2.2 ULAKBIM provides coordination between the participating organizations through their contact information, and maintains links with the European eduroam confederation and federations’ authentication servers.
2.3 ULAKBIM is establishes and operates a national authentication server network.
2.4 ULAKBIM keeps the publishing and connection information of eduroam member institutions and publishes them at www.eduroam.org.tr together with the contact information of the institutions so that users can receive technical support.
2.5 ULAKBIM ensures that the participating organizations adhere to the rules and procedures in this agreement.
2.6 ULAKBİM shall not charge any fees for the services it provides, and nor shall use for commercial purposes.
3.1 eduroam Turkey participating organization undertakes two different tasks as Identity Provider and Resource Provider.
3.2 The participating organization –either the Resource Provider or the Identity Provider– shall not charge any fees for the services it provides, nor shall seek any profit.
3.3 Roles and Responsibilities of eduroam Identity Provider
3.3.1 eduroam Identity Provider is an eduroam Turkey participating organization that provides authorization service with a username, password or certificate to enable access to its users within the organization and on eduroam member networks, as defined in the ULAKNET Usage Policy.
3.3.2 The identity provider must set up an authorization server within the terms set out in this policy. The identity provider having a secondary authorization server is preferable for redundancy.
3.3.3 The authorization servers of the identity provider must be accessible by the ULAKBIM eduroam national authorization server.
3.3.4 The identity provider should create an eduroam test account and submit the username and password to ULAKBIM for checking the connections and configuration. ULAKBIM must be notified before the test account is closed or its password is changed.
3.3.5 The identity provider should provide the necessary technical support for its users to connect from any eduroam resource provider.
3.4 Roles and Responsibilities of eduroam Resource Provider
3.4.1 eduroam Resource Provider is an eduroam Turkey participating organization that provides network access to eduroam member institution users within its campus within the framework of ULAKNET Usage Policy.
3.4.2 The resource provider should establish a structure that complies with the IEEE 802.1x authorization standards.
3.4.3 The resource provider may use any medium for eduroam access.
3.4.4 The resource provider should broadcast the eduroam SSID (wireless network name) in a visible way. It should use “eduroam” as the SSID in all lowercase letters.
3.4.5 The resource provider must allow at least the following services to run for eduroam users:
3.4.6 If the resource provider wants, they can define a dedicated VLAN for those who will connect to the eduroam network.
3.4.7 The resource provider has to store the network connection traces of the users so that the username, mac address and IP address information can be accessed at a later date. The traces to be obtained and stored from the Radius server must provide at least the following information:
3.4.8 The resource provider should keep and store the access traces in accordance with the provisions of the Turkish Penal Code, and present them when deemed necessary by the legal authorities.
3.4.9 The resource provider should publish local information about the eduroam service it has provided in Turkish and English in a dedicated area on the corporate web pages (Example: http://eduroam.universite.edu.tr).
Published information should include at least the following headings:
• Information on compliance with this agreement and a link to this agreement (http:// eduroam.org.tr/eduroam_politika. pdf);
3.5 Roles and Responsibilities of eduroam Users
3.5.1 The user’s own institution is the identity provider, and the institution he/she visits and wants to connect to the eduroam network is the resource provider.
3.5.2 The user is obliged to comply with the ULAKNET Usage Policy and the “Acceptable Use Policy” of the identity provider, if any. For this reason, the identity provider should inform users in its own institution about the policies it must comply with.
3.5.3 The user is responsible for the information he/she uses for network access. The identity provider provides its user with information such as username – password or certificate.
3.5.4 The user is responsible for checking that he/she is connecting to the real eduroam service and for the security steps to be implemented. It should only be connected to the broadcasts in the places specified in the eduroam federation and member institutions over the 802.1x secure network.
3.5.5 If the user suspects that his/her access information has been obtained by third parties, he/she should notify the identity provider.
3.5.6 The user should notify the resource provider and the identity provider about service interruptions and problems encountered in the eduroam network.
4. Communication
4.1 ULAKBIM can be reached via the e-mail address eduroam@ulakbim.gov.tr for eduroam-related matters.
4.2 ULAKBIM operates the eduroam-teknik@ulakbim.gov.tr news list, which includes the technical contact points of all Turkish eduroam Participating Organizations.
4.3 The Participating Organization should inform ULAKBIM about the contact details of the two technical contact points. Future changes in contact information should be notified to ULAKBIM.
4.4 The Participating Organization should notify ULAKBIM about issues such as security breaches, abuse or improper use, service interruptions as soon as possible.
5. Enforcement
5.1 This agreement has been prepared by ULAKBIM. The agreement that the participating organization will put into effect for its users must comply with this agreement.
5.2 ULAKBIM may amend this agreement upon the request of the European eduroam Confederation. The Participating Organization must re-sign the amended agreement.
5.3 The participating organization may cancel the agreement without giving any reason. The request for cancellation of the agreement must be notified to ULAKBIM at least 2 months in advance for the changes to be made in the eduroam service to be effective.
5.4 In cases where emergency interventions are required, ULAKBIM may stop the eduroam service partially or completely to protect the integrity and security of ULAKNET. In such a case, ULAKBIM informs the participating organizations about the event and its consequences.
5.5 ULAK-CSIRT alerts participating organizations about security vulnerabilities, security breaches and non-contractual uses via e-mail. If the warnings are ignored or the problem persists, ULAKBIM stops the participating organization’s access to eduroam.
5.6 The resource provider may block a specific user or identity provider by informing ULAKBIM to protect the security and integrity of their networks.
5.7 The identity provider may block one or more of its users from using the eduroam service.
The Signing Party agrees that ULAKBIM fully understands, recognizes and will comply with the eduroam Turkey Participation Agreement.
Click here to access the original of the eduroam Turkey Participation Agreement.