...
Table of Contents maxLevel 1 style none
eduroam
...
RADIUS server logs
| GEANT |
...
logs of ETLR servers (contain IPaddress, MAC address, outer-identity, CUI, ON, ...)
| central ops |
| NRO |
| IdP |
| SP | ||
| Dataset description: | Logs from the European top level RADIUS servers (ETLR) | Logs from the national |
| top level RADIUS server(s) (FTLR) | Logs from the IdP |
| RADIUS server(s) | Logs from the SP |
| RADIUS server(s) | ||
| Purpose of processing: | Troubleshooting issues and resolving security incidents. | Troubleshooting issues and resolving security incidents. Recommendation by the eduroam |
Service Definition. |
Logs of all authentication requests and responses SHOULD be kept. The minimum log
retention time is six months, unless national regulations require otherwise. The information in the requests and responses SHOULD as a minimum include:
The time the authentication request was exchanged.
The value of the User-Name attribute in the request ('outer EAP-identity').
The value of the Calling-Station-Id attribute in authentication requests.
The result of the authentication.
The value of Chargeable-User-Identity (if present in Access-Accept message).
Troubleshooting issues and resolving security incidents. Requirement by the eduroam service definition.
fff
Logs of all authentication requests and responses MUST be kept. The minimum log retention time is six months, unless national regulations require otherwise. The information in the requests and responses MUST, as a minimum, include:
The time the authentication request was exchanged.
The value of the User-Name attribute in the request ('outer EAP-identity').
The value of the Calling-Station-Id attribute in authentication requests.
If tunnelled EAP types are used, the actual user name in the request ('inner EAP-
identity').
If the IdP opts to generate a Chargeable-User-Identity, the value of this attribute.
The result of the authentication.
Troubleshooting issues and resolving security incidents. Requirement by the eduroam service definition.
Sufficient logging information MUST be kept to be able to correlate between a client’s layer 2
(MAC) address and the layer 3 (IP) address that was issued after login if public addresses are
used. This requirement is void if NAT is used.
Data is logged in the ETLR servers when an RADIUS authentication or response passes. (user access eduroam in another country)
Data is logged in the FTLR server(s) when an RADIUS authentication or response passes. (user accesses eduroam in another institution)
Data is stored in the ETLR servers
F-ticks data are not transferred to any other party or system.
eduroam F-ticks
Data is processed by GEANT central ops and NROs.
...
Usage log messages for each international and national roaming authentication request.
...
Log data provides basic statistical information about service usage. It provides statistics about the number of logins for national and international roaming. The data is used for generation of usage statistics that are publicly available at https://monitor.eduroam.org and for reporting to EC and other stakeholders.
...
NROs Federation top level Radius servers.
...
F-ticks data are stored in the SQL database that is operated in the infrastructure provided by CARNet. The raw data is accessible only by the personnel of eduroam operations team.
...
F-ticks data are not transferred to any other party or system.
...
Troubleshooting issues and resolving security incidents. Requirement by the eduroam Service Definition. | Troubleshooting issues and resolving security incidents. Recommendation by the eduroam Service Definition. Requirement by the eduroam Service Definition is to keep the logs of public IP addresses assigned to users and its relation to users MAC address. | |||
| Data source: | Data is logged in the ETLR servers when a RADIUS authentication or response passes (user accesses eduroam in another country) | Data is logged in the FTLR server(s) when a RADIUS authentication or response passes (user accesses eduroam in another institution) | Data is logged in the IdP RADIUS server(s) when a RADIUS authentication or response passes (institution user accesses eduroam anywhere) | Data is logged in the SPs RADIUS server(s) when a RADIUS authentication or response passes. (user accesses eduroam at that SPs location) |
| Data storage and access: | Data is stored in the ETLR servers, accessible only to the eduroam operational team personnel. | Data is stored in the FTLR server(s), accessible only to the NRO operational team personnel. (This may vary based on local practices) | Data is stored in the IdP server(s), accessible only to the IdP operational team personnel. (This may vary based on local practices) | Data is stored in the SP server(s), accessible only to the IdP operational team personnel. (This may vary based on local practices) |
| Data transfer: | No | No | No | No |
