Basic information on eduroam
The Eduroam system enables internet access via wireless and wired networks without having to contact the local web administrators. All participating institutions undertake to observe a common web security policy and to trust information provided by another member institution. In a typical situation, a portable computer user will access the internet in another Eduroam institution without reconfiguring anything. The internet connection settings used at their home institution will also be functioning at any location with an active connection to Eduroam network. This does not imply anonymous and uncontrolled access. On the contrary, each instance of network access is registered and any abuse can be traced back to a physical user.
Technical details
Eduroam network access requires 802.1x standard-compliant user authentication. Such authentication is applicable to both regular (wired) and wireless connections,
with the latter being presently most common.
The 802.1x standard allows to initially verify, if a user is authorized to access the network. This authentication can be carried out by various methods, however the actual method is always determined by home institution settings and not local network settings. In addition to authentication, the connection is also automatically encrypted with a single-use session key. This key is changed multiple times during a session. Based on authorization data, a user can be added to an appropriate authorization group and be granted appropriate rights. This approach makes possible a situation where a user has more rights at his home institution than network`s guest users, even though the connection settings are the same.
Eduroam in practice
The simplest example is a notebook with MS Windows installed and a fairly modern wireless network card. The user has a pre-configured network access to Eduroam. Network configuration enables 802.1x protocol authentication and specifies authentication method. Authentication data is usually stored on the computer. In this situation, the computer will be automatically logged in to Eduroam network whenever it is powered on within the network`s range. No additional configuration is necessary. If there are other pre-configured wireless networks also detected at the location, the user will be asked to choose the network to connect to. The procedure might be different for other operating systems, but in general, a proper configuration of network access at home institution should enable automatic access at any Eduroam location.
Source: www.eduroam.pl