Participation Agreement

1. Introduction and Purpose
This participation agreement defines the principles regarding the operation and control of mobile network access on the National Academic Network (ULAKNET), operated by the National Academic Network and Information Center (ULAKBİM), an institute of the Scientific and Technical Research Council of Turkey (TÜBİTAK). The word eduroam is an abbreviation of "educational roaming" in all lowercase letters and is a registered trademark of TERENA. Detailed information about eduroam can be found at www.eduroam.org and www.eduroam.org.tr.

2. eduroam Service Provider Duties and Responsibilities

2.1 ULAKBİM is the service provider responsible for the national eduroam service in Turkey. It is the authorized representative of the eduroam Turkey federation in cooperation with the European eduroam Confederation. 2.2 ULAKBİM ensures coordination by maintaining contact information among participating institutions and maintains connections with the authorization servers of the European eduroam confederation and federations.
2.3 ULAKBİM establishes and operates the national authorization server hierarchy.
2.4 ULAKBİM maintains the publication and connection information of eduroam member institutions so that users can receive technical support, and publishes this information, along with the contact information of the institutions, on www.eduroam.org.tr.
2.5 ULAKBİM ensures that participating institutions comply with the rules and procedures contained in this agreement.
2.6 ULAKBİM cannot charge any fees for the services it provides and cannot use them for commercial purposes.

3. Duties and Responsibilities of the Participating Institution

3.1 The eduroam Turkey Participating Institution undertakes two different roles: Identity Provider and Resource Provider.
3.2 The Participating Institution, as a Resource Provider or Identity Provider, cannot charge any fees for the services it provides and cannot use them for commercial purposes.
3.3 eduroam Identity Provider Duties and Responsibilities
3.3.1 The eduroam Identity Provider is the eduroam Turkey participating institution that provides an authorization service with a username, password, or certificate to enable its users to access the institution and eduroam member networks, as defined in the ULAKNET Usage Policy.
3.3.2 The identity provider must establish an authorization server within the provisions specified in this policy. Having a secondary authorization server is preferred for redundancy purposes.
3.3.3 The identity provider's authorization servers must be accessible by the ULAKBİM eduroam national authorization server.
3.3.4 The identity provider must create an eduroam test account and send the username and password to ULAKBİM for checking the connections and configuration. ULAKBİM must be notified before closing the test account or changing its password.
3.3.5 The identity provider must provide the necessary technical support for its users to connect from any eduroam resource provider.

3.4 eduroam Resource Provider Duties and Responsibilities

3.4.1 The eduroam Resource Provider is the eduroam Turkey participating institution that provides network access to users of eduroam member institutions within its campus in accordance with the ULAKNET Usage Policy.
3.4.2 The resource provider must establish a structure compliant with IEEE 802.1x authorization standards.
3.4.3 The resource provider may use any medium it wishes for eduroam access.
3.4.4 The resource provider must broadcast the eduroam SSID (wireless network name) in a visible manner. It must use "eduroam" in all lowercase letters as the SSID. 3.4.5 The resource provider must allow at least the following services to run for eduroam users:

