TF-OpenSpace – Session 5, room yellow.   12 February 2014. 

Lead by:  Paul (SURFnet)


Notes: Brook Schofield


  1. ...



Paul introduced the problem:


Stefan: because we don’t distinguish between different classes of users in the research & education space then allowing anyone that an institution recognises as a guest/visitor is acceptable.

“Reasonable Measures” need to be satisfied in being able to identity the user in future if there is a breach of their account.

Setup is easy (or getting easier) but de-provisioning is problematic.

Less SSIDs is better for the network.

Tomasz: Has a conference network that is used to support visitors to the campus. 

Swamping rejects - how devices that had a temporary account can be made to be silent on the network once the "guest" period is over.

Tomasz: Promotion of eduroam and whether this is a negative promotion. If you can ALWAYS get a guest account - would you ever need to have it setup at your institution more generally.

The “pain” of captive portal is still (potentially) lower than the pain of an enrolment system for a temporary eduroam account.


Q: Would a system like this be valuable at the NREN level?

A: Yes.


Conference logistics is problematic so offering this at the NREN level would be good.


Q: Journal content and licencing?

A: If a site already has an issue and they do NOT allow library walk-in users - then the site is already aware of this and will have to mitigate this anyway by VLAN segregation (for example).


Apple now supports “Automatic Removal” for .mobileconfig profiles.


Q: What should be the deprovisioning timeframe?

A: Stefan will take this to the list.