eduroam Service

eduroam (EDUcation ROAMing) allows users from participating institutions secure internet access at any eduroam-enabled institution. The architecture that enables this is based on a number of technologies and agreements, which together provide the eduroam user experience: "open your laptop and be online".

The basic principle underpinning the security of eduroam is that the authentication of a user is carried out at their home institution using their specific authentication method. The authorisation required to allow access to local network resources is carried out by the visited network, the owner of the resource, based on the authentication response received from the home institution.

To provide this facility, the European eduroam service is a confederated service, built hierarchically. At the top level sits the confederation level service, and this primarily provides the confederation infrastructure required to grant network access to all participating members of the eduroam service at any time. This confederation service is built upon the national roaming services, operated by the national roaming operators (NROs) (in most cases NRENs). National roaming services make use of other entities, for example campuses and regional facilities.

A hierarchical system of RADIUS servers is used to transport the authentication request of a user from the visited institution to their home institution, and the authentication response back. Typically, every institution deploys a RADIUS server, which in turn is connected to a local identity provider. This RADIUS server is connected to a central national RADIUS server, which in turn is connected to a European (or global) RADIUS server.

Currently about 30 European national roaming federations are connected to the eduroam infrastructure
see also http://www.eduroam.org

For more information please see the eduroam deliverables page