| Data retention: | All data related to roaming are kept for a period of six months. | Depends on the local policy. eduroam Service Definition recommendation is: The minimum log retention time is six months, unless national regulations require otherwise | Depends on the local policy. eduroam Service Definition recommendation is: The minimum log retention time is six months, unless national regulations require otherwise. | Depends on local the policy. eduroam Service Definition recommendation is: The minimum log retention time is six months, unless national regulations require otherwise. |
| Personal data processed: | Yes | Yes | Yes | Yes |
Dataset content
| Data item | Is personal data? | ||||
| central ops | NRO | IdP | SP | ||
|---|---|---|---|---|---|
| 1 | Timestamp - The time the authentication request was exchanged i.e usert tried to access the eduroam service | ||||
| 2 | Outer EAP-identity - username@institution_domain, username can be anonymised but not all users do that | ||||
| 3 | Inner EAP-identity - username@institution_domain | ||||
| 4 | Calling-Station-Id - users MAC address, MAC address can be randomized but that's not the default in all clients | ||||
| 5 | Authentication result | ||||
| 6 | Chargeable-User-Identity - users anonymous ID | ||||
| 7 | IP address assigned by the SP after the sucessfull authenticaiton, including its relation to users MAC address | ||||
eduroam F-ticks
| GEANT central ops | NROs | |
| Dataset description: | Usage log messages for each international and national roaming authentication request. | Usage log messages for international and national roaming authentication request coming from IdPs belonging to that NRO. |
| Purpose of processing: | Log data provides basic statistical information about service usage. It provides statistics about the number of logins for national and international roaming. The data is used for generation of usage statistics that are publicly available at https://monitor.eduroam.org and for reporting to EC and other stakeholders. | Log data provides basic statistical information about the service usage. It provides statistics about the number of logins for national and international roaming. The data is sent to the GEANT central operations as requested by the eduroam service definition. Depending on the NRO practices, the data can processed by the NRO for creating usage statistics. |
| Data source: | NROs Federation top level Radius servers. | F-ticks data are generated by the data from RADIUS authentication requests or responses sent by the IdP, and that transverses the NROs Federation top level Radius servers. This happens in the event when a user access eduroam at a visited SP location and authenticates. |
| Data storage and access: | F-ticks data are stored in the SQL database that is operated in the infrastructure provided by CARNet. The raw data is accessible only by the personnel of eduroam operations team. | Depending on the NRO practices, data can be kept and stored by NRO as well. |
| Data transfer: | F-ticks data are not transferred to any other party or system. | F-ticks data are sent to the eduroam core operations. |
| Data retention: | F-ticks data are kept permanently.  | Depends on the NRO practices if they keep a copy and for how long. |
| Personal data processed: | Yes | Yes |
Dataset content
| Data item | Is personal data? | Comment | |
|---|---|---|---|
| 1 | REALM - As in users username used for the authentication (for example “@education.lu”) - contains the user’s country of origin and the institution of origin | Yes | |
| 2 | Calling-Station-Id - User’s device MAC address | Yes | |
| 3 | Viscountry - ISO country code of the NRO that generated the log message | Yes | No (VP proposal) |
| 4 | Visinst - Identifier of visited institution i.e. operator-name RADIUS attribute | Yes | No (VP proposal) |
| 5 | Result - Authentication outcome: OK / FAIL | No |
eduroam Database - NRO information
| Dataset description: | National Roaming Operator information. |
| Purpose of processing: | Data is used to feed the central data repository for eduroam service. It provides information about National Roaming Operators that participate in the eduroam service. The data is used for providing public available information about eduroam service, available at https://monitor.eduroam.org/. |
| Data source: | The eduroam database has been build as a central database with the mechanism that enables automatic data collection from (National) Roaming Operators - (N)ROs. (N)ROs should provide general data in the defined XML or JSON format. The data should be available at the specific, predefined URLs: http://www.eduroam.<tld>/general/<dataset-name>. |
| Data storage and access: | Data is stored in the SQL database that is operated in the infrastructure provided by CARNet. The raw data is accessible only by the personnel of eduroam operations team. |
| Data transfer: | Data is not transferred to any other party or system. |
| Data retention: | Data is kept permanently. |
| Personal data processed: | Yes |
Dataset content
| Data item | Is personal data? | Comment | |
|---|---|---|---|
| 1 | ROid - Unique identifier provided by the database operator during the RO registration | No | |
