eduroam: the killer app for the 21st century internet
The early days of Wi-Fi: how to deploy it securely?
It is 2002. SURFnet has been around for 14 years and during that time it has played an important role in the development of the internet, especially in the Netherlands. In the late 1980s, many educational and research institutions had their own networks. SURFnet united all those networks, culminating in the first network of its own in 1990: SURFnet2, with a maximum capacity of 64 Kb/s. Since then, the SURFnet network has become faster and faster, of course, and new developments such as wifi also make their appearance, towards the end of the 20th century.
Wifi, of course, offers great advantages over wired internet. But in the early days, there is a question of how to use wifi securely. That is what Klaas Wierenga is working on at SURFnet around 2000. He also thinks about how to facilitate guest use of networks: so that you, as a UvA student, can easily use the RUG network, for example. The first contours of what will become eduroam (with a lowercase letter!) are emerging.
Solution to an annoyance
Wierenga: "In those early days, around the turn of the century, we were still experimenting with wifi, it was still in its infancy. At that time, I wondered why I had to re-register for the wifi network at every university I walked into. I wanted a solution to that annoyance, and I started thinking of one myself. So when sometime in 2002 a student came to me asking if I had an internship assignment for him, I knew one for him."
Paul Dekkers is that internship student. He still works at SURF. "Klaas had an idea for how we could use Wi-Fi technology to enable secure guest use of Wi-Fi networks. We wanted to pilot a new technology based on federated identity management. To see if what we came up with on the drawing board would work in practice."
It turns out to be so. The pilot is successful in the Netherlands, with all universities and most colleges participating. The service goes into production under the name eduroam (education roaming). In 2003, eduroam is adopted by GÉANT, the umbrella organisation of all European research and education networks, to which SURF belongs. GÉANT makes eduroam available for international use, with the help of an EU grant.
Over the past 18 years, eduroam has taken the education and research community around the world by storm. eduroam is now available at 30,000 locations in 106 countries. Tens of millions of eduroam authentication requests are processed around the world every day.
Network of authentication servers
Through eduroam, users can seamlessly connect their wireless device to the network of the institution where they are guests. Provided, of course, that institution also offers eduroam. For example, a student is at TU Delft, but has an internship at the University of Capetown. She can use the fixed and wireless network at both institutions via eduroam, without extra configuration, securely and super-fast.
The basis of eduroam is a network of authentication servers: each participating institution has its own authentication server that holds the data of its own users. All these authentication servers are directly connected to each other, sharing data based on a trust relationship.
Online in a split second
So suppose: Saskia is studying in Delft, but is now doing an internship in Cape Town. She wants to log in to the university's eduroam network there. The following process kicks in:
- Saskia's computer or phone automatically recognises the University of Capetown's eduroam network and wants to connect, exactly like when Saskia walks into TU Delft.
- The network cannot authenticate Saskia itself, as the University of Capetown does not have her credentials. The network does see that Saskia has an eduroam account at TU Delft, and sends an authentication request to TU Delft's authentication server via a secure connection. That is the only place where Saskia's credentials are known, and which can therefore check whether Saskia is entitled to log in.
- Saskia's eduroam account is indeed valid and TU Delft's server sends a confirmation of that to Cape Town, via the same secure connection.
- The University of Capetown's network gives Saskia access, and she can surf the internet to her heart's content.
This whole process goes:
- without any extra configuration for Saskia, because logging into eduroam is completely automatic, both at her home and host institution.
- secure, because Saskia's credentials are only at TU Delft, and are not sent to the host institution either. The entire authentication process happens at TU Delft.
- super fast; within a split second Saskia is online.
Easier collaboration
So eduroam began as a technical experiment, but 18 years later is a it service that makes collaboration easier, increases trust and, of course, offers a lot of convenience. Product manager Florian Draisma: "What I often hear is that people find it so special to suddenly notice in places far from home that they are connected to their trusted eduroam. And that they then immediately know that they have a reliable internet connection and so do not have to worry about the dangers of public, often poorly secured networks. I really like that, that people are so happy with it."
Wierenga: "My most special eduroam moment was in Washington DC, when in the Museum of Natural History I suddenly had connection. And then I learned that all museums in Washington offer eduroam. That's when I did realise that eduroam had become bigger than we could ever have imagined in the early days.
eduroam broadens its horizons
Of course, the concept that you can use each other's network is not only applicable in education. The concept of eduroam was developed with public money, so it makes sense for SURF to cooperate in making it available to other sectors, for instance by sharing the software open source.
In 2015, SURF 'exported' the idea to the public sector. By now, 300 government bodies, such as municipalities and ministries, are connected to the government variant of eduroam: govroam (also with a lowercase letter). Dekkers: "And we are also constantly checking whether there are other public locations where the concept is applicable (and often already applied). Think airports, railway stations, museums, libraries and city centres."
Creator Klaas Wierenga was inducted into the prestigious Internet Hall of Fame in 2019 for his work on eduroam. "Of course I am proud of that, but above all I am proud that a brainchild of mine has made it this far in the world. That it has contributed to researchers, teachers and students all over the world having safe and reliable access to the internet."
- More about eduroam: eduroam.org or eduroam.co.uk or www.surf.nl/eduroam
- More about govroam: https: //govroam.nl/
- view eduroam's world map or timeline