1 Policy Statement 

This Policy sets out the requirements for the use of the secure, worldwide roaming access service ‘eduroam’ provided by AARNet for Sydney School of Entrepreneurship (SSE) campus and other locations in ways that uphold our guiding principles: 

• Make opportunity accessible; 
• inspire change;
• always adapt; and
• deliver impact. 

2 Scope 

The policy applies to all SSE employees, Interns, Board and Committee members, contractors and consultants (hereafter referred to as a SSE Team Member). All policies, procedures and guidelines must comply with this framework. 

3 Definitions 

eduroam means the ‘education roaming’ service. eduroam is a global service, enabling staff and students of educational, research and related institutions to visit another eduroam participating institution and connect to the visited institution’s wireless network automatically. 

AARNet means the ‘Australian Academic and Research Network’. AARNet is the eduroam AU national roaming operator (NRO) hosting the national eduroam infrastructure and enabling Australia’s research and education institutions to participate in eduroam nationally and globally. 

SSE means Sydney School of Entrepreneurship, a partnership between the 11 NSW based universities and TAFE NSW. 

SSE campus means building J, 651-731 Harris Street, Ultimo NSW 2007, Australia. 

User(s) means anyone using eduroam, which is available to general staff academics, researchers and students from eduroam participating educational, research and related institutions globally. 

Institution means any research or education institutions providing eduroam. Institutions also include other universities, research organizations, schools, vocational training providers, galleries, libraries, archives and museums. 

Home institution means the institution where staff, academics, researchers or students are enrolled. 

4 Roles and Responsibilities 

4.1 Chief Executive Officer (CEO) 

The SSE Chief Executive Officer (CEO) has ultimate responsibility and accountability for the access to and use of eduroam at SSE. 

4.2 Management 

Directors and decision makers at all levels in SSE are accountable for ensuring that all SSE Team Members only access eduroam in accordance with this policy. 

4.3 Ongoing Administration 

All employees are accountable for compliance with eduroam policies and procedures in their day to day roles. 

5 Eduroam Policy 

Trust in eduroam authentication is underpinned by use of a secure technical infrastructure, protocol and eduroam policies to which all eduroam participants are required to comply – ensuring that user credentials are kept secret between users and their home institution. By participating in eduroam AU, SSE agrees to conform to the Global eduroam Policy and the eduroam AU policy, maintained by AARNet as the NRO. 

5.1 Using eduroam at SSE 

User should configure eduroam authentication locally, at the home institution, before traveling to SSE campus by using the authentication parameters provided by the home institution local eduroam webpage. Other eduroam participating institutions similarly grant network access to visiting users from SSE. 

SSE provides full outbound access with public IP addresses. Inbound access is restricted. Services running on user’s devices may not be accessible externally while connected to SSE network. 

5.2 User’s responsibility in using eduroam 

The eduroam AU policy states that users must conform to their home institution’s network Acceptable Use Policy (AUP). 

As the community of users of eduroam consists of users from institutions engaged in research and/or education, an assumption underpinning eduroam trust is that those institutions will have equivalent network acceptable use policies, including restrictions on activities which may be performed on the network. 

SSE reserves the right to monitor use of its eduroam network. If SSE’s technology usage policy is contravened by the user, SSE reserves the right to prevent access and report the action to the user’s home institution. The user’s home institution is expected to respond as if the incident occurred on the home institution’s own network. 

5.3 User’s privacy 

When using eduroam, the eduroam protocol prevents institutional password from being revealed to any eduroam server other than the home institution’s eduroam server. The login password is protected and remains private between user and the home institution. 

The username is visible to SSE institutional RADIUS server and national and global eduroam infrastructure servers involved in routing authentication request from the user’s device to the home institution and may be included in logs. Such logs are required to be protected by the institution running the RADIUS server. 

5.4 Eduroam trust model 

Eduroam trust model between institutions remotely authenticating users and other institutions providing network access via eduroam, is supported by the ability to track a practical network access event to an authentication of the user by their home institution. Home institutions are expected to take appropriate action on behalf of visited institutions in case a user does not comply with the visited institution’s network AUP. 

In order to provide this traceability, remote authentication and network access transactions via eduroam are logged by SSE. Usage logs are used for the purpose of service trouble-shooting and user support as referred in eduroam AU Policy and retained for a period of six months. Access to usage logs is restricted to authorised personnel and authorities as required by the law. 

5.5 SSE’s Wireless Settings SSID (Network Name)  eduroam (case-sensitive) 
Wireless Network Connection Protocol  WPA2 Enterprise 
Data Encryption Method  AES 

Authentication parameters: Security 

WPA2-Enterprise 
Encryption  AES 
EAP Method  PEAP 
Inner Method  MSCHAPV2 
Identity  @sse.edu.au 
Anonymous Identity  Do not configure an anonymous identity 
CA Certificate  Select