Acronyms and Abbreviations

The page provides a list of the terms used on the eduroam website. The terms, as defined here, are used in discussions and in the planned eduraom SA deliverables. As new terms emerge and become of relevance for eduroam service, they will be added to the list.

3G: 3G is an ITU term for the third generation of mobile communications technology. 3G promises increased bandwidth, up to 384 kbit/s when a device is stationary or moving at pedestrian speed, 128 kbit/s in a car, and 2 Mbit/s in fixed applications. Usage of the term 3G relates to the Universal Mobile Telecommunications System (UMTS) and associated technologies.
802.11: The first of the IEEE 802.11 standards for wireless networks operating on the 2.4GHz ISM band (Industrial, Scientific and Medical). It defines the MAC (Media Access Control) and PHY (PHYsical) layers of the wireless LAN. There are three non-compatible and different physical layers: FHSS, DSSS and Infrared (IR). The data rates for all are 1 and 2Mbps. The standard also defines WEP encryption.
802.11a: 802.11a IEEE standard specifies a wireless access protocol operating in the 5GHz band using orthogonal frequency division multiplexing (OFDM). 802.11a supports data rates ranging from 6 to 54Mbps.
802.11b: 802.11b IEEE standard specifies a wireless access protocol operating in the 2.4GHz band using CCK (Complementary Code Keying), a modulation technique that makes efficient use of the radio spectrum. 802.11b supports data rates ranging from 1 to 11Mbps.
802.11g: 802.11g IEEE standard specifies a wireless access protocol operating in the 2.4GHz band using orthogonal frequency division multiplexing (OFDM). 802.11g supports data rates ranging from 6 to 54Mbps 802.11g provides backward compatibility with 802.11b. (StB IEEE)
802.11h: 802.11h extends 802.11a to address the requirements of the European regulatory bodies. It provides dynamic channel selection (DCS) and transmit power control (TPC) for devices operating in the 5GHz band (802.11a). In Europe, there's a strong potential for 802.11a interfering with satellite communications, which have "primary use" designations. Most countries authorize Wireless LANs for "secondary use" only.
802.11i: 802.11i IEEE standard defines enhancements to the 802.11 MAC Layer to increase security. The existing 802.11 standard provides security only in the form of wired equivalent privacy (WEP), which specifies the use of relatively weak, static encryption keys without any form of key distribution management. This makes it possible for attackers to access and decipher WEP-encrypted data on a WLAN. 802.11i will incorporate 802.1X and stronger encryption techniques, such as AES (Advanced Encryption Standard).
802.16: The 802.16 IEEE standard set, the "Air Interface for Fixed Broadband Wireless Access Systems," is also known as the IEEE WirelessMAN air interface. It focuses on the efficient use of bandwidth between 10 and 66 GHz (the 2 to 11 GHz is covered by the 802.16a standard published in 2003) and defines a medium access control (MAC) layer that supports multiple physical layer specifications customised for the frequency band of use. Max bandwidth is 280 Mbps per base station.
802.1X: 802.1X is a IEEE standard for port based authentication for access to (W)LANs, originally intended for use in fixed networks. It is a layer 2 solution between client and wireless access point or switch
Access Control: The process of controlling access to a resource.
Access Point (AP): Access Point - a hardware device or an application that acts as a communication hub for users of wireless LAN devices that wish to be granted access to a wired LAN / Internet connection. An AP can simply act as a communication point to an Authentication Server or can provide heightened wireless security itself by restricting unauthenticated access to specific protocols for example (e.g. EAP access for 802.1X authentication). An AP primarily provides the connectivity.
Accounting: The process of collecting information about a user’s activity on the network, in order to make it possible to hold him accountable for his actions. It may collect information about the amount of time spent on the network, the services accessed while there and the amount of data transferred during the session. The collected data may be used for trend analysis, capacity planning, billing, auditing and cost allocation.
