General

Access to eduroam Operations Support Services is restricted to authorised National Roaming Operator (NRO) personnel (a.k.a. "federation operators") and their registered eduroam Identity Providers (IdPs) and eduroam Service Providers (SPs).

Access is granted by logging into the eduroam web authentication proxy - the credentials used for this login are NOT eduroam credentials, but instead web SSO logins of academic AAI federations or, if such a federation does not exist for the user, social media providers.

User accounts are authorised for various eduroam Operations Support Services by adding appropriate privileges to the accounts on the eduroam web authentication proxy. This is done by eduroam Operations team sending a one-time token which, when redeemed, adds the privilege level to the user account.

Adding federation operator privilege level to a user account

The workflow for making a user account a recognised federation operator account are as follows; details for each step are given below:

• Ensure that name and email address of the user are listed in the official eduroam database
• Contact eduroam Operations, requesting the one-time token for adding the privilege
• Consume the one-time token by clicking on the corresponding link in the invitation mail and logging into the eduroam web authentication proxy

Listing user in the official eduroam database

The eduroam database is populated by parsing federation-provided metadata once every day. The data is expected on the main eduroam website of the federation, which is usually www.eduroam.TLD (where TLD is the country-code top-level domain of the federation); exceptions for the domain name exist.

The file to populate for federation administrator contact information is

http://www.eduroam.TLD/general/realm.xml

The contents of this XML file are defined in the Schema and example XML files exist at monitor.eduroam.org.