Richard (12024-06-17): > There is a coordination, so you can use the same login data all over the > world. At least that's how it's supposed to work. But afaik the protocols > themselves aren't predefined. That's up to the local IT department how they > implement this. Authentication should always be done locally, with > synchronization between facilities. At least to my understanding, but I'm > no eduroam professional.
That would require that all establishments download and keep in sync the whole database of users of all other establishments. That is not sustainable, and I am not even talking about the privacy concerns. What happens is the local Radius for Eduroam forwards the authentication request to the Radius from the origin institution. For example, if the security officer of here.edu knows there was an incident on a local Eduroam IP, they can know it was authenticated for “anonym...@somewhere-else.edu”, and they need to ask to the security officer of somewhere-else.edu to get further details. > Am Mo., 17. Juni 2024 um 17:02 Uhr schrieb Vincent Lefevre < > vinc...@vinc17.net>: Please do not top-post. Regards, -- Nicolas George