Featured post


Welcome to the govroam blog! We at Jisc are committed to keeping you all informed of the ongoing govroam service. We’ll use this blog to let you know how we are progressing, and aim to have some guest posts from those using the service too.

For those of you who want to know more about govroam, we have some information on the govroam service page.

If you are interested in the service, and would like to speak to a member of the service team, please fill in the contact form below


Govroam and the GDPR

AndrewMany, perhaps most, wifi access services across the public sector require some sort of authentication of people who use them. Since authentication involves some processing of personal data, it’s worth reviewing how different ways of doing that might be affected (or not) by the General Data Protection Regulation (GDPR) when it comes into force in 2018. Andrew Cormack, Jisc Technologies’ chief regulatory adviser, looks at the govroam model and its alternatives.

Govroam minimises the need to hold visitor personal data

Govroam provides both the best guarantees of good behaviour (since the user’s home organisation is required to deal with any breaches of visited site policy) and involves the least exchange of personal data. The visited site only knows where a roaming user comes from, not who they are, and sees no username, e-mail address or other information that would allow them to contact the user directly. The only thing provided by the home site is confirmation that the user has authenticated successfully and will be held to account for their behaviour, and a temporary session ID indicating which connection that applies to. That’s clearly the minimum needed to provide authenticated access, so “necessary for the purpose of the [user agreement] contract” under Article 6(1)(b) of the GDPR. Since UK govroam practice is that home sites do not disclose the identities of roaming users, it could be argued that, under the European Court’s judgment in Breyer, even the session ID isn’t personal data; however visited sites should probably treat it as a pseudonym (recognised by Article 25(1) of the GDPR as a helpful risk-reduction measure) and continue to keep it and any accompanying logs in accordance with their own security policies.

A definite pseudonym, the use of which is recommended to govroam home organisations, is the Chargeable User ID (CUID – see the corresponding eduroam statement; a govroam-specific policy is to follow). Like the session ID, only the home organisation can link this to an individual or use it to contact them. Home organisations should provide different CUID values to each visited organisation, preventing its use to track visitors between organisations. However CUID does enable a visited organisation to recognise when, for example, an individual is repeatedly logging in and causing problems for the service. Such problems should be resolved by the home organisation, but CUID can let the visited network implement temporary measures until that is done. Since CUID is not necessary to provide the service, the appropriate GDPR basis is likely to be that processing is in the legitimate interest of the visited site, for example to protect the availability of the service. This basis requires the organisation to balance its interests against those of the individual, so visited organisations requesting CUID should review the purpose(s) for which they plan to use it, implement appropriate retention periods and other controls, and then confirm that these do not involve an excessive intrusion into users’ privacy and other rights.

The GDPR compliance of alternatives should be considered carefully

Compare the GDPR-friendly govroam mechanism with alternative means to provide authenticated visitor access. Where wifi providers can’t rely on govroam’s strong guarantee that users are known to their home organisations and have passwords acceptable to those organisations, some use two-factor approaches instead. These typically ask the user to provide a mobile phone number or e-mail address to which a temporary authentication token can be sent. For a service concerned that usernames may be shared (either knowingly or not) it again seems reasonable to claim that this is a requirement of providing the service the user has requested. An e-mail address or mobile number is, however, likely to be considered as a direct identifier so there’s little doubt that these must be handled in accordance with the GDPR.

Some services request an e-mail address not in order to send a second authentication factor, but to allow the provider to identify patterns of suspicious use. In effect this is a less privacy-protecting (and less effective, since the user can give multiple e-mail addresses) equivalent of govroam’s CUID. Again it’s hard to claim that this is necessary for a contract but, given that Recital 49 of the GDPR recognises that processing personal data for network and information security may be a legitimate interest, that justification (Article 6(1)(f)) might apply instead. This requires, however, that the provider ensures (and, under the GDPR, documents) that their interest is not overridden by the rights and interests of the user. Since identifying patterns of use will require a directly-identifying email address to be kept over multiple login sessions, retention periods and the security of stored data will need careful consideration and implementation.

Finally, if personal data collected during registration or authentication are used for other purposes, then those activities must be justified separately under the GDPR. Some changes are likely to be needed to practices common under the previous Data Protection Directive (EU) and Act (UK). In particular, any use of addresses to send marketing e-mails must be opt-in; making such consent a condition of providing service is likely to be unlawful under Article 7(4).

