Hi Neil,
Not knowing how the US eduroam policy is set up I guess not due to the fact that eduroam is use by people and not machines. ;) In Sweden we decided not to allow eduroam authentication using machine certificates unless those certificate includes user id so that we can tie the certificate to a user as we do with EAP-TLS using user certificates. If I remember it correctly this was also discussed on the European level and rejected for the same reason. I see issues if we start having non personal devices roaming around the world with no person responsible. But then on the other side if a clear and easy definition on who owns what machine certificate is produced within the institution Ill guess it would work. Cheers Anders Nilsson University of Umeå SUNET Sweden PS What you do locally at your home University is of course your own business but those devices will only work back home for you. ;) Från: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] För Johnson, Neil M Skickat: den 2 april 2013 18:19 Till: [email protected] Ämne: [WIRELESS-LAN] eduroam and machine authentication We are getting requests to do windows machine authentication on our eduroam SSID (just for local machines). Is there anyone else out there doing this ? Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: [email protected] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
