Eric, The eduroam team (www.eduroam.us<http://www.eduroam.us>) is developing a system to help with visitors that do not have eduroam credentials, using the security and power of 802.1X. Which can address your question... Why register everywhere you go?
We have tried to approach owners of hotspots (e.g coffee shop etc...) to try to have them carry the eduroam SSID. Very few of them were interested because eduroam doesn't cover many of their users (read: the interest decreases exponentially as the distance from the campus increases). So, we came up with ANYROAM credentials (roaming credentials for visitors), and we are trying to convince Hotspots to carry ANYROAM and eduroam at the same time (we are doing a pilot in Knoxville, TN). The principle is simple: Use your social credentials (or create your own) to load an EAP-TLS certificate that will be valid: 1) At every ANYROAM hotspot (no geographical limit) 2) At schools that have eduroam and decide to also accept ANYROAM credentials. We plan to reinforce the Social Credentials with a Micro-Payment by credit card to link both identifiers. (or a school can get a "bag" of ANYROAM tokens for visitors that they want to sponsor directly) This system has many advantage: -ANYROAM and eduroam are completely complementary -It enables campuses to use ANYROAM credentials to welcome visitors (and that can be done on the existing eduroam SSID!!) -One Quick and secure provisioning of visitors (one EAP-TLS cert can work at thousands of locations) -It could greatly increase the adoption of eduroam beyond the campus -Handling visitors with 802.1X gives the campus (or the HotSpot) a lot of controls (or contact us if it's out of control) -Users join instantly without having to discover SSIDs or registration methods -The eduroam generation will be able to enjoy a system they know after they graduate (or you can give ANYROAM credentials to alumni) -Ready for HotSpot2.0! We will see how our first pilot develops in Knoxville... Our intention is to create roaming ecosystems around campuses to benefit both communities: non-edu and edu. Philippe p.s. CloudPath Networks is providing the Enrollment System for EAP-TLS certs Philippe Hanset www.eduroam.us<http://www.eduroam.us> On Mar 3, 2014, at 12:30 PM, Eric Wohlford <[email protected]<mailto:[email protected]>> wrote: Hello All, First let me apologize if similar postings have been made I could not find any with these questions in the archives. We have been asked to look into Self-Provisioning of Guest Accounts, and we are not all that sure where to start. Most of the solutions I have seen are tied to the Wireless Vendors. Currently we are using Ruckus Wireless and it’s built in Guest Access for this which is a sponsor based system. It’s actually a very simple system. Our Questions: 1. If you use a self-provision system whom is your vendor, or is it homegrown? 2. What are your Security Concerns, and are you a Sponsor Based system or a Self-Provisioning system? 3. What is your staff to user ratio? Thank you, My Pleasure to Serve, Eric R. Wohlford, MBA MCDST, MCP, A+, Network+ _______________________________ Manager of Network Services Bluefield College 3000 College Drive Bluefield, VA Office – 276.326.4278 Fax – 276.326.4288 www.bluefield.edu<x-msg://89/www.bluefield.edu> <image001.gif> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