Overall, the govroam solution to granting visitor access, which provides the in-depth audit trail that you might need through cooperation with a visitors’ home site, while minimising the personal data you need to hold, represents an effective way to meet the new requirements of GDPR.


This post was derived from an article soon to be available on Andrew’s regulatory developments blog (article URL to follow).

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

The Govroam community

The Govroam community is developing as follows (last updated 5 January 2018):

Organisations where Govroam is live:

  1. Royal Brompton and Harefield NHS Foundation Trust (3 sites)
  2. Kent PSN (300+ sites including health, council and blue light organisations): Kent County Council; Medway Council; Canterbury City Council; Borough Councils of Ashford, Gravesham, Maidstone, Swale, Tonbridge and Malling, Tunbridge Wells; District Councils of Dover, Sevenoaks, Shepway, Thanet; Health through North East London CSU; Kent Fire and Rescue Service; East Kent Housing; Marlowe Theatre
  3. Medway NHS Foundation Trust
  4. Yorkshire and Humber PSN (over 300 sites, their own organisation tracker here)

    • Local Authorities: Barnsley, Calderdale, Doncaster, East Riding of Yorkshire, Hull City, North Lincolnshire, North East Lincolnshire, Wakefield
    • NHS Clinical Commissioning Groups: Calderdale, Doncaster, Greater Huddersfield, North Kirklees, Rotherham, Wakefield
    • NHS Trusts/providers: Barnsley Hospital NFT, Calderdale and Huddersfield NFT, City Health Care Partnership CIC, Doncaster and Bassetlaw Teaching Hospitals NFT, Humber NFT, Leeds Teaching Hospitals NT, Mid Yorkshire Hospitals NT, Rotherham Doncaster and South Humber NFT, The Rotherham NFT, Sheffield Health and Social Care NFT, Sheffield Teaching Hospitals NFT, South West Yorkshire Partnership NFT
    • Transport: West Yorkshire Combined Authority
  5. NYnet:
    • North Yorkshire County Council
    • City of York Council
  6. London PSN:
    • Epsom and St Helier University Hospitals NHS Trust
    • London Borough of Brent
    • London Borough of Camden (108 sites)
    • London Borough of Haringey
    • London Borough of Islington
    • London Borough of Lewisham
    • Lewisham and Greenwich NHS Trust (2 sites)
    • London Grid for Learning Trust
    • Local Government Association
    • St George’s University Hospitals NHS Foundation Trust
  7. Wigan Health and Council organisations:
    • North West Boroughs Healthcare NHS Foundation Trust
    • Bridgewater Community Healthcare NHS Foundation Trust
    • Wigan Borough CCG (also included below as Greater Manchester Shared Services is a partner)
    • Wrightington, Wigan and Leigh NHS Foundation Trust
    • St Helens and Knowsley Teaching Hospitals NHS Foundation Trust
    • Bolton Metropolitan Borough Council
    • Wigan Metropolitan Borough Council
  8. Imperial College, London (visited, 14 sites)
  9. Queen Mary University of London (QMUL, visited, 5 sites)
  10. City, University of London (visited)
  11. University of London (visited)
  12. Norfolk County Council
  13. Jisc (Bristol, Harwell, London, Manchester and North Leigh offices)
  14. KHIPU HQ (Govroam visited site only, non public service organisations can host Govroam for visiting Govroam users)

Organisations where Govroam is actively being set up:

