share 802.1x experience?
Hey folks. Anyone care to share experience in rolling out 802.1x? We're looking only at wireless just now. Support issues or user experience would be particularly helpful. And did anyone attempt to run 802.1x on a previously existing SSID? Thanks, -kay- Kay Sandacz, Assistant Director Data Networking, IT Services The University of Chicago ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
What is 802.1x
We just published a column under this heading if anyone is interested, per Kay's question about 802.1x: http://www.networkworld.com/research/2002/0506whatisit.html Regards, __ B O B B R O W N Online Executive Editor, News T: 508.766.5418 NETWORKWORLD Maximize Your Return on IT 492 Old Connecticut Path | Framingham, MA 01701-9002 __ NetworkWorld.comhttp://www.networkworld.com/ | Alpha Doggs Network Research Bloghttp://www.networkworld.com/community/?q=alphadoggs | Twitter profilehttp://twitter.com/alphadoggs | LinkedIn profilehttp://www.linkedin.com/in/bobbrownboston | Digg profilehttp://digg.com/users/alphadoggs | Facebook Fan Pagehttp://www.facebook.com/pages/Bob-BrownAlpha-DoggsNetwork-World/135543693152630?ref=ts | Wireless Mobile Tech Centerhttp://www.networkworld.com/topics/wireless.html | Conferences and Eventshttp://www.networkworld.com/events/ | Smartphone Smackdown newsletterhttp://shar.es/aIMNL ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: share 802.1x experience?
Hi Kay I don't know whether you are aware of 'eduroam' (http://www.eduroamus.org/eduroam_international_map), which is a shared authentication infrastructure in Higher Education? We used the introduction of the 'eduroam' SSID onto campus here in Leeds as a method of introducing 802.1x onto our Cisco WiSM architecture. I'll be quite happy to share information if you have Cisco kit. Thanks Bryn Bryn Jones ISS Network Development Rm 8.01e Computing Block EC Stoner Building University of Leeds LS2 9JT 0113 343 7055 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Kay Sandacz Sent: 19 August 2010 13:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] share 802.1x experience? Hey folks. Anyone care to share experience in rolling out 802.1x? We're looking only at wireless just now. Support issues or user experience would be particularly helpful. And did anyone attempt to run 802.1x on a previously existing SSID? Thanks, -kay- Kay Sandacz, Assistant Director Data Networking, IT Services The University of Chicago ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: share 802.1x experience?
Hey Bryn, We're planning on deploying eduroam three days after the 802.1x rollout. Nonetheless, we have communications to prepare for the 802.1x rollout, so I'm looking for end user experience, things that could have been done better, things that worked in that scenario right now. And yes, we're Cisco throughout. Thanks, -kay- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Bryn Jones Sent: Thursday, August 19, 2010 8:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] share 802.1x experience? Hi Kay I don't know whether you are aware of 'eduroam' (http://www.eduroamus.org/eduroam_international_map), which is a shared authentication infrastructure in Higher Education? We used the introduction of the 'eduroam' SSID onto campus here in Leeds as a method of introducing 802.1x onto our Cisco WiSM architecture. I'll be quite happy to share information if you have Cisco kit. Thanks Bryn Bryn Jones ISS Network Development Rm 8.01e Computing Block EC Stoner Building University of Leeds LS2 9JT 0113 343 7055 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Kay Sandacz Sent: 19 August 2010 13:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] share 802.1x experience? Hey folks. Anyone care to share experience in rolling out 802.1x? We're looking only at wireless just now. Support issues or user experience would be particularly helpful. And did anyone attempt to run 802.1x on a previously existing SSID? Thanks, -kay- Kay Sandacz, Assistant Director Data Networking, IT Services The University of Chicago ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless for Exams
