Eduroam is an initiative from TERENA which facilitates mobility among european researchers and students by offering 'wifi' connectivity in a series of institutions abroad which have joined the network. In this way, users from Eduroam participating institutions can access the Internet through the wireless networks of all the participating institutions.

The process of a user connecting to the wireless network of the visited institution is similar to connecting to his home wifi network: the username and password used for authentication are the same to his/her home network, the only difference might be the network access method.

XTEC participates in the Eduroam project offering access to their own users and users coming from other participating institutions, under coordination from CESCA (Catalonia Supercomputing Centre), which constitutes the technical and administrative link between participating institutions in the Eduroam project.

From the range of authentication methods to access Eduroam network (the 802.1x standard, web access control and access through private virtual networks, VPN), XTEC has implemented 802.1x
802.1x is one of the most secure authentication standards. It is necessari a client software to establish an authentication session. TERENA recommends this protocol to ensure that only authenticated users can access network resources

To access the XTEC wireless service, it is necessary to use the username and password.
You should add your institution domain (eg. @xtec.cat) to identify yourself correctly at the world eduroam hierarchy.

Identification: username@domain / password

General Principles

•Collaboration among eduroam members is based in mutual trust.
•Only members of one of Eduroam participating institutions will have access to mobility services.
•All participating institutions connect to Eduroam voluntarily
•Participating institutions may discontinue service if the load of managing it cannot be assumed
•In order to maintain the quality of the mobility service, the arising problems should meet a fast and effective solution, thanks to the collaboration and responsible attitude of all the participant institutions.
•Participating institutions should define its own mobility policies and made them public for visiting users as well as for their own users.

XTEC commitments

• XTEC will publish at its web site a list of participating institutions,as well as a link to their web sites where technical information about access methods and connecting procedures will be found
•XTEC will keep a record of all authentication sessions redirected through its central RADIUS server, and will store logs for a minimum period of six months, to allow the tracing of users for security purposes or system dimensioning.
•XTEC will keep updated and public this mobility policy and will keep informed the participating institutions of any changes in it.
•XTEC will provide the institution which requests it, information about a particular access to this institution's network, in case an abuse of resources or network services is detected, applying XTEC policies or the other institution policies.
•If this policy or the policy of use of the general project is not respected, XTEC reserves the right to terminate or modify the service for a particular user or for a whole domain, and will notify it to the affected institutions or users.

User obligations

•The user should respect his/her own institution policies as well as the visiting institution's policies, the mobility policy and the Eduroam project General use policy. Should some policies allow for different interpretations, the most restrictive will apply.
•The user is responsible of preserving his/her access credentials (username and password) and of his/her own acts and of anybody who logs in using his/her credentials
•Users should inform immediately the system administrator (eduroam@xtec.net) as well as his own administrator in case he/she believes an illegal access to the network has been made with his/her credentials or fears there is a risk of this.

Commitments of the institution when acts as an origin institution

•The origin institution is made responsible to inform and train their own users to respect the policies of use of the visited institutions
•The origin institution commits to provide support to their own users and inform them that they should contact to their home institution (ideally by telephone) for any technical doubt regarding the mobility service. Only when it has been demonstrated that the problem corresponds to the visited institution, the support will be redirected to the local contact.
•The origin institution is responsible to store and manage their own users' credentials (usernames,passwords, certificates, etc).
•The origin institution should have an authentication server to accept and process their users' credentials when they are roaming.
•The origin institution will keep a record of all authentication sessions exchanged with its central RADIUS server and will log them for a minimum period of 6 months to trace users for security or systems dimensioning reasons.
•If this policy or the general policy of use are not respected, the origin institution can terminate or modify service for a particular user.
•The origin institution will inform XTEC of any security incident or illegal activity detected where the mobility service may be involved, in order to solve it together

Committments of the institution when acts as a visited institution.

•The visited institution will publish at its web site technical information regarding access methods and connection procedures, as well as a link to XTEC web site on a description of the service will be found.
•The visited institution should cooperate with the user origin institution
•The visited institution will inform visiting users on the security levels used to transmit their credentials
•The visited institution should have an authentication server to process and securely redirect the visiting users credentials.
•The visited institution will keep a record of all authentication sessions against its central RADIUS server an will log them for a minimum of 6 months to trace a user for security or systems dimensioning reasons.
•The visited institution will keep a record of network access sessions.
•The visited institution will inform XTEC on any security incident or illegal activity detected where the mobility service might be involved, in order to solve it together.
•The visited institution reserves the right, without previous notice, to terminate or modify the mobility service for a particular user or for a whole domain should these policies of use not be respected.