Child pages
  • A guide to eduroam Managed IdP for IdP administrators

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
outlinetrue

Terms of use

eduroam IdP administrators are bound by the requirements as set forth in the eduroam Service Definition. The specific service eduroam Managed IdP

...

Introduction

eduroam needs some additional terms on top of that baseline.

These terms and conditions are displayed and need to be acknowledged by eduroam Managed IdP administrator before they can start using the system (pop-up with sign-off requirement):

As an eduroam IdP administrator using this system, you are authorized to create user accounts according to your local institution policy. You are fully responsible for the accounts you issue. In particular, you:

  • only issue accounts to members of your institution, as defined by your local policy;
  • must make sure that all credentials that you issue can be linked by you to actual human end users of eduroam;
  • have to immediately revoke credentials of users when they leave or otherwise stop being a member of your institution;
  • will act upon notifications about possible network abuse by your end users and will appropriately sanction them.

Failure to comply with these requirements may lead to the deletion of your IdP (and all the users you create inside) in this system.

With this product, eduroam Operations is not interested in and strives not to collect any personally identifiable information about the end users you create. To that end:

  • the usernames you create in the system are not expected to be human-readable identifiers of actual humans. We encourage you to create usernames like 'hr-user-12' rather than 'Jane Doe, Human Resources Department'. You are the only one who needs to be able to make a link to the human behind the identifiers you create;
  • the identifiers in the eduroam access credentials are not linked to the usernames you add to the system; they are pseudonyms;
  • each access credential carries a different pseudonym, even if it pertains to the same username.


eduroam end users are being presented a lightweight terms of use by the time they visit the download page for eduroam installers. Downloading the installer in question is deemed acceptance of those terms:

You can now download a personalised eduroam® installation program.The installation program is strictly personal, to be used only on this device (device identifier, such as "Linux"), and it is not permitted to share this information with anyone.

When the system detects abuse such as sharing login data with others, all access rights for you will be revoked and you may be sanctioned by your local eduroam® administrator.

Purpose and scope

eduroam Managed IdP's purpose is to support you, an eduroam Identity Provider administrator, by allowing you to manage your eduroam end user base through a simple web interface, without a need for local technical infrastructure such as RADIUS servers or an identity management system.

...