Neil, We have a couple of professors that are spearheading a move towards using wireless for exams. We have added additional capacity to several classrooms to facilitate this endeavor. The professors have said this has been largely successful. In a class of ~250-300 students, the students are given 5 module competency exams as well as the final exam using 'Carmen' (our implementation of Desire2Learn) as well as the Respondus lock-down browser plus password protection. They have found that 85-90% of students have a functional laptop on which to take the exam. For those without a laptop or if their laptop battery is drained, they have a backup location staffed with a teaching assistant and approximately 20 computers. I agree with Chuck Enfield at PSU in that this usage of wireless is coming and we, as wlan professionals, should prepare ourselves for this. Students expect mobility, and as such, wireless networking. Wireless solutions (we use Aruba) are capable enough to provide sufficient performance and resiliency on wireless. Anything that has previously been done with wired networks are going to need to be supported on wireless. Technology in the classroom is becoming more and more prevalent, and we cannot simply ignore or refuse the need to support such uses of wireless LANs. If we are fearful that the wireless network cannot handle the load or cannot be relied upon, then perhaps we need to approach these as problems to solve and not problems to accept. Is our job more difficult? Yes. Is it more exciting? Yes. == Ryan Holland Network Engineer, Wireless Office of the Chief Information Officer The Ohio State University 614-292-9906 holland@osu.edu On Aug 18, 2010, at 12:54 PM, Johnson, Neil M wrote: We are getting inquiries concerning the use of the wireless network for computer based exams in large lecture halls. Although we provide coverage in most of our lecture halls, our current policy states that given the unlicensed nature of 802.11 spectrum we can’t guarantee network availability and performance and therefore don’t recommend using the wireless network for this type of testing. I was wondering how other institutions approach this. Thanks. -Neil -- Neil Johnson Network Engineer Information Technology Services The University of Iowa Work: 319 384-0938 Mobile: 319 540-2081 Fax: 319 355-2618 E-mail: neil-john...@uiowa.edu Spam Not spam Forget previous vote ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] share 802.1x experience?
Kay Sandacz wrote: Hey folks. Anyone care to share experience in rolling out 802.1x? We’re looking only at wireless just now. Support issues or user experience would be particularly helpful. And did anyone attempt to run 802.1x on a previously existing SSID? We're actually rolling out 802.1x right now - I just brought two more buildings into the fold this morning. Rather than using a previous SSID, the new AP configuration includes three SSIDs - the legacy one, the new WPA2-enabled one, and a new guest network. That way, the transition should be essentially transparent to users, as their old configuration will continue to work on the legacy network. With Cisco autonomous APs, each SSID is assigned a different VLAN, so the access layer switches need to be set up properly for trunking, etc. It's a bigger project than it seems like to people unfamiliar with the details. (This isn't that complicated. Setting up WPA is just a checkbox on my Linksys router at home! :) ) --Matt -- Matt Gracie (716) 888-8378 Information Security Administrator grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] share 802.1x experience?
