An interesting presentation at the TERENA TF-CSIRT meeting on how visited and home sites need to work together to resolve complaints about users of eduroam visitor networks. Stefan Winter is both an architect of eduroam and a member of RESTENA-CSIRT, so well placed to understand these issues.
Although the JRS and eduroam Policies both require home sites to deal with misuse by their users, a feature of the 802.1X protocol that is a benefit in normal use – that the identity of the visitor is kept private from the visited site – makes this slightly more complicated, as the visited site cannot simply tell the home site which user caused a problem. Instead the visited and home sites need to ensure their systems keep relevant logs and exchange the right information from these to allow the home site to identify the responsible user. The presentation describes each of the stages in this process as well as highlighting which information in the logfiles can be trusted and which can be forged by a malicious user.