  1. Kent & Medway NHS and Social Care Partnership Trust
  2. East Kent University Hospitals NHS Foundation Trust
  3. London PSN (further organisations)
  4. North East London Commissioning Support Unit (over 160 customers, including clinical commissioning groups (CCGs) across England, in London, Essex, Hertfordshire, Bedford, Luton, East Anglia, Kent, Surrey, Sussex and Northamptonshire)
  5. Greater Glasgow & Clyde Health Board with Inverclyde Council (pilot for Scotland Wide Area Network)
  6. Yorkshire and Humber PSN – further sites:
    • 13 further CCGs (Airedale, Barnsley, Bassetlaw, Bradford City, Bradford District, East Riding, Hull, Leeds North, Leeds East, Leeds South, North Lincolnshire, North East Lincolnshire, Sheffield)
    • 5 further Local Authorities (Bradford, Kirklees, Leeds City, Rotherham, Sheffield City)
    • 7 further NHS Trusts (Airedale NFT, Bradford District Care Trust, Bradford Teaching Hospitals NFT, Hull and East Yorkshire Hospitals NT, Leeds and York Partnership NFT, North Lincolnshire & Goole NFT, Sheffield Children’s NFT)
    • Yorkshire Ambulance Service
    • 4 Police Forces (Humberside, North Yorkshire, West Yorkshire, South Yorkshire)
    • South Yorkshire Passenger Transport Executive
  7. Greater Manchester Clinical Commissioning Groups (via Greater Manchester Shared Services hosted by Oldham CCG, covering CCGs Manchester North, Manchester Central, Manchester South, Stockport, Tameside & Glossop, Bolton, Bury, Salford, Wigan, Heywood Middleton and Rochdale, Trafford, Oldham)
  8. Manchester University Hospitals NHS Foundation Trust
  9. Greater Merseyside Councils
  10. South London and Maudsley NHS Foundation Trust
  11. University College London (UCL)
  12. Goldsmiths, University of London
  13. Norfolk Community Health & Care NHS Trust
  14. Suffolk County Council and health partners
  15. Brunel University
  16. Teesside University

Organisations engaged with Govroam e.g. through the Roaming JISCMail list, London CIO’s Group, if not already mentioned:

  1. Maidstone & Tunbridge Wells NHS Foundation Trust
  2. Wales (via PSBA)
  3. Esk & Wear Valleys NHS Foundation Trust
  4. Cumbria health and social care organisations
  5. Northumberland Tyne and Wear NHS Foundation Trust
  6. eMBED Health Consortium, Sheffield
  7. University of Sheffield
  8. Cambridgeshire County Council
  9. Southend-on-Sea Borough Council
  10. The Link PSN – Sussex
  11. Portsmouth Council
  12. University of Portsmouth
  13. Hampshire Hospitals NHS Foundation Trust
  14. Hampshire Fire and Rescue Service
  15. Hampshire County Council
  16. University Hospital Southampton NHS Foundation Trust
  17. Southern Health NHS Foundation Trust
  18. Dorset CCG
  19. Dorset HealthCare University NHS Foundation Trust
  20. Gloucestershire CCG
  21. Salford Royal NHS Foundation Trust
  22. Countess of Chester Hospital NHS Foundation Trust
  23. London CIO interest including “Connect Anywhere” group
  24. 5 London NHS Sustainability and Transformation Plan (STP)/Local Digital Roadmap (LDR) footprints
  25. Richmond and Wandsworth Councils

The Govroam Companion app (iOS and Android compatible) is available free of charge and shows the individual sites where Govroam is live (over 750 logged so far)

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Govroam – Helping to bring together Health and Social Care – what’s happening?

It is great to see a set of partner organisations come together in a locality, be in country, region, county or natural community, and then using Govroam to allow staff roaming access to WiFi between the organisations. In health and social care in England this has often been helped by the coming together of organisations to create their Local Digital Roadmaps.

The case study for Kent PSN’s use of Govroam emphasises the cross organisation benefits in a patch, such as staff co-location. It also mentions improving the support for interactions between health and social care e.g. social workers getting access when on NHS premises (and vice versa)

Just as the use of eduroam has become well established in many NHS sites to allow access for clinical placement students and academic staff (latest list here, 132 sites today, Salford Royal Hospital, Lincoln County Hospital. Birmingham Dental Hospital and Queen Elizabeth Hospital, King’s Lynn the latest to be added) so we will be tracking the progress of Govroam. This will be in the following separate blog here so it can be regularly updated.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Govroam, the NHS, and WiFi

2013-11-21 15.06.52-2
Submitted on behalf of Marcus Baw

Hi, I’m Marcus Baw and I’m a locum (freelance) GP and Emergency Physician in the North West of England. I’m also a health tech specialist, and a programmer. Being a locum means I work in a number of different NHS settings, which makes for very varied day-to-day work. It means I get to experience a wide range of NHS organisations and see how they vary in terms of their (lack of) provision of WiFi for staff.

