Versions Compared

Old Version 30

changes.mady.by.user Marina Adomeit

Saved on

compared with

New Version 31

changes.mady.by.user Marina Adomeit

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Geant central opsNROsIdPsSPs
Dataset description:Logs from the European top level serversLogs from the national radius serversLogs from the IdP radius serverLogs from the SP radius server
Purpose of processing:

Troubleshooting issues and resolving security incidents.

Troubleshooting issues and resolving security incidents. Recommendation by the eduroam service definition.

Logs of all authentication requests and responses SHOULD be kept. The minimum log

retention time is six months, unless national regulations require otherwise. The information in the requests and responses SHOULD as a minimum include:

    •   The time the authentication request was exchanged.

    •   The value of the User-Name attribute in the request ('outer EAP-identity').

    •   The value of the Calling-Station-Id attribute in authentication requests.

    •   The result of the authentication.

    •   The value of Chargeable-User-Identity (if present in Access-Accept message). 

Troubleshooting issues and resolving security incidents. Requirement by the eduroam service definition.

fff

    Logs of all authentication requests and responses MUST be kept. The minimum log retention time is six months, unless national regulations require otherwise. The information in the requests and responses MUST, as a minimum, include:

    •   The time the authentication request was exchanged.

    •   The value of the User-Name attribute in the request ('outer EAP-identity'). 

      • The value of the Calling-Station-Id attribute in authentication requests.

      •   If tunnelled EAP types are used, the actual user name in the request ('inner EAP-

        identity').

      •   If the IdP opts to generate a Chargeable-User-Identity, the value of this attribute.

      •   The result of the authentication. 


Troubleshooting issues and resolving security incidents. Requirement by the eduroam service definition.


Sufficient logging information MUST be kept to be able to correlate between a client’s layer 2

(MAC) address and the layer 3 (IP) address that was issued after login if public addresses are

used. This requirement is void if NAT is used. 

Data source:

Data is logged in the ETLR servers when an RADIUS authentication or response passes. (user access eduroam in another country)

Data is logged in the FTLR server(s) when an RADIUS authentication or response passes. (user accesses eduroam in another institution)

Data is logged in the IdP RADIUS server(s) when an RADIUS authentication or response passes. (user accesses eduroam anywhere)Data is logged in the SPs RADIUS server(s) when an RADIUS authentication or response passes. (user accesses eduroam at that SPs location)
Data storage and access:

Data is stored in the ETLR servers

Depending on the NRO practices, data can be kept and stored by NRO as well.

, accessible only to the eduroam operational team personnel.

Data is stored in the FTLR server(s), accessible only to the NRO operational team personnel. (This may vary based on local practices)

Data is stored in the IdP server(s), accessible only to the IdP operational team personnel.

(This may vary based on local practices)

Data is stored in the SP server(s), accessible only to the IdP operational team personnel.

(This may vary based on local practices)

Data transfer:

No

NoNoNo
Data retention:?Depends on local policy. eduroam service definition recommendation is:

The minimum log retention time is six months, unless national regulations require otherwise

Depends on the local policyData transfer:

F-ticks data are not transferred to any other party or system.

F-ticks data are sent to the eduroam core operations.Data retention:F-ticks data are kept permanently. (question)Depends on the NRO practices if they keep a copy and for how long.Depends on the local policies. eduroam service definition recommendation is: The minimum log retention time is six months, unless national regulations require otherwise.Depends on local policy.
Personal data processed:YesYesYesYes



eduroam F-ticks

Data is processed by GEANT central ops and NROs.

...