For the sake of documenting complete data flows and producint producing the advisory for the NROs, IdPs and SPs, this data inventory contains the data that is processed by the eduroam core operations, but also NROs, SPs and IdPs.
...
logs of ETLR servers (contain IPaddress, MAC address, outer-identity, CUI, ON, ...)
eduroam F-ticks
Data is processed by GEANT central ops and NROs.
| GEANT central ops | NROs | |
| Dataset description: | Usage log messages for each international and national roaming authentication request. | Usage log messages for international and national roaming authentication request coming from IdPs belonging to that NRO. |
| Purpose of processing: | Log data provides basic statistical information about service usage. It provides statistics about the number of logins for national and international roaming. The data is used for generation of usage statistics that are publicly available at https://monitor.eduroam.org and for reporting to EC and other stakeholders. | Log data provides basic statistical information about the service usage. It provides statistics about the number of logins for national and international roaming. The data is sent to the GEANT central operations as requested by the eduroam service definition. Depending on the NRO practices, the data can processed by the NRO for creating usage statistics. |
| Data source: | NROs Federation top level Radius servers. | F-ticks data are generated by the data from RADIUS authentication requests or responses sent by the IdP, and that transverses the NROs Federation top level Radius servers. This happens in the event when a user access eduroam at a visited SP location and authenticates. |
| Data storage and access: | F-ticks data are stored in the SQL database that is operated in the infrastructure provided by CARNet. The raw data is accessible only by the personnel of eduroam operations team. | Depending on the NRO practices, data can be kept and stored by NRO as well. |
| Data transfer: | F-ticks data are not transferred to any other party or system. | F-ticks data are sent to the eduroam core operations. |
| Data retention: | F-ticks data are kept permanently.  | Depends on the NRO practices if they keep a copy and for how long. |
| Personal data processed: | Yes | Yes |
...
eduroam Database - Institution information
Data is processed by the eduroam central operations and NROs
| eduroam central operations | NROs | |
| Dataset description: | Institution information (IdP or SP), participating in eduroam service. | Institution information (IdP or SP) participating in eduroam service and belonging to the given NRO. |
| Purpose of processing: | Data is used to feed the central data repository for eduroam service. It provides information about Institutions that participate in the eduroam service as IdPs and SPs. The data is used for providing public available information about eduroam service, available at https://monitor.eduroam.org/. | Data is requested by the eduroam service definition. |
| Data source: | The eduroam database has been build as a central database with the mechanism that enables automatic data collection from (National) Roaming Operators - (N)ROs. (N)ROs should provide general data in the defined XML or JSON format. The data should be available at the specific, predefined URLs: http://www.eduroam.<tld>/general/<dataset-name> | Data is collected from the institutions participating in the eduroam in that NRO. Exact process is a matter of local implementation in a NRO. |
| Data storage and access: | Data is stored in the SQL database that is operated in the infrastructure provided by CARNet. The raw data is accessible only by the personnel of eduroam operations team. | Data is stored in the national eduroam web site. Data access is public. Additional storing locations may be implemented based on NROs practices. |
| Data transfer: | Data is not transferred to any other party or system. | - |
| Data retention: | Data is kept permanently. | |
| Personal data processed: | Yes | Yes |
Dataset content
| Data item | Is personal data (DPO fills in) | Comment | |
|---|---|---|---|
| 1 | instid - provided by the NRO | No | |
| 2 | ROid - Unique identifier provided by the database operator during the RO registration | No | |
| 3 | type - IdP, SP, IdP+SP | No | |
| 4 | stage - 0=preproduction/test, 1=active | No | |
| 5 | inst_realm - (only for IdP or IdP+SP) | No | |
| 6 | inst_name - institution’s corporate name | No | |
| 7 | address_street - institution’s address | No | |
| 8 | address_city - institution’s address: city | No | |
| 9 | coordinates - longitude, latitude, altitude of institution’s location | No | |
| 10 | inst_type - IEEE 802.11-2012, clause 8.4.1.34 Venue Info | No | |
| 11 | contact_name - institution’s contact: name | Yes | If contact is person |
| 12 | contact_email - institution’s contact: e-mail | Yes | If contact is person |
| 13 | contact_phone - institution’s contact: phone no. | Yes | If contact is person |
| 14 | contact_type - 0=person, 1=service/department | No | |
| 15 | contact_privacy - 0=private, 1=public | No | |
| 16 | info_URL - institution’s web page with the information related to the service | No | |
| 17 | policy_URL - institution’s Policy | No | |
| 18 | ts - date: last changed | No |
eduroam Database - Service Location information
| eduroam centra operations | NROs | |
| Dataset description: | Service Location information | Service Location infromations, from SPs belonging to the given NRO. |
| Purpose of processing: | Data is used to feed the central data repository for eduroam service. It provides information about Service Locations that are provided in eduroam by participating SPs. The data is used for providing public available information about eduroam service, available at https://monitor.eduroam.org/. | Data is requested by the eduroam service definition. |
| Data source: | The eduroam database has been build as a central database with the mechanism that enables automatic data collection from (National) Roaming Operators - (N)ROs.(N)ROs should provide general data in the defined XML or JSON format. The data should be available at the specific, predefined URLs: http://www.eduroam.<tld>/general/<dataset-name>. | Data is collected from the service providers participating in the eduroam in given NRO. Exact process is a matter of local implementation in a NRO. |
| Data storage and access: | Data is stored in the SQL database that is operated in the infrastructure provided by CARNet. The raw data is accessible only by the personnel of eduroam operations team. | Data is stored in the national eduroam web site. Data access is public. Additional storing locations may be implemented based on NROs practices. |
| Data transfer: | Data is not transferred to any other party or system. | - |
| Data retention: | Data is kept permanently. | |
| Personal data processed: | Yes | Yes |
Dataset content
| Data item | Is personal data (DPO fills in) | Comment | |
|---|---|---|---|
| 1 | instid - provided by the NRO | No | |
| 2 | ROid - Unique identifier provided by the database operator during the RO | No | |
| 3 | locationid - provided by the NRO | No | |
| 4 | coordinates - longitude, latitude, altitude | No | |
| 5 | stage - 0=preproduction/test, 1=active | No | |
| 6 | type - 0=single spot; 1=area; 2=mobile | No | |
| 7 | loc_name - location’s name | No | |
| 8 | address_street - location’s address | No | |
| 9 | address_city - location’s address: city | No | |
| 10 | location_type - IEEE 802.11-2012, clause 8.4.1.34 Venue Info | No | |
| 11 | contact_name - on site contact: name | Yes | If contact is person |
| 12 | contact_email - on site contact: e-mail | Yes | If contact is person |
| 13 | contact_phone - on site contact: phone no. | Yes | If contact is person |
| 14 | contact_type - 0=person, 1=service/department | No | |
| 15 | contact_privacy - 0=private, 1=public | No | |
| 16 | SSID - SSID used | No | |
| 17 | enc_level - supported encryption levels | No | |
| 18 | AP_no - number of APs | No | |
| 19 | wired_no - number of enabled sockets for wired access | No | |
| 20 | tag - specific characteristic(s): port_restrict, transp_proxy, IPv6, NAT, HS2.0 | No | |
| 21 | availability - 0=default, 1=physical access restrictions | No | |
| 22 | operation_hours - If service is not available 24 hours per day | No | |
| 23 | info_URL - info page with additional info in case of any restrictions | No | |
| 24 | ts - date: last changed | No |
...