eduroam

eduroam
source
Name	eduroam
Founded	2002
Area served	Global
Industry	Wireless networking

eduroam is an international roaming service that provides secure wireless network access to users from participating academic, research, and cultural institutions. It enables federated authentication across networks operated by universities, research organisations, libraries, museums, and national research and education networks. The service connects institutions such as University of Oxford, Massachusetts Institute of Technology, University of Tokyo, ETH Zurich, and University of Cape Town through a common framework used by operators like SURFnet, GÉANT, Internet2, Janet (UK), and RedIRIS.

Overview

eduroam operates as a roaming access infrastructure that lets members of participating institutions authenticate using their home credentials when visiting other sites. Institutions such as Harvard University, University of Cambridge, Stanford University, Peking University, and National University of Singapore join regional operators including TERENA, DANTE, CERN, CESNET, and RENATER to offer service continuity. The system integrates with identity providers like Shibboleth, FreeRADIUS, LDAP, Active Directory, and SAML implementations maintained by organisations such as Internet Engineering Task Force and World Wide Web Consortium. Large research facilities including European Organization for Nuclear Research and observatories like ALMA and SKA rely on similar federated models for visitor access.

Technical architecture

The architecture uses a hierarchy of RADIUS servers and proxies to forward authentication requests from visited networks to the user's home institution. Equipment vendors such as Cisco Systems, Aruba Networks, Ruckus Networks, MikroTik, and Ubiquiti Networks supply access points and controllers that implement IEEE 802.1X and WPA2/WPA3-Enterprise. Authentication protocols include EAP-TTLS, PEAP, EAP-TLS, and EAP-FAST, interoperating with server software like FreeRADIUS, Microsoft Network Policy Server, and cloud services from providers such as Amazon Web Services and Google Cloud Platform. The system relies on cryptographic standards promoted by Internet Engineering Task Force working groups and uses certificates issued by authorities such as Let's Encrypt, DigiCert, and national certificate authorities managed by bodies like NIST and ENISA.

Participation and governance

Participation is coordinated by national and regional roaming operators that form a governance model balancing local autonomy and global interoperability. National operators such as DFN (Germany), SURF (Netherlands), HEAnet (Ireland), GARR (Italy), and CARNet (Croatia) maintain policy, registration, and technical support while contributing to global coordination forums including GÉANT, TERENA, and the Global NREN community. Policy documents and operational procedures reference standards from ISO, IETF, and regulatory guidance from authorities like European Commission and national ministries such as UK Department for Education and Australian Department of Education. Major research councils and funding bodies such as Horizon Europe, National Science Foundation, European Research Council, and Wellcome Trust indirectly influence deployment through grant requirements.

Security and privacy

Security controls center on strong mutual authentication using IEEE 802.1X, EAP methods, and X.509 certificates to protect credentials. Institutions integrate identity stores such as Kerberos, Active Directory Federation Services, and Shibboleth to reduce credential exposure. Privacy is managed through logging minimisation, data protection frameworks like General Data Protection Regulation and national data protection authorities such as CNIL and Bundesdatenschutzbeauftragter. Incident handling often follows best practices from ENISA, CERT-EU, US-CERT, and national computer emergency response teams like CERT-AT and CERT-Bund. Research into anonymity, metadata protection, and secure roaming involves projects funded by agencies such as Horizon 2020 and collaborations with institutions like University of Cambridge Computer Laboratory and Royal Holloway, University of London.

Deployment and usage

eduroam is deployed across campuses, research centres, libraries, museums, and conference venues, with dense coverage in regions served by NRENs including GÉANT in Europe, Internet2 in North America, and APAN in Asia-Pacific. Typical deployments use access points from vendors such as Cisco Systems, Aruba Networks, and Ruckus Networks integrated with backend RADIUS clusters, captive portal systems, and identity federations like eduGAIN. Visitor workflows mirror those used at events like International Conference on Learning Representations, OpenStack Summit, ICLR, NeurIPS, and academic gatherings hosted by UNESCO-affiliated institutions. User communities span students, researchers, visiting scholars, and staff from institutions including Princeton University, University of São Paulo, Seoul National University, and University of Melbourne.

History and development

The service emerged in the early 2000s through collaboration among European organisations such as TERENA, SURFnet, and GÉANT and expanded globally via partnerships with national research and education networks including Internet2 and APAN. Early technical work involved contributors from CERN, JISC, DFN, and research groups at KTH Royal Institute of Technology and École Polytechnique Fédérale de Lausanne. Over time, adoption grew through events such as TERENA Networking Conference and coordination via projects funded by European Commission programmes like FP6 and Horizon 2020. Continued evolution reflects advances in Wi‑Fi standards (from IEEE 802.11g to IEEE 802.11ax), authentication protocols endorsed by IETF, and governance practices aligned with international bodies including ISO and ENISA.

Category:Wireless networking