In 2002, the European Research and Education community set out to
create a network roaming service for students and employees in
academia [eduroam-start]. Now, over 10 years later, this service has
grown to more than 10,000 service locations, serving millions of
users on all continents with the exception of Antarctica.
This memo serves to explain the considerations for the design of
eduroam as well as to document operational experience and resulting
changes that led to IETF specifications such as RADIUS over TCP
[RFC6613] and RADIUS with TLS [RFC6614] and that promoted alternative
uses of RADIUS like in Application Bridging for Federated Access
Beyond web (ABFAB) [ABFAB-ARCH]. Whereas the eduroam service is
limited to academia, the eduroam architecture can easily be reused in
other environments.
First, this memo describes the original architecture of eduroam
[eduroam-homepage]. Then, a number of operational problems are
presented that surfaced when eduroam gained wide-scale deployment.
Lastly, enhancements to the eduroam architecture that mitigate the
aforementioned issues are discussed.