Participation Agreement
1. Introduction and Purpose
This participation agreement defines the operation and control principles of roaming network access within the National Academic Network (ULAKNET), which is managed by the National Academic Network and Information Center (ULAKBİM), a research institute under the Scientific and Technological Research Council of Turkey (TÜBİTAK).
The term eduroam is an abbreviation for “educational roaming” and is a registered trademark of TERENA. More details about eduroam can be found at:
• www.eduroam.org
• www.eduroam.org.tr
2. Responsibilities of the Eduroam Service Provider
2.1 ULAKBİM is the responsible service provider for the national eduroam service in Turkey and serves as the official representative of eduroam Turkey in collaboration with the European eduroam Confederation.
2.2 ULAKBİM maintains communication between participating institutions and manages the connections between European eduroam federations and their authorization servers.
2.3 ULAKBİM establishes and operates the national authentication server hierarchy.
2.4 ULAKBİM provides technical support by maintaining the publication and connection information of eduroam member institutions and lists these details, including contact information, at www.eduroam.org.tr.
2.5 ULAKBİM ensures that participating institutions comply with the rules and procedures set out in this agreement.
2.6 ULAKBİM cannot charge any fees for the services it provides and cannot use them for commercial purposes.
3. Responsibilities of the Participating Institution
3.1 Eduroam Turkey participating institutions undertake two distinct roles:
• Identity Provider (IdP)
• Resource Provider (RP)
3.2 A participating institution cannot charge fees or use services for commercial purposes, whether acting as a Resource Provider or Identity Provider.
3.3 Responsibilities of the Eduroam Identity Provider
3.3.1 The Eduroam Identity Provider (IdP) is an eduroam Turkey participating institution that ensures secure network access to its own users within its institution and across other eduroam networks, as defined in the ULAKNET Usage Policy.
3.3.2 The Identity Provider must establish an authentication server as outlined in this policy. A secondary authentication server is recommended for redundancy
3.3.3 The authentication servers of the Identity Provider must be accessible by the ULAKBİM national eduroam authentication server.
3.3.4 The Identity Provider must create an eduroam test account and provide the username and password to ULAKBİM to verify connection and configuration. Any password changes or account closures must be reported to ULAKBİM in advance.
3.3.5 The Identity Provider must provide technical support to its users for connecting to eduroam networks at other member institutions.
3.4 Responsibilities of the Eduroam Resource Provider
3.4.1 The Eduroam Resource Provider (RP) is an eduroam Turkey participating institution that provides network access within its campus to users from other eduroam member institutions in accordance with the ULAKNET Usage Policy.
3.4.2 The Resource Provider must establish a network infrastructure that is compatible with IEEE 802.1x authentication standards.
3.4.3 The Resource Provider may use any medium for eduroam access.
3.4.4 The SSID (wireless network name) for eduroam must be publicly visible and should be configured as "eduroam" in lowercase letters.
3.4.5 The Resource Provider must allow at least the following services for eduroam users:
Service Protocol/Port Direction
Standard IPSec VPN IP Protocol 50 (ESP) & 51 (AH) Inbound/Outbound
IKE (Internet Key Exchange) UDP/500 Outbound
OpenVPN 2.0 UDP/1194 Outbound
IPv6 Tunnel Broker Service IP Protocol 41 Inbound/Outbound
IPSec NAT-Traversal UDP/4500 Outbound
Cisco IPSec VPN over TCP TCP/10000 Outbound
PPTP VPN IP Protocol 47 (GRE) & TCP/1723 Inbound/Outbound
SSH TCP/22 Outbound
HTTP TCP/80 Outbound
HTTPS TCP/443 Outbound
IMAP2+4 TCP/143 Outbound
IMAPS TCP/993 Outbound
POP3 TCP/110 Outbound
POP3S TCP/995 Outbound
Passive FTP TCP/21 Outbound
SMTPS TCP/465 Outbound
SMTP - STARTTLS TCP/587 Outbound
RDP (Remote Desktop Protocol) TCP/3389 Outbound
SIP (Session Initiation Protocol) UDP/5060 Inbound/Outbound
RTP (Real-time Transport Protocol) UDP/16384-16484 Inbound/Outbound
4. Communication
4.1 For any eduroam-related inquiries, institutions may contact ULAKBİM via email at eduroam@ulakbim.gov.tr.
4.2 ULAKBİM manages the eduroam-teknik@ulakbim.gov.tr mailing list for all technical contacts of Turkey’s eduroam participating institutions.
4.3 Participating institutions must provide two technical contacts to ULAKBİM and notify them of any future changes in contact information.
4.4 Participating institutions must report security breaches, misuse, service interruptions, or policy violations to ULAKBİM as soon as possible.
5. Enforcement
5.1 This agreement is prepared by ULAKBİM, and the agreement signed by participating institutions must comply with this document.
5.2 ULAKBİM reserves the right to modify this agreement at the request of the European eduroam Confederation. Any revised agreement must be re-signed by the participating institution.
5.3 A participating institution may terminate the agreement at any time without providing a reason. However, ULAKBİM must be notified at least two months in advance to implement necessary changes.
5.4 In cases requiring urgent intervention, ULAKBİM may partially or completely suspend the eduroam service to protect the integrity and security of ULAKNET. Institutions will be informed of the incident and its consequences.
5.5 ULAK-CSIRT (Cyber Security Incident Response Team) will notify participating institutions of security vulnerabilities, breaches, or violations. If the institution fails to take corrective actions, ULAKBİM may suspend its eduroam access.
5.6 Resource Providers may block specific users or Identity Providers for security reasons, provided they inform ULAKBİM.
5.7 Identity Providers may restrict specific users from using eduroam services.