“Our campus isn't comfortable with an open ESSID without verifying the identity of the user, so that's the value of eduroam - identity.”
How exactly have you verified the identity of the user? Is it blind trust that other EDUs verify and manage identity in the same fashion that your campus does? A device that shows up with an account that grants access to eduroam is not verification of the person’s identity. There are EDUs out there that hand out free (and unverified or lightly verified) accounts to their local public, parents, guests, and so on with no questions asked. The person fills in a basic online form and they are granted an account with limited rights – typically including Library and WIFi access. How many of those accounts also work on eduroam? It could be interesting to look at the global eduroam data to see just how often accounts show up in multiple places simultaneously. Jeff From: "wireless-lan@listserv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Hunter Fuller <hf0...@uah.edu> Reply-To: "wireless-lan@listserv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Tuesday, August 15, 2017 at 7:54 AM To: "wireless-lan@listserv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] EAP-TLS Our campus isn't comfortable with an open ESSID without verifying the identity of the user, so that's the value of eduroam - identity. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.