Kay, Just a few heads up: -Definitely do WPA2 -The choice of EAP method is important. EAP-PEAP with AD as the backend makes life easier, though you can create a SAMBA front end to LDAP if you want (there is documentation on eduroamus.org) -The choice of the CA seems to matter in how smooth the roll out goes (Verisign works well), self signed certificates can be a pain. -If you decide to support EAP-TTLS, people on this list have been very please with XpressConnect to facilitate the deployment of supplicants for Windows -Educate the community (documentation etc...) on how important the certificate verification is. Man In the Middle with 802.1x over Wireless is not that hard! -Be aware that the RADIUS admin will be able to read clear text passwords going to your authentication backend if you use PAP instead of M -802.1x authenticates users at layer two, you still need to deal with IP management (NetReg etc...) -Look into mechanisms to be able to disconnect a user (802.1x doesn't have a built-in mechanism, you Wireless LAN vendor will provide this function. e.g. Blacklisting) -For eduroam, be aware that the outer identity is essential, include this in your documentation (e.g. make you users type their full identifier from day one; use...@realm). Most supplicants (Mac OSX supplicant, Windows supplicant) will set the outer identity automatically from the userid. -On the eduroam side again: you choice of RADIUS is important (Some versions of RADIUS do not support proxying, e.g: Steel Belted RADIUS if it's not the Global Enterprise edition). -The eduroamus.org site has documentation for FreeRADIUS, RADIATOR, Microsoft NPS, Juniper SBR (Same as Steel Belted) Feel free to contact the eduroamus.org team even for 802.1x questions, Best, Philippe Hanset University of Tennessee eduroamus.org On Aug 19, 2010, at 9:21 AM, Kay Sandacz wrote: Hey Bryn, We’re planning on deploying eduroam three days after the 802.1x rollout. Nonetheless, we have communications to prepare for the 802.1x rollout, so I’m looking for end user experience, things that could have been done better, things that worked in that scenario right now. And yes, we’re Cisco throughout. Thanks, -kay- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Bryn Jones Sent: Thursday, August 19, 2010 8:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] share 802.1x experience? Hi Kay I don’t know whether you are aware of ‘eduroam’ (http://www.eduroamus.org/eduroam_international_map), which is a shared authentication infrastructure in Higher Education? We used the introduction of the ‘eduroam’ SSID onto campus here in Leeds as a method of introducing 802.1x onto our Cisco WiSM architecture. I’ll be quite happy to share information if you have Cisco kit. Thanks Bryn Bryn Jones ISS Network Development Rm 8.01e Computing Block EC Stoner Building University of Leeds LS2 9JT 0113 343 7055 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Kay Sandacz Sent: 19 August 2010 13:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] share 802.1x experience? Hey folks. Anyone care to share experience in rolling out 802.1x? We’re looking only at wireless just now. Support issues or user experience would be particularly helpful. And did anyone attempt to run 802.1x on a previously existing SSID? Thanks, -kay- Kay Sandacz, Assistant Director Data Networking, IT Services The University of Chicago ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] share 802.1x experience? (Eduroam Question)
Phillipe- Good summary. On the topic of Eduroam- any sense of real demand and usage for the service? Thanks- Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Philippe Hanset Sent: Thursday, August 19, 2010 12:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] share 802.1x experience? Kay, Just a few heads up: -Definitely do WPA2 -The choice of EAP method is important. EAP-PEAP with AD as the backend makes life easier, though you can create a SAMBA front end to LDAP if you want (there is documentation on eduroamus.orghttp://eduroamus.org) -The choice of the CA seems to matter in how smooth the roll out goes (Verisign works well), self signed certificates can be a pain. -If you decide to support EAP-TTLS, people on this list have been very please with XpressConnect to facilitate the deployment of supplicants for Windows -Educate the community (documentation etc...) on how important the certificate verification is. Man In the Middle with 802.1x over Wireless is not that hard! -Be aware that the RADIUS admin will be able to read clear text passwords going to your authentication backend if you use PAP instead of M -802.1x authenticates users at layer two, you still need to deal with IP management (NetReg etc...) -Look into mechanisms to be able to disconnect a user (802.1x doesn't have a built-in mechanism, you Wireless LAN vendor will provide this function. e.g. Blacklisting) -For eduroam, be aware that the outer identity is essential, include this in your documentation (e.g. make you users type their full identifier from day one; use...