Institutions can participate in eduroam as:
- Identity providers (IdP): authenticating their users accessing eduroam services at their own institution or at visited institutions.
- Service providers (SP): supplying network services to eduroam users.
Institutes typically participate in eduroam to provide network access, and to authenticate their users accessing eduroam services there or at other institutions.
Typical eduroam installation
An eduroam installation generally has:
- Wi-Fi access points broadcasting an eduroam SSID.
- User authentication passed to each user’s home institution.
- Internet access available to all authenticated eduroam users.
- A RADIUS server providing authentication services for the institution’s users, and for forwarding authentication requests to users’ home institutions.
Your eduroam installation doesn’t have to look exactly like this. For example, users can access your network using wired access points only, or get access to part of your institution’s intranet instead of or in addition to internet access.
How users use eduroam
People use eduroam network services to access internet and intranet sites when they’re at an educational or research institution.
For users, the eduroam network provides a consistent, reliable level of quality and security. It also improves and eases multi-institute collaboration.
Additional participants in eduroam
Some organisations participate in eduroam solely as service providers. These organisations are typically outside of the educational and research sector, but are still closely tied to these fields. Such organisations include:
- Libraries
- Airports
- Hospitals
- Museums.
Responsibilities to users
Technical support
Responsibility for first line technical support for its users lies with the identity provider.
Service providers are expected to offer technical support for people using its eduroam services.
Behaviour monitoring
Identity providers are responsible for the behaviour of the users they authenticate.
Identity providers must take appropriate action if a Service Provider reports an incident of abuse of its acceptable use policy.
Acceptable User Policy
An Acceptable User Policy (AUP) for eduroam users must be easily available and findable on your institution’s website. Any breaches must be enforced and responded to appropriately.
Logging
Identity Providers must log authentication data and ensure these records are accessible for auditing or investigations if needed.
Service Providers are required to log authentication events from visiting users.
Costs
Internet access for guests must be managed and any associated costs are covered by the providers.
Service Providers must not charge users to connect to eduroam.
Privacy and governance
All participating institutions must comply with both the national eduroam AU policy and the global eduroam policy. Policy updates are coordinated by AARNet in consultation with CAUDIT, with appropriate notice given before changes take effect.
Failure to comply with these policies may result in warnings or immediate suspension of service, depending on the nature and severity of the issue.
Responsibilities to eduroam
See Set up an eduroam network for a list of provider responsibilities to eduroam.