Painless Security.

What is eduroam?

eduroam is a global wireless network service that allows students, researchers, and staff from participating institutions to access the internet securely and easily when visiting other eduroam-enabled locations. eduroam stands for education roaming, and it is available in more than 100 countries and territories around the world.

Benefits of eduroam

eduroam provides a number of benefits for users and institutions. Users only need to configure their device once with their home institution credentials, and they can connect automatically to any eduroam hotspot without additional login or registration. eduroam uses strong encryption and authentication protocols to protect the user’s data and privacy. Users do not need to use untrusted or open Wi-Fi networks that may expose them to cyberattacks or identity theft. eduroam enables users to access the internet wherever they go, whether it is on campus, at a library, a museum, an airport, or a conference venue. Users can also access their home institution’s online resources and services through eduroam. eduroam is free of charge for users and reduces operational costs for institutions. Institutions do not need to issue or manage guest accounts or passwords for visitors, and they can leverage the existing infrastructure and support of the eduroam community.

What does eduroam do?

eduroam allows users to authenticate themselves with their home institution credentials when they connect to an eduroam hotspot at another location. The authentication request is securely routed from the visited location to the user's home institution, where it is verified and authorized. The user is then granted access to the internet at the visited location, as well as to their home institution's online resources and services.

How eduroam works

eduroam works by using a federated model of trust among participating institutions. Each institution operates an eduroam Identity Provider (IdP) that manages the user accounts and credentials, and an eduroam Service Provider (SP) that provides the wireless network access points. The IdPs and SPs are connected through a hierarchy of regional and national federations, which are coordinated by the global confederation of eduroam.

When a user connects to an eduroam hotspot at a visited location, their device sends an authentication request that contains their username and password, encrypted with a digital certificate. The username has the format of user@institution.domain, which identifies the user's home institution. The authentication request is forwarded by the visited SP to the appropriate federation, which then routes it to the user's home IdP. The IdP verifies the user's credentials and sends back an authorization response, which grants or denies access to the user. The visited SP then assigns an IP address to the user's device and allows them to access the internet.

The user's password is never revealed to the visited SP or federation, only to their home IdP. The user's data traffic is also encrypted between their device and the visited SP, ensuring security and privacy.

For more information about eduroam, please visit www.eduroam.org.