Identity Management of Users in Eduroam
The goal of eduroam (educational roaming) has been to help users from the academic community in accessing Internet while they are visiting other academic institutions. A persistent, but privacy preserving, user identifier would be a valuable extension of the service. An equivalent of eduPersonTargetedId is useful in eduroam environment in cases when there's a requirement for Timely reaction to network incidents, reaction to minor incidents, identifying and reacting to the overuse of guest access, collecting guest usage statistics at the SP etc. It is a standard requirement that the Service Provider requires some information about the users. It is used to provide persistent user profiles and for accounting. True identity of the user is usually not required, but some form of an identifier, which remains the same for a given user using a given service and is always different for different users, usually is enough to solve most problems. Introduction in eduroam can be done step by step. When direct server-server RadSec connections become standard, this will introduce a new factor, which can be taken into account also in the CUI design. Some elements of the CUI RFC have not been implemented, the major one being the control of CUI during re-authentication. The current design can be easily extended and this additional feature will probably be added in the future.