Governance model for Educational Roaming (eduroam) in African research institutions
Abstract
Educational Roaming, “eduroam” is a globally accessible, secure wireless service for members of participating universities and research institutions. eduroam is a widely used example of a technology that uses trust and identity federations to share essential tools for collaboration and research by enabling visiting partners to use the Internet at trusting institutions. Identity is a key service provided by eduroam service, and use of the service is limited to active users from collaborating institutions and potentially collaborating institutions. As the popularity of eduroam increases, this freedom is in jeopardy as ransomware worms and network saturation potentially impinge upon providing consistent service levels at African member institutions. In addition, the high cost of an adequate Internet gateway in Africa, creates a supply side constraint, leading to de facto restrictions that other continental partners may not have to consider. The effects of this tension can cause degradation in services for the roaming user and could also spill over into the existing pool of network resources offered by the service provider. Some member institutions may address these problems by implementing overly restrictive policies, creating a very inconsistent experience when using eduroam between member institutions. These challenges may lead member institutions to discontinue support for eduroam or for prospective members to chose not to adopt eduroam. We used quantitative and qualitative methods to establish a baseline of Internet priorities. We performed deep packet inspection to reveal common categories of Internet resources, applications, and specific Internet hosts that are used at research institutions under our administration. We assigned a bandwidth cost of applications and used surveys to gauge relative importance of Internet resources, applications and hosts. After one year of service at NIAID African research institutions, this body of work produces a proposed convention for eduroam member institutions that introduces a behavioral policy for eduroam users and a scalable, platform independent configuration policy for member institutions.