Description of the eduroam Service
The eduroam (education roaming) is a secure, world-wide roaming access service developed for the international research and education community. eduroam allows any user from an eduroam participating site to get network access at any location that provides eduroam service.
...
Thus the eduroam roaming consortium is comprised of many legal entities: (N)ROs, IdPs and SPs. (National) roaming operators ((N)RO) are entities that operate the eduroam service for a country or economy and coordinate the activity of IdPs and SPs in the respective teritoryterritory.
GÉANT is the body which is responsible for the international coordination and interoperability of eduroam. As such GÉANT operates a number of services for the eduroam community, from the technical infrastructure at the European level to supporting services aimed for the world-wide community.Those services services are maintained by eduroam Operations Team (OT). This privacy policy concerns part of the eduroam service that is operated and maintained by GÉANT including, but not limited to, the following services: the European level authentication proxy infrastructure, the eduroam database, the eduroam Configuration Assistant Tool (CAT), the eduroam F-ticks traffic measurement, a portal with technical information about the service, monitor.eduroam.org, the eduroam wiki and the eduroam website.
The eduroam was designed for minimal disclosure of end users personal data following the requirement that user must be authenticated by his/hers IdP. The design of the system provides and favours the end user anonymization, i.e., a the possibility to hide the end user’s identity from any third parties, including providers of the eduroam network access (SPs). The eduroam technical foundations have a built-in support for end user privacy throughout the authentication process. For all intermediate services, like routing of authentication requests and F-Ticks ticks (log format for distributed federations), we strive towards knowing the service is designed to know *nothing* about the actual identity of an end user, while still maintaining log traces which allow for resolving security incidents, debugging, monitoring and usage statistics.
...
We process various data in order to provide a reliable and secure eduroam service and to ensure and improve the quality of the eduroam supporting service. The eduroam service is designed in a way that we don't need to know end user identity in order to provide the service. Partners within eduroam community can anonymise potential end user's private data. We give advice and guidance to the community that recommends the highest levels of anonymity of data in all deployments.
We also collect data related to NROs, IdPS and SPs to enable supporting services and improve incident response and user support.. Access to the data collected in the eduroam dabatase database and orther other supporting services which is considered private is limited (via authentication mechanism based on eduGAIN) to responsible personel of GEANT and NROs.
...
- When you roam and visit other countries, the European proxy servers will receive and log the following data: your realm (denoting your institution and federation) and MAC addresses. We can also receive your username if you have choosen not chosen to not anonymise this data. When you roam to another institution within your home country we don’t receive any data because the European proxy servers are not included in that process. The service has a legitimate interest in processing this information.
- When you roam and visit other countries or other institutions within your federation we may also process for monitoring, measuring and reporting services, in addition to the data mentioned above, the data about visited country, visited institution and authentication outcome. The service has a legitimate interest in processing this information.
- As part of supporting activities we maintain several public web sites (e.g. web of CAT service) where we collect normal web server logs, i.e. timestamp of access, IP address which requested the page, the page being requested, the HTML result code, etc. The data collected is for the purpose of troubleshooting and debugging potential problems of with eduroam web servers and therefore the service has a legitimate interest in processing this information.
- The eduroam Operations Operational Team maintains a database where where we collect data related to NROs, IdPS and SPs to enable supporting services and improve incident response and user support. The data is provided by the NROs based on the eduroam Policy.
- To ensure proper functioning of the eduroam Configuration Assistant Tool (CAT) we collect the identifers and e-mail addresses of the NRO and IdP admins responsible for the configurations that will be used be the end users. The service has a legitimate interest in processing this information.
TO DO: eduroam Managed IdP.
Who Do We Share Data With?
...