eduroam Visitor Access (eVA) Pilot


eduroam Visitor Accesseduroam Visitor Access enables higher education and research institute visitors to access the secure and trusted eduroam Wi-Fi network. The service can provide temporary access to the eduroam network in a simple and secure manner.


eVA provides a mechanism that allows authorised staff at eduroam participating institutions to sponsor a visitor and issue temporary credentials to that person for a defined period. Institutional admin can determine who is eligible to sponsor visitors, and how long those visitors may gain access. Events such as conferences can be catered for by allowing delegates to SMS a keyword to a defined number and get an eduroam visitor account in response. By using SMS, we ensure that a valid cellphone number is linked to each account that is created.


The eVA service was developed by SURFnet in The Netherlands and is now available in a number of countries, including South Africa.


The South African instance of the eVA service can only be made to South African institutions that run their own eduroam identity provider, and who are already participating in the South African Identity Federation (SAFIRE). The reason for this is that eVA makes extensive use of the affiliation information that is provided by the Federation and cannot operate successfully without it.


If your higher education or research institute is interested in using eduroam Visitor Access, please get your eduroam administrator to contact us for more information.


South African Pilot


In South Africa, we're trialling a stand-alone version of eVA and are running a limited pilot of the service with selected institutions. We're the first NREN to use eVA in this way.


During the pilot, some functionality of eVA may not be available (notably 1-day SMS, which we are not certain we want to support in South Africa) and a long virtual mobile number (+27.87.240.5086.10020) is used for the keyword service.


The pilot is configured as a production-ready service and is maintained and backed up in much the same way as other eduroam infrastructure. However, it is provided on a best-effort basis: there may be unexpected teething problems as we refine the configuration. In particular, as we're the first roaming operator to deploy our own standalone instance of eVA, it is likely that we may encounter bugs that the developers are not yet aware of. We've done extensive testing ourselves, but this remains a possibility.


There is currently a single instance of the eVA RADIUS server, located in a data centre in Cape Town. This is similar to many of the institutional identity providers but does mean that - unlike the FLR servers - eVA may be affected by problems on the underlying network.


Nevertheless, the service should be stable and reliable enough to use for real-world visitors and events, and we would encourage pilot participants to do this. We don't learn anything unless people use the system.


Participants in the eVA pilot are expected to provide feedback about their experiences in order to help us improve the service before we make it more generally available. For this reason, you will be subscribed to a specific eVA pilot mailing list where this discussion can happen.


In order to comply with the South African eduroam policy and the underlying legislation, South African institutions may only provide visitor access to people who are over the age of eighteen. We've made a note of this on the eVA dashboard and in the manuals. (This is not a restriction in The Netherlands, where eduroam can be provided to K-12 learners.)