eduroam (''edu''cation ''roam''ing) is an international
Wi-Fi
Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio wave ...
internet access
Internet access is the ability of individuals and organizations to connect to the Internet using computer terminals, computers, and other devices; and to access services such as email and the World Wide Web. Internet access is sold by Internet ...
roaming
Roaming is a wireless telecommunication term typically used with mobile devices, such as mobile phones. It refers to a mobile phone being used outside the range of its native network and connecting to another available cell network.
Technical ...
service for users in research,
higher education
Higher education is tertiary education leading to award of an academic degree. Higher education, also called post-secondary education, third-level or tertiary education, is an optional final stage of formal learning that occurs after completi ...
and
further education
Further education (often abbreviated FE) in the United Kingdom and Ireland is education in addition to that received at secondary school, that is distinct from the higher education (HE) offered in universities and other academic institutions. I ...
. It provides researchers, teachers, and students network access when visiting an institution other than their own. Users are authenticated with credentials from their home institution, regardless of the location of the eduroam access point. Authorization to access the Internet and other resources are handled by the visited institution. Users do not have to pay to use eduroam.
The service is provided at the local level by the participating institutions (universities, colleges, research institutes etc.).
In some countries, Internet access via eduroam is also available at other locations than the participating institutions, e.g. in libraries, public buildings, railway stations, city centres and airports.
In Belgium,
Belnet
Belnet (the Belgian National research and education network) is a Belgian internet provider for educational institutions, research centres, scientific institutes and government services. Since 1993, BELNET provides web services to higher educati ...
uses the eduroam technology to provide a similar service to Belgian public administrations under the name ''govroam''. A govroam service for municipalities in the Netherlands was launched in October 2013. A govroam service launched by
Jisc
Jisc is a United Kingdom not-for-profit company that provides network and IT services and digital resources in support of further and higher education institutions and research as well as not-for-profits and the public sector.
History
T ...
followed in the UK in November 2016.
History
The eduroam initiative started in 2002 when during the preparations for the creation of
TERENA
The Trans-European Research and Education Networking Association (TERENA, ) was a not-for-profit association of European national research and education networks (NRENs) incorporated in Amsterdam, The Netherlands. The association was originally f ...
's task force TF-Mobility, Klaas Wierenga of
SURFnet
SURF is an organization that develops, implements and maintains the national research and education network (NREN) of the Netherlands, It operates the national research network formally called SURFnet.
SURF as a network is a backbone computer netw ...
shared the idea of combining a
RADIUS
In classical geometry, a radius ( : radii) of a circle or sphere is any of the line segments from its center to its perimeter, and in more modern usage, it is also their length. The name comes from the latin ''radius'', meaning ray but also the ...
-based infrastructure with
IEEE 802.1X
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
IEEE 802.1X defines t ...
technology to provide roaming network access across research and education networks. Initially the service was joined by institutions in the Netherlands, Germany, Finland, Portugal, Croatia and the United Kingdom. Later, other NRENs in Europe embraced the idea and started joining the infrastructure, which was then called eduroam. Since 2004, the
European Union
The European Union (EU) is a supranational political and economic union of member states that are located primarily in Europe. The union has a total area of and an estimated total population of about 447million. The EU has often been des ...
co-funded further research and development work related to the eduroam service through the GN2 and GN3
projects. From September 2007, the European Union also funded through these projects the continued operation and maintenance of the eduroam service at the European level.
The first non-European country to join eduroam was Australia, in December 2004. In Canada, eduroam started as an initiative of the
University of British Columbia
The University of British Columbia (UBC) is a public university, public research university with campuses near Vancouver and in Kelowna, British Columbia. Established in 1908, it is British Columbia's oldest university. The university ranks a ...
, which was later taken over by
CANARIE
CANARIE (formerly the Canadian Network for the Advancement of Research, Industry and Education) is the not-for-profit organisation which operates the national backbone network of Canada's national research and education network (NREN). The orga ...
as a service of its Canadian Access Federation. In the United States, eduroam was initially a pilot project between the
National Science Foundation
The National Science Foundation (NSF) is an independent agency of the United States government that supports fundamental research and education in all the non-medical fields of science and engineering. Its medical counterpart is the National I ...
and the
University of Tennessee
The University of Tennessee (officially The University of Tennessee, Knoxville; or UT Knoxville; UTK; or UT) is a public land-grant research university in Knoxville, Tennessee. Founded in 1794, two years before Tennessee became the 16th state, ...
(UTK). In 2012,
Internet2
Internet2 is a not-for-profit United States computer networking consortium led by members from the research and education communities, industry, and government. The Internet2 consortium administrative headquarters are located in Ann Arbor, Mi ...
announced the addition of eduroam to its NET+ service offerings. AnyRoam LLC, a private company, was formed by former UTK staff to serve as an Internet2 active corporate member administering the top-level servers.
