eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community.
eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop.
eduroam video: https://youtu.be/OkpQAmVBaGs
How does eduroam work?
eduroam allows any user from an eduroam participating site to get network access at any institution connected to eduroam. Depending on local policies at the visited institutions, eduroam participants may also have additional resources at their disposal.
The user credentials are kept secure because eduroam does not share them with the site you're visiting. Instead they are forwarded to the user's home institution, where they can be verified and validated.
The system uses a network of servers run by the institutions, and the participating National Research and Education Networks (NRENs) to securely route these requests back to your home institute.
eduroam provides authenticated network access at any location where the service is enabled.
Each participating organization offering network access to authenticated users is able to apply its own filtering policies as long as it is clearly informing users about the filtering rules.
What technology does eduroam use?
In eduroam, communication between the access point and the user's home institution is based on IEEE 802.1X standard; 802.1X encompasses the use of EAP, the Extensible Authentication Protocol, which allows for different authentication methods. Depending on the type of EAP method used, either a secure tunnel will be established from the user’s computer to his home institution through which the actual authentication information (username/password etc.) will be carried (EAP-TTLS or PEAP), or mutual authentication by public X.509 certificates, which is not vulnerable to eavesdropping, will be used (EAP-TLS).
Documents