Me, the NHS and WiFi
WiFi in the NHS has become a bit of a soap-box subject for me, as the advent of the Internet has seen almost all of the current and reliable information resources migrate from books and journals to online websites and webapps, which is great for learning and staying up-to-date – except when you’re deprived of an Internet connection!

If we want our NHS clinicians to make good, well-informed decisions in a timely fashion, it’s vital that all NHS environments provide their staff with access to these online resources. It’s simply indefensible to deny them this access.

It has to be WiFi. 3G/4G ain’t gonna cut it.
Quite often, I find myself working somewhere without access to the WiFi (it’s worth noting here that there is always WiFi present, it’s just that in many hospitals clinicians aren’t deemed important enough to have access). I can sometimes get by, sort of, with mobile data. But many clinical environments – for example modern steel-framed PFI hospitals – have poor or absent mobile signal within them (meaning mobile 3G/4G data won’t work reliably) so without access to WiFi, clinicians are cut off from vital online resources for best practice.

It’s not even about accessing electronic patient records via WiFi
Right now, I know of nowhere in the NHS that has a sufficiently advanced system to enable a clinician to access the patient record through their own mobile device through WiFi (just to pre-empt those comments saying ‘I can dial in on my Thinkpad’ – no, VNCing in on a laptop doesn’t count, it’s slow, it’s clunky, it’s death by abysmal User Experience).

So the WiFi requirement is not actually about accessing patient records through our devices, it’s purely about access to essential information resources.

Why would we send our NHS clinicians to do battle with disease and ill health, without giving them access to the vital weapon of current, evidence-based, peer-reviewed knowledge?

So what resources are we trying to access? Aren’t we supposed to be working?

These days, we’re seeing medical students being educated via Skype and recording their progress in ePortfolios like Moodle – We’re teaching new procedures to junior doctors using YouTube, which gives them an important first overview of a procedure, making them much better prepared for the formal 1-to-1 hands-on instruction that follows – We’re sharing knowledge about management of common and rare diseases more than ever before, creating free online reference texts like Dermnet.nz and online medical calculators like MDcalc.com – our internationally-respected British National Formulary is online and searchable. We can access professional guidelines from the General Medical Council and advice from our medical defence organisations. Patient information leaflets about any condition can be searched for and supplied to the patient in seconds – We can get hold of any journal paper from the history of medicine in a few clicks – And for everything else, there’s always Google.

WiFi backstory
Back in 2013 I did a very simple online survey to find out what the status of access to WiFi is across the whole NHS, and the headline figure was that around 20% of respondents had access to free WiFi in their place of NHS work. Disappointing.

The good news is that since 2013, my subsequent surveys have shown an encouraging trend towards increasing provision of WiFi to NHS front-line staff. Last time I did the survey (2015) about 50% of respondents reported they had access to free WiFi. NHS Digital now has an official NHS WiFi Programme, tasked with bringing free WiFi to the whole NHS, for patients and staff.

However, there’s a flaw. Federated roaming WiFi isn’t in those plans.

Whilst having access to WiFi in one’s home organisation is definitely a step forward, represents some progress, what we really need is Roaming WiFi. We need this in order to make possible new ways of working and new models of care delivery, where clinicians and other staff are able to roam throughout the NHS in an always-connected state.

It has to be Roaming. Single-organisation WiFi ain’t gonna cut it.

Imagine an NHS in which clinicians can roam to neighbouring NHS organisation to see specialist patients, and can remain connected to their familiar systems throughout. GPs would be able to attend a case conference at the local authority’s social care offices, and still access the patient’s record. And that’s just the tip of the iceberg. As more and more public sector organisations joined Govroam, we would see transformation of the way professionals could interoperate across the public sector instead of the current organisationally-siloed working. The benefits of fluid cross-organisational collaboration between Police, Fire, Ambulance, Social Care, Local Government, Central Government, Hospices, GPs, Walk-in Centres, Hospitals, Libraries, and others will lead to innovation that is as yet unimaginable.

When I first heard about govroam as proposed in the UK by Jisc, I thought: ‘That’s exactly what we need in the NHS’. The eduroam model, which has been proven to a) work, b) be cheap, and c) scale internationally, seems to be ideal.

