...
The basic principle underpinning the security of eduroam is that the authentication of a use r user is carried out at his/her home institution (Identity Provider, IdP) using the institution’s specific authentication method. The authorisation required to allow access to local network resources is carried out by the visited networkinstitution (Service Provider, SP).
Thus the The eduroam roaming consortium is comprised of many legal entities: (N)ROs, IdPs and SPs. (National) roaming operators ((N)RO) are entities that operate the eduroam service for a country or economy and coordinate the activity of IdPs and SPs at the respective teritory.
GÉANT is the body which is responsible for the international coordination and interoperability of eduroam. As such GÉANT operates a number of services for the eduroam consortium on the European level, some of which store data about ongoing usage by end users. Those services at a European level (from the technical infrastructure at the European level to supporting services aimed for the world-wide comunity).Those services are maintained by eduroam Operations Team (OT). This privacy policy concerns part of the eduroam consortium that is operated and maintained by GÉANT including, but not limited to, the following services: t he the European international level authentication proxy infrastructure, European F-Ticks collection and the eduroam database, the eduroam Configuration Assistant Tool (CAT), the eduroam F-ticks traffic measurement, portal with technical information about the service monitor.eduroam.org, eduroam wiki and website.
We are fans of privacy, and we are proud to say that eduroam was designed for minimal disclosure of end users personal data . The following the requirement that user must be authenticated by his/hers IdP. The design of the system provides and favours the end user anonymization, i.e., a possibility to hide the end user’s identity from any third parties, including providers of the eduroam network access (Service ProvidersSPs). The consortium's eduroam technical foundations have a built-in support for end user privacy throughout the authentication process. For all intermediate supporting services, like routing of authentication requests and F-Ticks (log format for distributed federations), we strive towards knowing *nothing* about the actual identity of an end user, while still maintaining log traces which allow for resolving security incidents, debugging and , monitoring of usage statistics.
To view the general Privacy Notice for GÉANT, please visit the GÉANT website.
...