In eduroam, we distinguish between service providers and identity providers. A service provider offers network access for eduroam users. An identity provider incorporates its users in eduroam and provides authentication of its users.
An institution participating in eduroam normally assumes both roles. To benefit from the service, you must provide the service in your own domain.
Some companies, institutions or organizations wish to provide the service, even though their users do not belong to the educational field. They act solely as service providers.
The requirements for participation depends on the role.
Requirements for a service provider
- Sign the policy document (download it here).
- Establish a wireless network (IEEE 802.11) with WPA2 / AES or better encryption.
- Establish IEEE 802.1X access control.
- Use the SSID "eduroam".
- Give authorized users access to the internet.
- Establish a web page covering terms and access information (see below).
- Provide contact information and hotspot location information. The information is to be submitted in an XML-encoded format.
- Implement logging of assigned connections: Time, MAC address and the assigned IP number.
The web page about eduroam should be available on a web address of the form www.organisation.dk/eduroam/ with the following contents:
- Local AUP (Acceptable Use Policy).
- Information on encryption (normally WPA2/AES).
- Possibly a map indicating coverage.
- Link to eduroam.dk and eduroam.org.
Danish and English language should be covered in the webpage.
Requirements for an identity provider
An identity provider must meet the same requirements as a service provider. In addition, an identity provider must:
- Establish authentication of their users, including assigning an authentication method (EAP).
- Provide comprehensive installation instructions for its users. It is recommended to use the eduroam CAT.
- Establish logging of authentications and rejections.
How to get started