| 2 | country - two letter country code | No | |
| 3 | stage - 0=preproduction/test, 1=active | No | |
| 4 | org_name - (N)RO corporate name | No | |
| 5 | address_street - (N)RO address | No | |
| 6 | address_city - (N)RO address | No | |
| 7 | coordinates - longitude, latitude, altitude | No | |
| 8 | contact_name - (N)RO contact: name | Yes | If contact is person |
| 9 | contact_email - (N)RO contact: e-mail | Yes | If contact is person |
| 10 | contact_phone - (N)RO contact: phone no. | Yes | If contact is person |
| 11 | contact_type - 0=person, 1=service/department | No | |
| 12 | contact_privacy - 0=private, 1=public | No | |
| 13 | info_URL - (N)RO web page URL | No | |
| 14 | policy_URL - (N)RO Policy URL | No | |
| 15 | ts - date: last changed | No |
eduroam Database - Institution information
| GEANT central operations | NROs | |
| Dataset description: | Institution information (IdP or SP), participating in eduroam service. | Institution information (IdP or SP) participating in eduroam service and belonging to the given NRO. |
| Purpose of processing: | Data is used to feed the central data repository for eduroam service. It provides information about Institutions that participate in the eduroam service as IdPs and SPs. The data is used for providing public available information about eduroam service, available at https://monitor.eduroam.org/. | Data is requested by the eduroam service definition. |
| Data source: | The eduroam database has been build as a central database with the mechanism that enables automatic data collection from (National) Roaming Operators - (N)ROs. (N)ROs should provide general data in the defined XML or JSON format. The data should be available at the specific, predefined URLs: http://www.eduroam.<tld>/general/<dataset-name> | Data is collected from the institutions participating in the eduroam in that NRO. Exact process is a matter of local implementation in a NRO. |
| Data storage and access: | Data is stored in the SQL database on the host that is operated in the infrastructure provided by CARNet. The raw data is accessible only by the personnel of eduroam operations team (OT). THe host is mantained by the OT | Data is stored in the national eduroam web site. Data access is public. Additional storing locations may be implemented based on NROs practices. |
| Data transfer: | Data is not transferred to any other party or system. | - |
| Data retention: | Data is kept permanently. | |
| Personal data processed: | Yes | Yes |
Dataset content
| Data item | Is personal data? | Comment | |
|---|---|---|---|
| 1 | instid - provided by the NRO | No | |
| 2 | ROid - Unique identifier provided by the database operator during the RO registration | No | |
| 3 | type - IdP, SP, IdP+SP | No | |
| 4 | stage - 0=preproduction/test, 1=active | No | |
| 5 | inst_realm - (only for IdP or IdP+SP) | No | |
| 6 | inst_name - institution’s corporate name | No | |
| 7 | address_street - institution’s address | No | |
| 8 | address_city - institution’s address: city | No | |
| 9 | coordinates - longitude, latitude, altitude of institution’s location | No | |
| 10 | inst_type - IEEE 802.11-2012, clause 8.4.1.34 Venue Info | No | |
| 11 | contact_name - institution’s contact: name | Yes | If contact is person |
| 12 | contact_email - institution’s contact: e-mail | Yes | If contact is person |
| 13 | contact_phone - institution’s contact: phone no. | Yes | If contact is person |
| 14 | contact_type - 0=person, 1=service/department | No | |
| 15 | contact_privacy - 0=private, 1=public | No | |
| 16 | info_URL - institution’s web page with the information related to the service | No | |
| 17 | policy_URL - institution’s Policy | No | |
| 18 | ts - date: last changed | No |
eduroam Database - Service Location information
| GEANT central ops | NROs | |
| Dataset description: | Service Location information | Service Location infromations, from SPs belonging to the given NRO. |
| Purpose of processing: | Data is used to feed the central data repository for eduroam service. It provides information about Service Locations that are provided in eduroam by participating SPs. The data is used for providing public available information about eduroam service, available at https://monitor.eduroam.org/. | Data is requested by the eduroam service definition. |
| Data source: | The eduroam database has been build as a central database with the mechanism that enables automatic data collection from (National) Roaming Operators - (N)ROs.(N)ROs should provide general data in the defined XML or JSON format. The data should be available at the specific, predefined URLs: http://www.eduroam.<tld>/general/<dataset-name>. | Data is collected from the service providers participating in the eduroam in given NRO. Exact process is a matter of local implementation in a NRO. |
| Data storage and access: | Data is stored in the SQL database that is operated in the infrastructure provided by CARNet/SRCE. The raw data is accessible only by the personnel of eduroam operations team. | Data is stored in the national eduroam web site. Data access is public. Additional storing locations may be implemented based on NROs practices. |
