Transcript Document


Minimal security requirements
Barcelona, 6th of September 2005
David Simonsen,UNI-C
"eduroam is a registered trademark of TERENA. David Simonsen is independent of TERENA."
User credentials
User credentials (i.e. username and password) must
stay securely end-to-end encrypted between the
personal device and the home institution when
traversing the eduroam infrastructure to ensure that
they will only be utilized by the user and his home
institution.
eduroam servers
NRENs and institutions taking part in the eduroam
federation must at all times run and maintain the
relevant eduroam services according to best practice
in order to ensure a generally high security level and
thereby trust in the eduroam federation. The NREN
and all connected institutions should provide:
- Two physically separated and dedicated RADIUS
servers, both connected to the eduroam servers at
the hierarchal level above
- - Restrictive router filters or firewall to protect the
servers
eduroam access points
Wireless access points providing eduroam connectivity
must be capable of providing 802.1X connectivity
with preferably WPA or WPA2 encryption or, as a last
resort, WEB (56/128) encryption.
Protection of the eduroam brand
All eduroam users must be properly authenticated,
using the eduroam authentication infrastructure,
before being authorized to use any eduroam related
resource.
Any unrelated resource being provided, promoted or
otherwise affiliated with the eduroam brand should be
handled as a security breach.
eduroam trademark
eduroam and the eduroam logo are trademarks or registered
trademarks of TERENA. TERENA members and other
international educational organisations already connected to
eduroam or that will be allowed to connect to eduroam are
allowed to use the eduroam trademarks only for eduroam
purposes or related publications.
The use of any eduroam trademarks by a third party must be
agreed with TERENA beforehand and must be used in a
manner that does not create potential confusion over the source
of eduroam.
If an eduroam trademark is used in the title of a publication,
seminar, conference, or similar, the following statement should
be used: "eduroam is a registered trademark of TERENA. [Insert
publisher, producer or provider name] is independent of
TERENA."