Security
How publicroam works
Participating organisations link their Wi-Fi network to publicroam’s authentication server. Through their Wi-Fi access points they broadcast the SSID ‘publicroam’. A visitor’s device with a publicroam account connects automatically and an authentication request is sent. If the credentials are correct, an approval is returned to the participating organisation. The organisation then grants the visitor access to its guest Wi-Fi network.
Stedelijk Museum Amsterdam
Open standards
Publicroam uses the open standards WPA2-Enterprise and RADIUS. Virtually all Wi-Fi equipment supports these. There’s no need to invest in new infrastructure. And once connected, publicroam is highly scalable; you can easily add new locations and access points.
Forum Standaardisatie advises public sector bodies to provide secure guest Wi-Fi access and to use WPA2-Enterprise for this.
Easy implementation
To offer publicroam you create a RADIUS link between the local Wi-Fi network and publicroam’s top-level RADIUS server. This is a standard configuration via your Wi-Fi admin interface. The organisation’s public IP addresses are whitelisted, after which you receive a shared secret and can complete the connection.
Minimal administration
Once connected, daily administration is minimal. Visitor support questions are handled by the publicroam helpdesk—so there’s no burden on the local IT helpdesk. Account issuance is automated as well—no extra work at the front desk.
Raadhuis Kerkrade
Wi-Fi network requirements
To connect, a Wi-Fi network must support 802.1X authentication with RADIUS (at least 802.11b and/or 802.11g). This is standard on virtually all professional Wi-Fi equipment. For a complete overview, download the full technical specifications.
Logging of data
During the user authentication process, data is exchanged with publicroam. This usage data includes, among other things:
– Timestamps of authentication requests and corresponding responses
– Outer EAP identity (User-Name attribute)
– MAC address (Calling-Station-Id attribute)
– Type of authentication response (i.e. Accept or Reject)
These data may be retained by an organisation and by publicroam for a maximum of three months. After that they must be deleted. They may only be used to provide and optimise the service, and for no other purpose.
Maankwartier Heerlen
Filtering and monitoring internet traffic
An organisation may filter internet access by, for example, blocking certain websites. Bandwidth per user may also be limited. A minimum requirement is that publicroam users can browse the internet and send/receive email at a reasonable speed. Another requirement is that any restrictions applied must be the same for all publicroam users.
Service Level Agreement (SLA)
When your organisation offers publicroam, an agreement will be concluded that includes an SLA. This sets out arrangements regarding, among other things, service availability and the handling of support requests from visitors and customers.
Amsterdam Public Library
Privacy and data processing
Respecting privacy is a core value of publicroam. Read more in our privacy statement.
Agreements with users
When a visitor signs up for the first time, they agree to the terms of use. These set out all agreements regarding the use of guest networks—among other things, that an account is personal, that it is not intended to remain continuously online at an organisation, and that users must follow standard netiquette, etc. If a visitor engages in activities that violate these terms, the account may be removed.
Participant portal
The details required to connect to the publicroam RADIUS are available in the publicroam participant portal. Access is provided once the participation agreement has been signed.