eduroam: the killer app for the internet of the 21st century
What started as an annoyance for a SURF employee led to a service that provides secure wifi at 30,000 locations with a single account: eduroam. A lot has happened in the intervening 18 years. What exactly is eduroam and why is it the killer app for the internet of the 21st century?
The early days of wifi: how to use it safely?
It is 2002. SURFnet has been in existence for 14 years and during that time has played an important role in the development of the internet, particularly in the Netherlands. At the end of the 1980s, many educational and research institutions had their own networks. SURFnet united all those networks, resulting in its first own network in 1990: SURFnet2, with a maximum capacity of 64 Kb/s. Since then, the SURFnet network has become faster and faster, of course, and new developments such as WiFi have also made their appearance towards the end of the 20th century.
Wifi of course offers great advantages over wired internet. But in the early days, the question is how to use wifi safely. That is what Klaas Wierenga is working on at SURFnet around 2000. He also thought about how to facilitate guest use of networks: so that a student at the UvA could easily make use of the RUG network, for example. The first contours of what eduroam (with a lower-case letter!) will become are emerging.
(text continues after video)
Solution for an annoyance
Wierenga: "In those early days, around the turn of the century, we were still experimenting with wifi, it was still in its infancy. At the time, I wondered why I had to sign up for the wifi network at every university I went to. I wanted a solution to this annoyance, and I started to think of one myself. So when a student came to me sometime in 2002 and asked me if I had an internship assignment for him, I knew just the thing.
Paul Dekkers is that internship student. He still works at SURF. "Klaas had an idea for how we could use WiFi technology to enable secure guest use of WiFi networks. We wanted to do a pilot with a new technology based on federated identity management. To see if what we had thought up on the drawing board would also work in practice."
This proved to be the case. The pilot is successful in the Netherlands: all universities and most colleges are participating. The service went into production under the name eduroam (education roaming). In 2003, eduroam was adopted by GÉANT, the umbrella organisation for all European research and education networks, to which SURF belongs. GÉANT makes eduroam available for international use, with the help of an EU grant.
Over the past 18 years, eduroam has taken the education and research community all over the world by storm. eduroam is now available in 30,000 locations in 106 countries. Tens of millions of eduroam authentication requests are processed every day around the world.
Network of authentication servers
Via eduroam, users can connect their wireless device to the network of the institution where they are a guest. Provided, of course, that institution also offers eduroam. For example, a student is studying at Delft University of Technology, but is doing an internship at the University of Capetown. She can use the fixed and wireless network at both institutions via eduroam, without any extra configuration, safely and super fast.
The basis of eduroam is a network of authentication servers: each participating institution has its own authentication server which contains the data of its own users. All these authentication servers are directly connected and share data with each other on the basis of a relationship of trust.
Online in a split second
Imagine: Saskia is studying in Delft, but is now doing an internship in Cape Town. She wants to log on to the university's eduroam network. The following process takes place:
- Saskia's computer or phone automatically recognizes the eduroam network of the University of Capetown and wants to connect, just like when Saskia walks into TU Delft.
- The network cannot authenticate Saskia because the University of Capetown does not have her credentials. The network does see that Saskia has an eduroam account at TU Delft, and sends an authentication request to TU Delft's authentication server through a secure connection. This is the only place where Saskia's credentials are known, so it can check whether Saskia is entitled to log in.
- Saskia's eduroam account is indeed valid and TU Delft's server sends a confirmation of this to Cape Town, via the same secure connection.
- The University of Capetown network gives Saskia access, and she can surf the web to her heart's content.
This whole process goes:
- without any extra configuration for Saskia, as the login to eduroam is completely automatic, both at her home and host institution.
- Secure, because Saskia's credentials are only at TU Delft and are not sent to the host organisation. The entire authentication process takes place at TU Delft.
- Super fast; Saskia is online within a split second.
eduroam began as a technical experiment, but 18 years later it is a service that makes cooperation easier, increases trust and, of course, offers great convenience. Product manager Florian Draisma: "What I often hear is that people find it so special when they are far from home to suddenly find that they are connected to their trusted eduroam. And that they then immediately know that they have a reliable internet connection and don't have to worry about the dangers of public, often poorly secured networks. I think it's great that people are so happy about it.
Wierenga: "My most special eduroam moment was in Washington DC, when I suddenly had a connection at the Museum of Natural History. And then I heard that all the museums in Washington were offering eduroam. That's when I realised eduroam had become bigger than we could have ever imagined in the early days.
eduroam broadens its horizons
The concept that you can use each other's network is, of course, not only applicable to education. The eduroam concept was developed with government funding, so it's logical for SURF to help make it available to other sectors too, for example by sharing the software open source.
In 2015, SURF 'exported' the idea to the public sector. By now 300 government bodies, such as municipalities and ministries, are connected to the government variant of eduroam: govroam (also with a lowercase letter). Dekkers: "And we are always looking to see whether there are other public locations where the concept can be applied (and is often already being applied). Think of airports, train stations, museums, libraries and city centres.
Creator Klaas Wierenga was inducted into the prestigious Internet Hall of Fame in 2019 for his work on eduroam. "Of course I'm proud of that, but above all I'm proud that a brainchild of mine has made it this far in the world. That it has contributed to researchers, teachers and students all over the world having safe and reliable access to the internet."