Versions Compared

Old Version 5

changes.mady.by.user Marina Adomeit

Saved on

compared with

New Version 6

changes.mady.by.user Marina Adomeit

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The European level authentication proxy infrastructure,
  • The eduroam database, 
  • The eduroam Configuration Assistant Tool (CAT),
  • The eduroam Managed IdP Service,
  • The eduroam F-ticks traffic measurement,
  • The portal with technical information about the service - monitor.eduroam.org,
  • The eduroam wiki, and
  • The eduroam website.

eduroam was designed for minimal disclosure of end users personal data following the requirement that user must be authenticated by his/her IdP. The design of the system provides and favours the end user anonymization, i.e., the possibility to hide the end user’s identity from any third parties, including providers of eduroam network access (SPs). eduroam technical foundations have a built-in support for end user privacy throughout the authentication process. For all intermediate services, like routing of authentication requests and F-ticks (log format for distributed federations), the service is designed to know *nothing* about the actual identity of an end user, while still maintaining log traces which allow for resolving security incidents, debugging, monitoring and usage statistics.

...

We process various data in order to provide a reliable and secure eduroam service and to ensure and improve the quality of the eduroam supporting service. The eduroam service is designed in a way that we don’t need to know end user identity in order to provide the service. Partners within eduroam community can anonymise potential end user’s private data.  We give advice and guidance to the community that recommends the highest levels of anonymity of data in all deployments.

For the eduroam Managed IdP service which may be used by some home organisations to outsource technical part of the IdP function, we process a minimal amount of personal data in order to provide the end users with the eduroam access credentials in the highest privacy persevering manner.  

We also collect data related to NROs, IdPS and SPs to enable supporting services and improve incident response and user support. Access to the data collected in the eduroam database and other supporting services which is considered private is limited (via authentication mechanism based on eduGAIN) to responsible personnel of GEANT and NROs.

...

  • When you roam and visit other countries, or as a user of the eduroam Managed IdP service, the European proxy servers will receive and log the following data: your realm (denoting your institution and federation) and MAC addresses. We can also receive your username if  you have not chosen to anonymise this data (eduroam Managed IdP always uses opaque usernames). When you roam to another institution within your home country the European proxy servers don’t receive any data because they are not included in that process.  The service has a legitimate interest in processing this information.
  • When you roam and visit other countries or other institutions within your federation we may also process for monitoring, measuring and reporting services, in addition to the data mentioned above, the data about visited country, visited institution and authentication outcome. The service has a legitimate interest in processing this information.
  • As part of supporting activities we maintain several public web sites (e.g. web of CAT service) where  we collect normal web server logs, i.e. timestamp of access, IP address which requested the page, the page being requested, the HTML result code, etc. The data collected is for the purpose of troubleshooting and debugging potential problems of with eduroam web servers and therefore the service has a legitimate interest in processing this information.
  • The eduroam Operational Team maintains a database where we collect data related to that may include name, e-mail, phone number of the NROs, IdPS and SPs contacts to enable supporting services and improve incident response and user support. The data is provided by the NROs based on the eduroam Policy Service Definition. eduroam strongly advises NROs to use the function contacts rather then the personal ones.
  • To ensure proper functioning of the eduroam Configuration Assistant Tool (CAT) and of the eduroam Managed IdP service we collect the identifers and e-mail addresses of the NRO and IdP admins responsible for the configurations that will be used be the end users. The service has a legitimate interest in processing this information.

  • The eduroam Managed IdP system also stores an arbitrary identifier for you (given by the IdP administator), and maintains pseudonyms of that identifier for the actual eduroam access credentials. It also stores information about successful authentications linked to those pseudonyms.The service has a legitimate interest in processing this information.

...