eduroam stands for education roaming. It offers users from participating academic institutions secure Internet access at any other eduroam participating location. The eduroam architecture that makes this possible is based on a number of technologies and agreements, which together provide the eduroam user experience: "open your laptop and be online". eduroam is expected to be available to UTD students, faculty, and staff in February 2017. Members of participating institutions will be able to authenticate and use our wireless internet via the new “eduroam” network name (SSID) and we will be able to authenticate on networks at participating institutions using our NetID and password.
The authentication of a user is carried out at their Identity Provider (IdP), using their specific authentication method. In order to transport the authentication request of a user from the Service Provider to his Identity Provider and the authentication response back, a world-wide system of RADIUS servers is created. Because users are using usernames of the format "[email protected]", where realm is the IdP's DNS domain name often of the form institution.tld (tld=top-level domain; both country-code TLDs and generic TLDs are supported), the RADIUS servers can use this information to route the request to the appropriate next RADIUS server until the IdP is reached.
eduroam networks are provided by participating institutions locally and is their own responsibility. As a roaming consortium, eduroam defines minimal compliance rules on how hotspot deployments need to act like; you can think of this as a "franchise" system.
As a result, not all eduroam hotspots are identical. You can expect the following baseline configuration at eduroam hotspots:
- Use is free of charge.
- The wireless network is encrypted with WPA2/AES.
- Your username and password is exclusively validated with IEEE 802.1X as described above.
- The network gives you access to the general internet.
In Europe, a minimum number of services ("ports") must be made available at the hotspot. The list includes sending and receiving email (encrpytedly and unencryptedly), browsing web pages (encrpytedly and unencryptedly), and access to a wide variety of Virtual Private Networking (VPN) solutions which can connect you back to your home institution in privacy.
Apart from that, you should consider every eduroam network as a "normal ISP" network. In particular, the WPA2/AES encryption only protects your traffic while it is in the air; as soon as it travels onwards onto the internet, your traffic is not encrypted any more unless you chose to use encrypted transfer protocols (e.g. browse with https:// instead of http:// ; or if you started a VPN connection).