Allow for a different SSID (starting with `eduroam-`)

[DimitriPapadopoulos]

Issue type

• [ ] Defect - Crash/memory corruption.
• [ ] Defect - Non-compliance with a standards document or incorrect OS API usage.
• [ ] Defect - Unexpected behaviour (obvious or has been verified by a project member).
• [X] New feature request.

Defect/Feature description

As far as I can see, the SSID eduroam is hard-wired in eduroamCAT. However, some organisations use different SSIDs for their eduroam networks, based on their interpretation of the eduroam Service Definition and Compliance Statement for operational reasons. For example, CEA use either eduroam-ng or eduroam for different classes of access points (sigh).

Would it be possible to add the option of setting up a connexion to an alternative SSID (starting with eduroam- if needed)?

[twoln]

It is possible to add additional SSIDs with any names as configuration options. Under Windows these will all go into a single profile, therefore the user will see them under this profile name. Still they should all work automatically. Observe that from the general eduroam user perspective these networks are useless as they are not configured in their devices, thus using eduroam in the SSID does not make much sense. eduroam service definition does allow that but one could argue that is it a mistake.

[DimitriPapadopoulos]

Practically, who needs to do what for me to be able, as an end-user, to connect to the Wi-Fi network with SSID eduroam-ng provided by CEA on its newer Wi-Fi access points? I don't see any configuration option in the Android geteduroam app on my phone.

[twoln]

The admin responsible for configuring the institution profile in CAT can add such SSIDs and this info will appear in the installers, it will be passed to geteduroam as well. The end user is not expected to do anything other than install eduroam as usual.

[DimitriPapadopoulos]

I don't understand how this can work. The organisation of the users is not the organisation that provides this awful eduroam-ng Wi-Fi network.

[twoln]

If you are aware that there is such a network and want your users to be able to connect to it, you can still configure it in your institution profile giving your users this extra connection option. Of course this can only work for networks that you are aware of, this is why I said that such SSIDs are a bad idea. I am pretty sure that eduroam Servide Definition only allows such SSIDs in cases where there are network overlaps from different institutions. If this situation does not occur they are not allowed.

[DimitriPapadopoulos]

Unfortunately, poorly written and misleading French "translations" of the eduroam policy are floating on www.eduroam.fr:

• Spécifications techniques

  SSID : eduroam. Exception possible : si vos locaux sont couverts par plusieurs infrastructures wifi différentes diffusant le réseau eduroam et que le chevauchement de ces réseaux crée des problèmes opérationnels, un SSID commencant par “eduroam-” peut être utilisé. Exemple : “eduroam-renater”. Si un autre SSID que eduroam est utilisé, les visiteurs doivent en être informés.

It says exceptions are allowed where different "infrastructures" (with the word "infrastructure" not being defined) co-exist.

Compare to the original documents in English that use the word "Service Provider" (SP) after giving a clear and precise definition of a Service Provider (An entity that operates an access network on which eduroam users are admitted to access Internet services once they are successfully authenticated by their IdP. SPs are in some regions also known as “Visited Institutions”.):

• eduroam Policy Service Definition, version 2.8 from July 2012

  Wireless NASs MUST deploy the SSID "eduroam" and MUST broadcast the SSID "eduroam", unless there is more than one eduroam SP at the same physical location and the signal overlap would create operational problems, in which case an SSID starting with "eduroam-" MAY be used.

• eduroam Compliance Statement, version 2

  B.2. eduroam SPs IEEE 802.11 wireless networks MUST broadcast the SSID "eduroam". If there is more than one eduroam SP at the same location, an SSID starting with "eduroam-" MAY be used.

I am unable to convince CEA IT that the eduroam-ng SSID is not compliant and is a bad idea any way. They keep believing having two SSIDs eduroam and eduroam-ng depending on the model/technology of the access points somehow results in a better experience for end-users, and use the above outrageous French "translation" to back that.

Visiting end-users are left with no means to easily set up eduroam on their computer/phone near the CEA newer access points that support only that eduroam-ng SSID. Would indeed their life be easier if I could at least convince CEA IT to advertise that their Wi-Fi networks use a mixture of eduroam and eduroam-ng?

[restena-sw]

"Visiting end-users are left with no means to easily set up eduroam on their computer/phone near the CEA newer access points that support only that eduroam-ng SSID. Would indeed their life be easier if I could at least convince CEA IT to advertise that their Wi-Fi networks use a mixture of eduroam and eduroam-ng?"

This institution is indeed providing a dis-service to visiting guests. Yes, of course it is the better approach to expose the standard SSID "eduroam" everywhere, so that visiting guests don't have to manually touch a configuration. The entire point of a roaming consortium is that roaming works without local hotspot-specific settings.

There is little to nothing we can (and should!) do to actually support this behaviour.