Eduroam Turns Academics into Guests

By Adam Stone

May 11, 2005

The European service wants to make it easy for students and professors to use wireless at multiple campuses.

Campuses all around the world are rigged out with Wi-Fi these days. That's good news for visiting professors, who ought to be able to find a free desk, plug in, and start working.

Trouble is, these campus networks want authentication. That means the visiting professor has to find someone with network permissions access, register as a user, and get a guest password before beginning work. It can be slow going.

A European consortium of network gurus is developing a shortcut around this inconvenience. It's a solution that some say could also work for traveling executives visiting affiliated corporate campuses.

The project, known as EduRoam, allows users of participating institutions to access the Internet at other campuses by using their credentials from their home institutions. A visiting researcher tells the local network where to go to confirm his or her credentials. Once confirmed, the network issues limited access based on pre-set controls.

A wide range of European nations already are participating in the initiative, including the Netherlands, United Kingdom, Germany, Greece, Czech Republic, Spain, Portugal, Croatia, Slovenia, Denmark, Poland, Latvia, Finland, Norway, Luxembourg and Italy.

"It's all about fixing the problem of the roaming scientists," says Philippe Hanset, senior network engineer at the University of Tennessee and a participant in the EduRoam effort. "With increasing mobility and increasing authentication, you actually face a challenge. You have an increase in the availability of wireless networks, but your authentication is no longer ubiquitous because everyone is using their own protocols."

How to resolve the issue? "You create in the background a dynamic structure that allows the visited infrastructure to check your credentials all the way back to the home institution," he says. With universal implementation, "you will eventually roam freely around the planet between research and education institutions."

It need not stop there. Some analysts say the same simplified authentication protocols could just as easily have a place in the corporate world.

"I can also see this as relevant for multi-campus companies and companies that have ongoing relationships" with one another, says Ina Sebastian, a research associate at Jupiter Research. With increasing Wi-Fi deployments, she adds, "guest access has been of high interest in the enterprise WLAN space. We often hear about this in briefings and discussions."

In a March 2004 Jupiter executive survey, 46 percent of respondents said that providing connectivity to visiting employees ought to be one of the major benefits of deploying a WLAN in the office.

A July 2004 survey found 39 percent of companies support or plan to support remote offices with WLANs, while an earlier survey found that 43 percent of companies wanted remote worker support as a feature in their WLAN solution.

All these findings suggest that a demand is growing for simplified, universal authentication protocols. To maximize productivity, workers will need to be able to get onto the network quickly and easily.

In the United States, too, efforts are underway to address the issue of remote access and authentication. Within Internet2 exists a program known as FWNA, or Federated Wireless NetAuth. Much like EduRoam, this program is seeking a simplified means by which academics could roam easily from one school's wireless network to another merely by authenticating themselves via their home institutions. Hotspot back-end provider Airpath is using its own InterRoam clearinghouse system to help the Education First Network try to do something similar.

While EduRoam has made steady headway, Hanset says, this is by no means a slam dunk.

In the first place, he notes, while visiting users may appreciate the convenience of such a system, they may be wary of the security issues involved.

"You want to make sure that your credentials are not publicly available at the visited institution," Hanset says. "Do you feel comfortable revealing your name and password to my IT infrastructure? Do you know how secure my infrastructure is?"

A number of programs are seeking solutions to this problem, including the Internet2 project known as Shibboleth. That effort seeks to develop an open, standards-based solution by which organizations can exchange information about their users in a secure, private manner.

Host institutions, meanwhile, will have concerns of their own, especially regarding their ability to manage the behavior of visiting users. Will visitors respect the local IT policies? What actions will the network operator take if rules are broken? How will you even be able to contact the guest user if a policy issue should arise?

"This really is the biggest of the problems," Hanset says. "With technology issues, there are always solutions. But once you open your networks, these issues of policy become a real challenge."

Comment and Contribute
(Maximum characters: 1200). You have
characters left.