| Data transfer: | Data is not transferred to any other party or system. | - |
| Data retention: | Data is kept permanently. | |
| Personal data processed: | Yes | Yes |
Dataset content
| Data item | Is personal data? | Comment | |
|---|---|---|---|
| 1 | instid - provided by the NRO | No | |
| 2 | ROid - Unique identifier provided by the database operator during the RO | No | |
| 3 | locationid - provided by the NRO | No | |
| 4 | coordinates - longitude, latitude, altitude | No | |
| 5 | stage - 0=preproduction/test, 1=active | No | |
| 6 | type - 0=single spot; 1=area; 2=mobile | No | |
| 7 | loc_name - location’s name | No | |
| 8 | address_street - location’s address | No | |
| 9 | address_city - location’s address: city | No | |
| 10 | location_type - IEEE 802.11-2012, clause 8.4.1.34 Venue Info | No | |
| 11 | contact_name - on site contact: name | Yes | If contact is person |
| 12 | contact_email - on site contact: e-mail | Yes | If contact is person |
| 13 | contact_phone - on site contact: phone no. | Yes | If contact is person |
| 14 | contact_type - 0=person, 1=service/department | No | |
| 15 | contact_privacy - 0=private, 1=public | No | |
| 16 | SSID - SSID used | No | |
| 17 | enc_level - supported encryption levels | No | |
| 18 | AP_no - number of APs | No | |
| 19 | wired_no - number of enabled sockets for wired access | No | |
| 20 | tag - specific characteristic(s): port_restrict, transp_proxy, IPv6, NAT, HS2.0 | No | |
| 21 | availability - 0=default, 1=physical access restrictions | No | |
| 22 | operation_hours - If service is not available 24 hours per day | No | |
| 23 | info_URL - info page with additional info in case of any restrictions | No | |
| 24 | ts - date: last changed | No |
eduroam CAT (as of version 1.1)
| Dataset description: | Configuration Assistant Tool operator database (NRO administrator and institution-level administrator) |
| Purpose of processing: | allowing administrators to upload and maintain the information needed to create eduroam installation programs ("installers") within their country / institution |
| Data source: | eduroam database - NRO information & institution information (see datasets above), eduroam SP proxy authentication data (see dataset above), administrator input, produces web server and application logs (cat-ams.eduroam.org) |
Dataset content
...
eduroam Database - NRO information
| Data storage and access: | Data is stored in the SQL database on the virtual machine that is operated in the infrastructure provided by |
SURF. The raw data is accessible only by the personnel of eduroam operations team |
. The virtual machine is maintained by the OT. | |
| Data transfer: | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to NRO personnel for general status updates) |
| Data retention: |
|
| |
| Personal data processed: | Yes |
Dataset content
| Data item | Is personal data |
|---|
| ? |
|---|
| 1 |
eduroam Database - Institution information
Data is processed by the eduroam central operations and NROs
...
Data is collected from the institutions participating in the eduroam in that NRO. Exact process is a matter of local implementation in a NRO.
...
Dataset content
...
eduroam Database - Service Location information
...
administrator authentication - supplied from eduroam SP proxy
| Yes | |
| 2 | administrator authorisation
| Yes |
| 3 | general institution information - supplied by institution administrator input
| No |
| 4 | eduroam media deployment information - supplied by institution administrator input
| No |
| 5 | support contacts of institution - supplied by institution administrator input
| No |
| 6 | RADIUS/EAP details - supplied by institution administrator input
| No |
eduroam Managed IdP
| Dataset description: | eduroam Managed IdP is a derivative of eduroam CAT (see above), which additionally produces per-user personalised installation programs and maintains a database of these end users. It also authenticates the end users based on the installed programs |
| Purpose of processing: | allowing administrators to upload and maintain the information needed to manage their end user base to the end of creating eduroam installation programs ("installers") within their country / institution, and to authenticate their users in eduroam |
| Data source: | eduroam database - NRO information & institution information (see datasets above), eduroam SP proxy authentication data (see dataset above), administrator input, produces web server and application logs (cat-pilot.eduroam.org / auth-test.hosted.eduroam.org / auth-test-2.hosted.eduroam.org / ocsp-test.hosted.eduroam.org) |
| Data storage and access: | Data is stored in the database on the virtual machine that is operated in the infrastructure provided by GÉANT. The raw data is accessible only by the personnel of eduroam operations team. The virtual machine is maintained by the OT. |
