eduroam

Last updated:

4 months 2 weeks ago

Blog Manager

eduroam Service News Follow us on Twitter @eduroamuk - for news, interest, information, photos and fun. Contents - click on item and scroll to bottom of box to read item 15/04/19 - Advisory: EAP-PWD Vulnerability 12/10/18 - Advisory: Injection of Operator-Name attribute by the NRPSs 23/02/18 - eduroam Seminar pre-Networkshop 2018 - FreeRADIUS 4 etc 24/10/17 - Advisory: WPA2 Key Reinstallation Attacks vulnerability, KRACK 14/07/16 - Release of Technical Specification v1.4 10/05/16 - Advisory: Ending of RADIUS Accounting within eduroam(UK) 22/01/15 - eduroam Support Clinic Tues March 1st 14:15-15:30 18/09/15 - Advisory: Impact of change of Certificate Service CA for eduroam Home (IdP) service providers 27/01/15 - eduroam now available at seven hospitals in Cardiff 22/01/15 - eduroam Support Clinic Tues January 27th 10:45-12:00am 23/12/14 - Calling Station Identity 01/12/14 - New DNS Name for eduroam(UK) Support Server 19/12/14 - eduroam Support Clinic Tues January 6th 10:45am 28/11/14 - eduroam Support Clinic Tues December 2nd 10:45am 19/11/14 - Advisory: Microsoft Security Bulletin Affecting NPS and IAS 27/05/14 - eduroam training course June 11-12 Birmingham; Aug 6-7 Aug Bristol 08/04/14 - Advisory: OpenSSL TLS Heartbleed Vulnerability rev 1.1 21/02/14 - Auth Timestamp Feature on eduroam(UK) Support Server 30/10/13 - Release of FreeRADIUS 2.2.2 07/10/13 - Release of FreeRADIUS 3.0.0 17/09/13 - Release of FreeRADIUS 2.2.1 13/06/13 - Release of Technical Specification v1.3 13/06/13 - eduroam training course June 27 Glasgow 23/04/13 - eduroam training courses July 24-25 London 23/04/13 - Chargeable User Identity how-to guide now available in Library 25/03/13 - eduroam training courses May 2-3 Manchester 24/02/13 - Time for a review of your eduroam deployment - Technical Specification v 1.2 Main Changes from v 1.1 30/01/13 - Configuration Assistant Tool (CAT) now available - builds eduroam client installers for user devices 23/01/13 - Advice regarding keeping eduroam credentials secure 09/01/13 - eduroam(UK) Announcement of Change of Name of the Janet Roaming Service to eduroam(UK) 19/11/12 - Uptake of NAPTR record definition in DNS (to enable RadSec DD) is increasing 31/10/12 - eduroam(UK) Support Server Update: Nagios LG and check for NAPTR records 30/10/12 - Cisco ACS 5.4 released: now support Operator-Name 29/10/12 - Unscheduled service outage Friday 26/10/2012 1:02 AM - 9:48 AM 03/10/12 - Advisory: Improving Efficiency of International Authentication through utilisation of RadSec at National Level 11/09/12 - Advisory: FreeRADIUS 2.1.10,11,12 Security

Group administrators:

Edward Wincott

Stefan Paetow

Recent members:

Release of eduroam(UK) Tech Spec v1.3

Edward Wincott

Audience - eduroam(UK) system administrators and implementors

The eduroam(UK) Technical Specification 1.3 has now been released. The update primarly addresses the issues arising from the emergence of managed Visited service provision by commercial companies for existing eduroam participants. Such services are becoming widely included as part of out-sourced student accommodation agreements. Other changes are to the requirement for the maximum retention period of logs to not exceed 6 months. This has been removed since this is matter for the organisation's general data protection compliance and not the eduroam tech spec.

Changes introduced in Tech Spec 1.3

The discussion of participation models in chapter 2, Common Requirement and Recommendations, has been expanded in the interest of clarification and to illustrate that it is possible for a service to be provided on an out-sourced basis or on a completely managed basis.
Requirement 6, the stipulation of a six months maximum retention period for RADIUS logs has been deleted since the maximum retention period is a matter decided by the participant's general data protection compliance or other policy.
Wording added to the discussion section 2.3.2 to provide the reasoning behind removal of the maximum period for log keeping and to indicate best practice together with emphasising the reference to the Janet technical guide on logging. Minor wording changes also made to the first paragraph on time reference to improve readability.
Requirement 32, non-local realm name defined to describe names other than those associated with the local participating organisation or partners of an organisation providing a managed service. Authentication requests containing user names with such non-local realm must be forwarded to the NRPS but forwarding of requests containing local realm names to the NRPS is explicitly prohibited.
Requirement 35 and 36 expanded to include partner organisations in relation to administration of DNS domains from which realms are derived.
New Requirement 37 inserted to mandate forwarding of local authentication requests directly to a partner organisation’s Home RADIUS servers where a Visited service is provided in partnership with another organisation, for instance by a managed service provider, and to prohibit forwarding by the managed service provider of such authentication requests to the NRPS.
New Requirement 38 inserted to prohibit forwarding of requests between multiple partners where the partners are independent eduroam participants; i.e. bypassing the NRPS for authentications between partner organisations is prohibited. Note, this does not proscribe inter-organisation authentication between members of an association of co-operating organisations in which the association is a member of eduroam(UK) but individual organisations are not members in their own right.
Requirement 37 renumbered to 39 and all subsequent requirements to 54 incremented by 2.
Appendices updated.

Full specification published at:

https://community.ja.net/groups/eduroam/document/eduroamuk-technical-specification-v13

Also includes downloadable Word version of latest Technical Specification

Full web version and pdf of Technical Specification published at:

https://community.ja.net/library/janet-services-documentation/eduroamuk-technical-specification