Authentication (AuthN): The process of verifying the identity of an entity, either in person or electronically, where credentials are requested and checked to verify or disprove an entity's claimed identity.
Authentication and Authorisation Infrastructure (AAI): An infrastructure that supports Authentication and Authorisation Services. The minimum service components would be the management of Identities and Privileges specific to users or resources. (New)
Authorisation (AuthZ or AuthR): The assignment of rights and capabilities granted to a specific Principal (such as a person). Normally Authorisation takes place when a user has been authenticated. Given an Authentication Assertion for an Electronic Identity for the requesting Principal, Authorisation is the process of deciding if a request to perform an action on a resource shall be granted or not. N.B.: The abbreviation AuthZ stems from the US-English spelling of Authorisation: Authorization
DES: Data Encryption Standard – Standard cryptographic algorithm developed by USA. DES uses 56-bit keys.
DHCP: Dynamic Host Configuration Protocol - a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device may get a different IP address every time it connects to the network.
Diameter: The Diameter base protocol is intended to provide an Authentication, Authorisation and Accounting (AAA) framework for applications such as network access or IP mobility. It evolved from the popular RADIUS protocol adding new features, such as the ability to ask for additional logon information beyond the basic authentication. Diameter supports user roaming.
DNS: The Internet Domain Name Service is a distributed application for the provision of a mapping between names and IP addresses and vice versa.
DNSsec: An extension to the Domain Name Service that offers enhanced security features for the exchange of DNS records
EAP: Extensible Authentication Protocol – a PPP authentication protocol that allows the plug-in of specific authentication mechanisms. EAP is a data link layer protocol for the optional IEEE 802.1X wireless LAN security feature. An Access Point that supports 802.1X and EAP acts as the interface between a wireless client and an Authentication Service, such as a Remote Authentication Dial-In User Service (RADIUS) server, to which the access point communicates over the wired network. There are a number of EAP types available today, examples are EAP-TTLS, EAP-TLS, PEAP and EAP-SIM.
EAP-TLS: Transport Layer Security (EAP Protocol), successor of SSL.
EAP-TTLS: Tunnelled Transport Layer Security (EAP protocol).
Home Institution (of a user): The institution where the eID of the user is registered, and has established credentials that give the user access to local resources such as network access. The user normally resides at this institution.
Identity Federation (or Federation): A Federated AAI containing multiple Identity Providers, trusted by the members of the federation.
Identity Management: The process of creating, maintaining, asserting and destroying Electronic Identities. Identity Management is managed by an Identity Provider.
Identity Provider (IdP): An entity in an AAI that performs Identity Management.
IEEE: Institute of Electrical and Electronics Engineers, Inc., a non-profit, technical professional association.
Institutional RADIUS Proxy Server: An institutional RADIUS server that, if the guest user’s Home Institution belongs to the same Identity Federation as the local institution, acts as a proxy server to forward the user’s authentication request via the National RADIUS Proxy Server to the Authentication Service of the user’s Home Institution. A successful authentication does not automatically authorize the user to roam and the RADIUS Server may pose an Authorisation query to an Authorisation Service or may itself perform an authorisation of the authenticated guest user.
International RADIUS Proxy Server: A RADIUS Server that acts as a proxy server to forward authentication requests between National RADIUS Proxy Servers. See Institutional RADIUS Proxy Server for further details.
Layer2: The OSI model: Layer 2 is the data link layer.
Layer3: The OSI model: Layer 3 is the network layer.
LDAP: Lightweight Directory Access Protocol, a directory service.
MAC address: Media Access Control address – also referred to as adapter or hardware address. A 48-bit or 64-bit interface address, often represented by a 12-digit (für 48-bit) or 16-digit (for 64-bit addresses) alphanumeric string, separated by dashes or colons into six (for 48-bit) or eight (for 64-bit) sets of two digits, that identifies every networking hardware device. For example, 00-20-78-A3-49-5E is a valid MAC address. Since network adapters exist that can be configured to change their MAC address to an arbitrary value, the identification provided by the MAC address cannot be considered globally unique and unforgeable.
