Policy for NROs

eduroam NROs have the full authority to admit eduroam IdPs within their country or region. eduroam Managed IdP changes nothing in that regard; it is merely a new technical vehicle to get eduroam IdPs on board. Insofar, no particular policy is required.

However, the eduroam Managed IdP system is created with a maximum amount of 10.000 end user accounts per NRO. Should the number of end users created within an NRO's tenancy, eduroam Operations will contact them to determine either pricing or other ways of sharing the operational load.

That limit is not technically enforced and can be followed up with delay and asynchronously. So, no online notification in any way is foreseen.

Policy for eduroam IdPs

eduroam IdP administrators are bound by the requirements as set forth in the eduroam Service Definition. The specific service eduroam Managed IdP needs additional Terms and Conditions on top of that baseline.

These terms and conditions are displayed and need to be acknowledged by eduroam Managed IdP administrator before they can actually start using the system (pop-up with sign-off requirement):

As an eduroam IdP administrator using this system, you are authorized to create user accounts according to your local institution policy. You are fully responsible for the accounts you issue. In particular, you

  • only issue accounts to members of your institution, as defined by your local policy.
  • must make sure that all accounts that you issue can be linked by you to actual human end users of eduroam
  • have to immediately revoke accounts of users when they leave or otherwise stop being a member of your institution
  • will act upon notifications about possible network abuse by your users and will appropriately sanction them

Failure to comply with these requirements may lead to the deletion of your IdP (and all the users you create inside) in this system.

With this product, eduroam Operations is not interested in and strives not to collect any personally identifiable information about the end users you create. To that end,

  • the usernames you create in the system are not expected to be human-readable identifiers of actual humans. We encourage you to create usernames like 'hr-user-12' rather than 'Jane Doe, Human Resources Department'. You are the only one who needs to be able to make a link to the human behind the identifiers you create.
  • the identifiers in the eduroam access credentials are not linked to the usernames you add to the system; they are pseudonyms.
  • each access credential carries a different pseudonym, even if it pertains to the same username.

Policy for end users

eduroam end users are being presented a lightweight Acceptable Use Policy by the time they visit the download page.

Actually downloading the installer in question is deemed acceptance of those terms:

You can now download a personalised eduroam® installation program.The installation program is strictly personal, to be used only on this device (device identifier, such as "Linux"), and it is not permitted to share this information with anyone.

When the system detects abuse such as sharing login data with others, all access rights for you will be revoked and you may be sanctioned by your local eduroam® administrator.

  • No labels