@realm). Most supplicants (Mac OSX supplicant, Windows supplicant) will set the outer identity automatically from the userid. -On the eduroam side again: you choice of RADIUS is important (Some versions of RADIUS do not support proxying, e.g: Steel Belted RADIUS if it's not the Global Enterprise edition). -The eduroamus.orghttp://eduroamus.org site has documentation for FreeRADIUS, RADIATOR, Microsoft NPS, Juniper SBR (Same as Steel Belted) Feel free to contact the eduroamus.orghttp://eduroamus.org team even for 802.1x questions, Best, Philippe Hanset University of Tennessee eduroamus.orghttp://eduroamus.org On Aug 19, 2010, at 9:21 AM, Kay Sandacz wrote: Hey Bryn, We're planning on deploying eduroam three days after the 802.1x rollout. Nonetheless, we have communications to prepare for the 802.1x rollout, so I'm looking for end user experience, things that could have been done better, things that worked in that scenario right now. And yes, we're Cisco throughout. Thanks, -kay- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Bryn Jones Sent: Thursday, August 19, 2010 8:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] share 802.1x experience? Hi Kay I don't know whether you are aware of 'eduroam' (http://www.eduroamus.org/eduroam_international_map), which is a shared authentication infrastructure in Higher Education? We used the introduction of the 'eduroam' SSID onto campus here in Leeds as a method of introducing 802.1x onto our Cisco WiSM architecture. I'll be quite happy to share information if you have Cisco kit. Thanks Bryn Bryn Jones ISS Network Development Rm 8.01e Computing Block EC Stoner Building University of Leeds LS2 9JT 0113 343 7055 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Kay Sandacz Sent: 19 August 2010 13:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] share 802.1x experience? Hey folks. Anyone care to share experience in rolling out 802.1x? We're looking only at wireless just now. Support issues or user experience would be particularly helpful. And did anyone attempt to run 802.1x on a previously existing SSID? Thanks, -kay- Kay Sandacz, Assistant Director Data Networking, IT Services The University of Chicago ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] share 802.1X experience? (Eduroam Question)
Lee, Since the installed base is not big in the US (15 institutions), it's hard to gauge a real demand/usage. I can give number like thousands of authentications but in term of unique users it is not more than 20-30 per week. We did provide eduroam at the last Internet2 member meeting and got 50+ users to join out of 700 participants. No bad for a first time, and no helpdesk call at all (all done with Cisco FAT APs). The highest traffic that we see for the US federation is between LSU and LSU Health. In that particular case eduroam is an attractive way of connecting two different 802.1X domains. As a side note, I wish all our incoming students new about eduroam! Yesterday, first day of class, our visitor network was down due to lack of IP addresses. Most of our incoming students for some strange reason had decided to join the visitor network and the 1000 or so IP addresses were not enough to respond to the demand. With 802.1X (and in this case the eduroam SSID), you don't get an IP address until you really mean to connect! Maybe we need to rename our visitor SSID donotconnect instead of ut-visitor ;-) Philippe On Aug 19, 2010, at 12:45 PM, Lee H Badman wrote: Phillipe- Good summary. On the topic of Eduroam- any sense of real demand and usage for the service? Thanks- Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Philippe Hanset Sent: Thursday, August 19, 2010 12:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] share 802.1x experience? Kay, Just a few heads up: -Definitely do WPA2 -The choice of EAP method is important. EAP-PEAP with AD as the backend makes life easier, though you can create a SAMBA front end to LDAP if you want (there is documentation on eduroamus.org) -The choice of the CA seems to matter in how smooth the roll out goes (Verisign works well), self signed certificates can be a pain. -If you decide to support EAP-TTLS, people on this list have been very please with XpressConnect to facilitate the deployment of supplicants for Windows -Educate the community (documentation etc...) on how important the certificate verification is. Man In the Middle with 802.1x over Wireless is not that hard! -Be aware that the RADIUS admin will be able to read clear text passwords going to your authentication backend if you use PAP instead of M -802.1x authenticates users at layer two, you still need to deal with IP management (NetReg etc...) -Look into mechanisms to be able to disconnect a user (802.1x doesn't have a built-in mechanism, you Wireless LAN vendor will provide this function. e.g. Blacklisting) -For eduroam, be aware that the outer identity is essential, include this in your documentation (e.g. make you users type their full identifier from day one; use...