National RADIUS Proxy Server: A RADIUS Server that acts as a proxy server to forward authentication requests to the user’s home institution either via another Institutional (or Regional) RADIUS Proxy Server within an NREN or via the International RADIUS Proxy Server.
NREN: National Research and Education Network
PAP: Password Authentication Protocol – a username/password-based authentication protocol used in PPP, developed by Cisco and Microsoft.
Proxy: A Proxy is an agent that sits between a Client and a Server. Clients are sometimes configured to use a Proxy, usually when accessing an HTTP server. The Client makes all of its requests to the Proxy Server, which then makes requests to the HTTP server and passes the result back to the Client. In this context also RADIUS servers that forward requests and responses on behalf of a Client or another RADIUS server is a Proxy.
RADIUS: Remote Authentication Dial In User Service - Transport protocol for AAA purposes.
SSID: Service Set IDentifier. 1-32 octets that identifies the wireless network. The client’s SSID must match the access point’s to associate. If the client sets an SSID of "Any" or _blank_ it will associate to the first active mode access point it finds or in other implementations the AP with the best signal quality, regardless of its SSID.
SSL: Secure Socket Layer is an application level security protocol that allows secure communications between users, providing privacy, data integrity and optional authentication.
TKIP: Temporal Key Integrity Protocol. An alternative to WEP that uses as 128-bit RC4 key for encryption and that allows for per-packet encryption and key rotation. Hardware that encrypts WEP can be modified by software to encrypt TKIP.
UMTS: Universal Mobile Telecommunications System - a third generation (3G) wireless standard widely embraced in Europe and other countries with GSM infrastructure. According to the GSM association, UMTS will offer a wide range of voice, data and multimedia services. Data rates will reach from 114 to 2000 kbit/s (or 2 Mbps) depending on whether the user is stationary or in motion.
Visited Institution (Guest Institution): An institution that a user is “visiting” (guest user). The user is normally registered at their Home Institution.
Visitor User (Guest User): A visitor user or guest user is a user that connects to a visited institution.
VLAN: Virtual LAN (VLAN)- A group of devices on one or more LANs configured, using management software, to communicate as if attached to the same wire when in fact they are physically connected to different LAN segments. These logical connections are very flexible.
Web Based Network Login: Access to the network is granted at the border of the network where the session is intercepted. The user receives a web page where the credentials need to be entered to allow traffic to pass through.
WEP (Wired Equivalent Privacy ): WEP is an optional security mechanism defined within the 802.11 standard designed to make the link integrity of wireless devices equal to that of a cable (unmatched goal, WEP provides a weak security only) (see also: 802.11i).
Wireless Fidelity (Wi-Fi): Wireless Fidelity - is meant to be used generically when referring to certain recent types of Wireless LAN standards created by IEEE 802.11. Any products tested and approved as "Wi-Fi Certified" (a registered trademark) by the Wi-Fi Alliance are certified as interoperable with each other, even if they are from different manufacturers
WiMAX: WiMAX is another name (ETSI) for the 802.16 standards family.
Wireless: Equipment, service or technology for transporting data or information without wires but rather through air waves (frequencies) using radio or microwave technology.
(WLAN Roaming / Wireless Roaming): Wireless Local Area Network Roaming (WLAN Roaming) refers to the ability to move from one administrative domain to another without interruption in service or loss in connectivity. Wireless Roaming - refers to the ability for a guest user to gain as transparent and secure network access as possible at the guest institution, to either gain restricted access to the Internet or be given a connection to the user's home institution network to authenticate and gain access to resources as authorized by the guest or home institution.
WiFi Protected Access (WPA): Wi-Fi Protected Access. An IEEE 802.11i "snapshot" promoted by the Wi-Fi Alliance and their members. It is a replacement for the weak WEP protection and uses IEEE 802.1X a with TKIP encryption or preshared secrets.