? Standard IPSec VPN: IP protocol 50 (ESP) and 51 (AH) in both inbound and outbound directions; UDP/500 (IKE) only in the outbound direction,
? OpenVPN 2.0: UDP/1194,
? IPv6 Tunnel Broker service: IP protocol 41 in both inbound and outbound directions,
? IPsec NAT-Traversal UDP/4500,
? Cisco IPSec VPN over TCP: TCP/10000 only in the outbound direction,
? PPTP VPN: IP protocol 47 (GRE) in both inbound and outbound directions; TCP/1723 only in the outbound direction,
? SSH: TCP/22 only in the outbound direction,
? HTTP: TCP/80 only in the outbound direction,
? HTTPS: TCP/443 only in the outbound direction,
? IMAP2+4: TCP/143 only in the outbound direction,
? IMAP3: TCP/220 outbound only,
? IMAPS: TCP/993 outbound only,
? POP: TCP/110 outbound only,
? POP3S: TCP/995 outbound only,
? Passive FTP: TCP/21 outbound only,
? SMTPS: TCP/465 outbound only,
? SMTP - STARTTLS: TCP/587 outbound only,
? RDP: TCP/3389 outbound only,
? SIP: UDP/5060 inbound and outbound,
? RTP: UDP/16384 to UDP/16484 inbound and outbound,
3.4.6 If desired, the resource provider may define a dedicated VLAN for those connecting to the eduroam network.
3.4.7 The resource provider must store the network connection logs of users for future access to username, MAC address and IP address information. The traces obtained from and stored by the Radius server must provide at least the following information:
? The exact date and time of the authorization request;
? Information about the requesting Radius server;
? The response to the authorization request;
? Acceptance
Reason for rejection of the new authorization request.
3.4.8 The resource provider must keep and store access logs in accordance with the provisions of the Turkish Penal Code and present them to legal authorities when deemed necessary.
3.4.9 The resource provider must publish local information regarding the eduroam service it provides in Turkish and English in a dedicated area on its corporate web pages (Example: http://eduroam.universite.edu.tr). The published information must include at least the following headings:
? Information that this agreement must be complied with and a link to this agreement (http://eduroam.org.tr/eduroam_politika.pdf);
? ULAKNET Usage Policy URL link;
? Resource provider's Acceptable Use Policy URL link;
? A list or map showing the SSID information and coverage areas of the eduroam connection within the campus;
? If any, the resource provider's web caching server settings;
? The following information must be provided:

URL link to www.eduroam.org.tr and the official eduroam logo;
? Contact information for providing technical support to the eduroam service;
? If user activities are monitored, the method of monitoring, the duration of the data retention, and who has access to them must be clearly stated.

3.5 Duties and Responsibilities of eduroam Users

3.5.1 The user's own institution is the identity provider, and the institution they are visiting and wishing to connect to the eduroam network is the resource provider.
3.5.2 The user is obliged to comply with the ULAKNET Usage Policy and, if applicable, the identity provider's "Acceptable Use Policy". Therefore, the identity provider must inform its users about the policies they must comply with.
3.5.3 The user is responsible for the information they use for network access. The identity provider provides the user with information such as username, password, or certificate.
3.5.4 The user is responsible for verifying that they are connecting to the legitimate eduroam service and for implementing the necessary security measures. Only broadcasts located at locations specified by the eduroam federation and its member institutions should be accessed via a secure 802.1x network.
3.5.5 If the user suspects that their access information has been compromised by third parties, they should report the situation to their identity provider.
3.5.6 The user should report any service interruptions and problems encountered on the eduroam network to both the resource provider and the identity provider.

4 Communication

4.1 For matters related to eduroam, ULAKBİM can be contacted via the email address eduroam@ulakbim.gov.tr.
4.2 ULAKBİM operates the eduroam-technical@ulakbim.gov.tr ​​mailing list, which includes the technical contact points of all eduroam Participating Institutions in Turkey.
4.3 The Participating Institution must provide ULAKBİM with the contact information of two technical contact points. Any future changes to contact information must be reported to ULAKBİM. 4.4 The Participating Institution must report any security breaches, misuse or inappropriate use, or service interruptions to ULAKBİM as soon as possible.

5. Implementation

5.1 This agreement has been prepared by ULAKBİM. The agreement that the Participating Institution will apply to its users must comply with this agreement.
5.2 ULAKBİM may amend this agreement at the request of the European eduroam Confederation. The amended agreement must be re-signed by the Participating Institution.
5.3 The Participating Institution may cancel the agreement without giving any reason. The request to cancel the agreement must be notified to ULAKBİM at least 2 months in advance so that the changes to the eduroam service can take effect.
5.4 In cases where emergency interventions are required, ULAKBİM may partially or completely suspend the eduroam service to protect the integrity and security of ULAKNET. In such a case, ULAKBİM will inform the participating institutions about the event and its consequences. 5.5 ULAK-CSIRT will warn participating institutions via email about security vulnerabilities, security breaches, and unauthorized uses. If the warnings are ignored or the problem persists, ULAKBİM will suspend the participating institution's access to eduroam.
5.6 The resource provider may block a specific user or identity provider by informing ULAKBİM in order to protect the security and integrity of its own networks.
5.7 The identity provider may block one or more of its users from using the eduroam service.

Contractual link