| Data transfer: | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to end-users for credentialing, one variant to NRO personnel for general status updates) |
| Data retention: |
|
| Personal data processed: | Yes |
Dataset content
| Data item | Is personal data ? | |
|---|---|---|
| 1-5 | Dataset content items 1 to 5 are IDENTICAL to those of eduroam CAT (see above) | Yes |
| 6 | Deployment details of Managed IdP for NRO (from NRO admin input)
| No |
| 7 | Deployment details of Managed IdP for institution
| Yes because of pseudonymous usernames ? |
| 8 | eduroam credentials (X.509 certificates)
| ? |
| 9 | end-user invitation tokens (URLs with unique, random long identifier)
| ? |
| 10 | RADIUS authentication logs The RADIUS server is an eduroam IdP in the sense of the dataset "eduroam RADIUS server logs → IdP" above, and the same data set considerations apply. | Yes |
| 11 | certificate status server logs
|
eduroam Managed SP
| eduroam Managed SP Web Frontend | eduroam Managed SP RADIUS Servers | Local hotspot | |
| Dataset description: | Data required to manage deployment properties of eduroam Managed SP hotspots | Logs from the Managed SP RADIUS Servers | Logs from the hotspot's APs/controllers |
| Purpose of processing: | Allowing hotspot administrators to log into the system, add/edit/delete their Managed SP deployment, and to check usage logs of their hotspot | Troubleshooting issues and resolving security incidents. Recommendation by the eduroam Service Definition. | Troubleshooting issues and resolving security incidents. Requirement by the eduroam Service Definition is to keep the logs of public IP addresses assigned to users and its relation to users MAC address (no requirement imposed when using NAT). |
| Data source: | eduroam database - NRO information & institution information (see datasets above), eduroam SP proxy authentication data (see dataset above) administrator input web server and application logs | Data is logged in the Managed SP RADIUS servers when a RADIUS authentication or response passes (user accesses eduroam at a hotspot connected to Managed SP) | Data is logged in the equipment when a RADIUS authentication or response passes (user accesses eduroam at that SPs location) |
| Data storage and access: | Data is stored in the database on the virtual machine that is operated in the infrastructure provided by GÉANT. The raw data is accessible only by the personnel of eduroam operations team. The virtual machine is maintained by the OT. | Data is stored in the Managed SP RADIUS servers, accessible to the eduroam operational team personnel and the registered hotspot operator | Data is stored in the equipment, accessible only to the hotspot operating personnel. |
| Data transfer: | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to end-users for credentialing, one variant to NRO personnel for general status updates) | No | No |
| Data retention: |
| ? | Depends on local the policy. |
| Personal data processed: | Yes | Yes | Yes |
Dataset content
| Data item | Component | Is personal data ? | |
|---|---|---|---|
| 1 | eduPersonTargetedId or equivalent user identifier Of NRO or SP administrator | eduroam Managed SP Web Frontend | Yes |
| 2 | First name and Last name Of NRO or SP administrator | eduroam Managed SP Web Frontend | Yes |
| 3 | Of NRO or SP administrator | eduroam Managed SP Web Frontend | Yes |
| 4 | Outer EAP-identity Users username@institution_domain, username can be anonymised but not all users do that | eduroam Managed SP RADIUS Servers | Yes |
| 5 | Calling-Station-Id Users MAC address | eduroam Managed SP RADIUS Servers | Yes |
| 6 | Chargeable-User-Identity Users anonymous ID | eduroam Managed SP RADIUS Servers | Yes |
Dataset content
...
No
...
eduroam CAT (todo)
...
Dataset content
Description of fields
The details of service related datasets (data collections) should be filled with a list of all kinds of data which is collected or processed by this service. The table should be filled by the Service Manager and afterwards reconciled with the GEANT Data Protection Officer in order to address GDPR requirements. One service often incorporates several datasets. <dataset_name> - name of dataset (collection of data processed in similar way). Dataset description: brief explanation of the kind of information or entities the dataset contains. Purpose of processing: what is purpose of data collecting and processing. Data source: what are source(s) of data - list of services, systems, applications, databases or similar source components, including user's input, from which data are being received. E.g. RIPE database, service ABC, organisation LDAP directory... Data storage and access: describe where the data are stored, backup-ed etc. and who has access to the data. Data transfer: list of other services, systems, applications, databases or similar destinations to which data are being sent. E.g. RIPE database, service ABC, GÉANT's database XYZ... Data retention: describe data retention policy ie. for how long data are stored before being deleted. E.g. 1 year, 2 years after contract ending, forever... Dataset content
|
...