This privacy notice communicates the privacy practices for HEAnet in the operation of eduroam. Please contact firstname.lastname@example.org with any privacy queries relating to the service.
Description of the eduroam Service
eduroam (education roaming) is a secure, worldwide roaming access service developed for the international research and education community. eduroam allows any user from an eduroam participating organisation to get network access at any location that provides eduroam service. The basic principle underpinning the security of eduroam is that the authentication of a user is carried out at his/her home organisation (the Identity Provider, or IdP) using the organisation’s specific authentication method. The authorisation required to allow access to local network resources is carried out by the visited organisation (the Service Provider, or SP). Thus, the eduroam roaming consortium is comprised of a number of legal entities: NROs, IdP’s and SP’s. National roaming operators (NROs) are entities that operate the eduroam service for a country or economy and coordinate the activity of Identity Providers (IdP’s) and Service Providrs (SP’s) in the respective territory.
HEAnet as National Roaming Operator
HEAnet is the NRO for Ireland. This means that HEAnet operates and maintains the national eduroam gateways (RADIUS servers). The basic premise of eduroam is that authentication of a user is carried out at his/her home organisation (the Identity Provider, or IdP) using the organisation's specific authentication method. The authorisation is required to allow access to local network resources is carried out by the visited organisation (the Service Provider, or SP). When a user connects to eduroam at a visited hotspot within Ireland, or an Irish user connects to eduroam while abroad, data is recorded in the Radius service log files of several entities. These entities may include the Service Provider, the eduroam NRO of the visited country or region, the eduroam NRO of the user’s home country or region and GÉANT as the intermediary between NROs, and the user’s IdP. The recorded details common to all such entities are:
- Timestamp of a user authentication.
- The user’s outer identity. At a minimum this identifies the user’s home organisation, for poorly configured mobile devices it may uniquely identify the user.
- The unique MAC address of the user’s mobile device.
- The identity of the visited organisation, where this information is provided by that organisation.
This information is used by HEAnet to operate, maintain and improve the national eduroam gateways. Log entries are kept for a period of 4 weeks for troubleshooting purposes and anonymised logs are retained for the purpose of generating report and generalised statistics. HEAnet may share contact details provided by a client with GÉANT in order to support the operation of the service. HEAnet also share certain anonymised data for statistical purposes. More information on the type of information that HEAnet collect can be found here: https://www.heanet.ie/who-we-are/our-policies/privacy-policy
GÉANT is the body which is responsible for the international coordination and interoperability of eduroam. As such GÉANT operates a number of services for the eduroam community, from the technical infrastructure at the European level to supporting services aimed at the worldwide community. Those services are maintained by the eduroam Operations Team. To view the general Privacy Notice for GÉANT, please visit the GÉANT website, www.geant.org.