Technology
The eduroam service uses
IEEE 802.1X
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
IEEE 802.1X defines t ...
as the
authentication
Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
method and a hierarchical system of
RADIUS
In classical geometry, a radius ( : radii) of a circle or sphere is any of the line segments from its center to its perimeter, and in more modern usage, it is also their length. The name comes from the latin ''radius'', meaning ray but also the ...
servers. The hierarchy consists of RADIUS servers at the participating institutions, national RADIUS servers run by the National Roaming Operators and regional top-level RADIUS servers for individual world regions. When a user visits a remote institution, the user's mobile device presents their credentials to the local RADIUS server. That RADIUS server discovers that it is not responsible for the realm of the user's home institution and proxies the access request to the national RADIUS server. If the visited institution is in a different country than the home institution, the request is in turn proxied to the regional top-level RADIUS server, and then to the national RADIUS server of the user's home country. That national server forwards the credentials to the home institution, where they are verified. The 'acknowledge' travels back over the proxy-hierarchy to the visited institution and the user is granted access.
Because the user's credentials travel via a number of intermediate servers, not under the control of the home institution of the user, it is important that the credentials are protected. This requirement limits the types of authentication methods that can be used. Basically there are two categories of useful authentication methods: those that use credentials in the form of some
public-key
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
mechanism with
certificates and those that use so-called
tunnelled authentication. Most institutions use a tunnelled authentication method that only requires server certificates. These server certificates are used to set up a secure tunnel between the mobile device and the authentication server, through which the user credentials are securely transported.
A complication arises if the user's home institution does not use a two-letter country-code top-level domain as part of its realm, but a
generic top-level domain
Generic top-level domains (gTLDs) are one of the categories of top-level domains (TLDs) maintained by the Internet Assigned Numbers Authority (IANA) for use in the Domain Name System of the Internet. A top-level domain is the last level of eve ...
such as .edu or .org. By inspection of such realms, it is
not possible to determine which national RADIUS server the request should be routed to. Such domains will thus by default fail to work in international roaming. The workaround for this problem involves the creation of exceptions in the international
RADIUS request routing tables; however, this workaround does not scale as the number of exception entries grows. Several solutions have been proposed to eliminate this workaround in future, the most promising of which is ''RADIUS over
TLS with Dynamic Discovery'', which does not rely on static routing tables inside a RADIUS server configuration to route requests to their proper destination. Instead, the participating institution adds one single
DNS
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
resource record to its own domain's DNS zone which states by which server eduroam authentication for the domain is handled.
Governance
GÉANT
GÉANT is the pan-European data network for the research and education community. It interconnects national research and education networks (NRENs) across Europe, enabling collaboration on projects ranging from biological science, to earth obser ...
has established a lightweight global governance structure. Recognising the large variety in the organisation and funding of research and education (networking) in different countries and regions, rules imposed on the operations of eduroam are limited to technical and administrative requirements that are necessary to ensure the smooth and secure operations of eduroam worldwide. Moreover, the eduroam operators have the leading role in creating and maintaining the rules of the global eduroam governance.
The Global eduroam Governance Committee (GeGC) has the central role in the global eduroam governance structure. While its structure has evolved over time, it presently has three representatives from each of five regions — mirroring those used by the
Regional Internet registries
A regional Internet registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers.
...
— serving a two-year term. In addition, GÉANT may appoint one or more experts as non-voting members of the GeGC.
Geographical deployment
eduroam is available at selected locations in countries with a National Roaming Operator that has signed the eduroam Compliance Statement. Those sixty-seven countries are listed below. In addition, there may be pilot deployments in countries that are in the process of joining eduroam.
Europe
The
NRENs
A national research and education network (NREN) is a specialised internet service provider dedicated to supporting the needs of the research and education communities within a country.
It is usually distinguished by support for a high-speed backb ...
that are members of the consortium of the GN3 project
have joined the ''European eduroam confederation'' by signing the confederation's policy
that requires its members to comply to a set of technical and organisational requirements, which are more specific than those in the global eduroam Compliance Statement.
As a consequence, eduroam is deployed in the following countries:
In addition, three NRENs that are associate members of the consortium of the GN3 project without voting rights joined the European eduroam confederation; they represent Belarus (
UIIP), Moldova (
RENAM
The Research and Educational Networking Association of Moldova (RENAM) is the national research and education networking organisation (NREN) of Moldova. RENAM was incorporated in June 1999 as an association under Moldovan law. It is a member of TE ...
) and Russia (Joint Supercomputer Center of the
Russian Academy of Sciences
The Russian Academy of Sciences (RAS; russian: Росси́йская акаде́мия нау́к (РАН) ''Rossíyskaya akadémiya naúk'') consists of the national academy of Russia; a network of scientific research institutes from across t ...
).
Finally, five NRENs not involved in the GN3 project joined the European eduroam confederation on a voluntary basis, enabling the deployment of the service in:
The European top-level RADIUS servers are operated by SURFnet and
Forskningsnettet.
Asia-Pacific
eduroam is deployed in the following countries and economies:
The Asia-Pacific top-level RADIUS servers are operated by AARNet and by the
University of Hong Kong
The University of Hong Kong (HKU) (Chinese: 香港大學) is a public research university in Hong Kong. Founded in 1887 as the Hong Kong College of Medicine for Chinese, it is the oldest tertiary institution in Hong Kong. HKU was also the fi ...
.
North America
eduroam is deployed in:
Latin America
eduroam is deployed in:
Africa
eduroam is deployed in:
See also
*
Fon Wireless
References
External links
*{{Official website, https://www.eduroam.org/
Academic computer network organizations
Computer networks
Information technology organizations based in Europe
Science and technology in Europe
Wi-Fi providers