visitors to the campus.
Swamping rejects - how devices that had a temporary account can be made to be silent on the network once the "guest" period is over.
Tomasz: Promotion of eduroam and whether this is a negative promotion. If you can ALWAYS get a guest account - would you ever need to have it setup at your institution more generally.
The “pain” of captive portal is still (potentially) lower than the pain of an enrolment system for a temporary eduroam account.
Q: Would a system like this be valuable at the NREN level?
Conference logistics is problematic so offering this at the NREN level would be good.
Q: Journal content and licencing?
A: If a site already has an issue and they do NOT allow library walk-in users - then the site is already aware of this and will have to mitigate this anyway by VLAN segregation (for example).
Apple now supports “Automatic Removal” for .mobileconfig profiles.
Q: What should be the deprovisioning timeframe?
A: Stefan will take this to the list.