@realm). Most supplicants (Mac OSX supplicant, Windows supplicant) will set the outer identity automatically from the userid. -On the eduroam side again: you choice of RADIUS is important (Some versions of RADIUS do not support proxying, e.g: Steel Belted RADIUS if it's not the Global Enterprise edition). -The eduroamus.org site has documentation for FreeRADIUS, RADIATOR, Microsoft NPS, Juniper SBR (Same as Steel Belted) Feel free to contact the eduroamus.org team even for 802.1x questions, Best, Philippe Hanset University of Tennessee eduroamus.org On Aug 19, 2010, at 9:21 AM, Kay Sandacz wrote: Hey Bryn, We’re planning on deploying eduroam three days after the 802.1x rollout. Nonetheless, we have communications to prepare for the 802.1x rollout, so I’m looking for end user experience, things that could have been done better, things that worked in that scenario right now. And yes, we’re Cisco throughout. Thanks, -kay- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Bryn Jones Sent: Thursday, August 19, 2010 8:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] share 802.1x experience? Hi Kay I don’t know whether you are aware of ‘eduroam’ (http://www.eduroamus.org/eduroam_international_map), which is a shared authentication infrastructure in Higher Education? We used the introduction of the ‘eduroam’ SSID onto campus here in Leeds as a method of introducing 802.1x onto our Cisco WiSM architecture. I’ll be quite happy to share information if you have Cisco kit. Thanks Bryn Bryn Jones ISS Network Development Rm 8.01e Computing Block EC Stoner Building University of Leeds LS2 9JT 0113 343 7055 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Kay Sandacz Sent: 19 August 2010 13:56 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] share 802.1x experience?
Re: [WIRELESS-LAN] share 802.1x experience? (Eduroam Question)
On 19/08/2010 17:45, Lee H Badman wrote: Phillipe- Good summary. On the topic of Eduroam- any sense of real demand and usage for the service? Thanks- Lee Hi Lee, We are in the UK, but some stats for you: 1) People visiting Bristol in the last month is on the diagram here: http://www.wireless.bris.ac.uk/getconnected/services/eduroam/eduroam-visitors-advice/ 2) Stefan at Restena has put together a prototype system that shows daily usage between a selection of European countries: http://ticker.eduroam.lu/daily.php {So far today: a total of 3251 devices visiting another organisation within their own country, and 379 devices roaming outside their home country.} -James -- James J J Hooper Network Specialist Information Services University of Bristol http://www.wireless.bristol.ac.uk/eduroam -- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] share 802.1x experience?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Randy, On 19/08/2010 15:04, Randall C Grimshaw wrote: But now you need a supplicant piece of software on the client to create the tunnel. Microsoft includes one if you choose their AD backend as the ultimate source of authentication. Just a minor point, but the way this is worded implies (perhaps unintentionally!) that Microsoft AD is somehow required in order to support MS Windows client devices on an 802.1X system. This is certainly not the case - we use FreeRADIUS ourselves but as noted in Phillipe's post many backend RADIUS products will do the job. regards, oliver. - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxtsH0ACgkQ2NPq7pwWBt7rFwCgx7mIxThuZgzrDox/7WfDcYdp VqMAoOguc5n/8o5ofYA3eb5SlcT0+Iwx =pJKv -END PGP SIGNATURE- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] share 802.1x experience? (Eduroam Question)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/08/2010 17:45, Lee H Badman wrote: Good summary. On the topic of Eduroam- any sense of real demand and usage for the service? As a partial answer... we now use Eduroam (and hence 802.1X) as the primary service for members of our institution, with a backup service leveraging VPN for those few not able to get .1X working. So that means we have several hundred concurrent connections every day from local users, and a good number of roaming (visiting) users from other institutions. Some sites combine this with RADIUS based VLAN assignment so local users get more privileged access to the network when at home, but are able to use the same SSID/config when at home or away. HTH, - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxtsa4ACgkQ2NPq7pwWBt4IyQCdHZcUQIfywNwZZllWbKFpR7h6 jeAAn2clhvLBUczO9PViyQUgaK3aIFPD =AfZA -END PGP SIGNATURE- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.