The NHS (and the UK public sector in general) has an appalling record for procurement of technology. It tends to be able to pull off the impressive epic multiple fail of paying all the R&D costs of an untested vendor-specific platform, swallowing rocketing implementation costs, suing the supplier and losing, and still ending up not owning any of the IP, when it’s delivered it’s brand new legacy tech.

So I’m very wary when I hear of ‘public-commercial partnerships’ and new shiny tech, and would be much more comforted by the thought of an Eduroam-influenced platform with it’s reliable, tested technology, oIpen source radius server options, and simple, non-proprietary architecture.

For the record, despite agreeing to guest-blog for Jisc, I’m not a closed-minded govroam fanboi: I’m completely open to other suggestions for how federated roaming WiFi could work. And as long as it does work, at a cost that public sector can afford, then I’m ambivalent about how it’s delivered, whether this be public or commercial. Right now though, I think I would need to hear some extremely powerful arguments against govroam for it not to be a natural choice.

OK – so what do I do about this?

* If you’re someone with responsibility for NHS IT, then ask your clinical colleagues what they need from an NHS WiFi service. In particular, what benefits would be had from access to roaming WiFi. How would this change their practice? Make sure what your organisation is providing will meet these needs.

* If you’re a clinician, you could talk publicly about your clinical connectivity needs (blogs, presentations, Twitter), point out where they are not being met by the current levels of provision, and talk about how roaming WiFi would make the care you deliver easier to provide, and of higher quality.

* If you support the idea of GovRoam then tell people about it – the more people that know that roaming WiFi across all of Health and Care is not only technically possible, but is a real and present offering, the better.

* If you are a senior NHS Digital executive working in Domain A – then you might need to rethink your WiFi programme. Sorry.

Jisc welcomes the opportunity to solicit the personal views of various stakeholders in roaming connectivity use cases and provision, and specifically invited Marcus to contribute his take in this case. However, we would note that Jisc is involved in ongoing profitable discussions with NHS Digital and colleagues around the subject of WiFi roaming, and therefore don’t share his perspective that this aspect of connectivity provision is not addressed in their plans. We would be happy to offer a chance to respond to Marcus’ view to a representative of the NHS team(s) involved – mark.o’leary@jisc.ac.uk

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Chasing govroam

I’ve been working on various infrastructure projects for education for more than twenty years now, but the one constant through that time has been wireless technologies. In particular, I Mark O'Leary chasing govroamwas part of the initial group of three that brought the eduroam idea (then called Location Independent Networking) to life in the UK, working with UKERNA. Curiously enough all three, then from universities in Manchester, Bristol and Southampton, now work for Jisc and are still engaged in one capacity or another in improving the eduroam experience.

eduroam is one of the Big Ideas

The eduroam roaming federation has been one of the Big Ideas of this generation of networkers, and I think that sometimes the education sector forgets how powerful it is. There was a time when the invisibility of a service was its badge of honour, a testament to its reliability, but in the current climate we need to ensure that people are aware of the direct and indirect benefits it brings, so that they can take some ownership and help protect and extend the coverage.

For a number of years, I’ve been trying to find a way to bring those benefits to a wider public sector base in the UK. Although I hate the phrase, one that recurs in discussions of federated roaming is “it’s a no-brainer”. Admittedly, once you bring someone to the point of understanding the new ways of working and efficiencies that something like eduroam brings, and they realise that they already have most or all of the infrastructure, services and skills they need to participate in it as part of their existing local provision, the arguments against deploying a roaming service are few on the ground. That’s why it is so surprising that it has been so hard to catalyse the creation of a roaming solution for a wider public sector, such as health, government or the blue light services.

What’s the problem?

So why has it been so hard? Well, the first hurdle is establishing need: there’s a chicken-and-egg argument around limited roaming demand (due to the absence of infrastructure to support it) justifying not creating such an infrastructure. It takes decision makers with vision to see that participating in a roaming federation will trigger a cultural change that will foster new ways of working, collaborating and sharing resources. Then there’s the thorny issue of funding. An eduroam-like infrastructure is very cheap to build and run, as national services go, but if the invoice ends up on just one department’s accounts, but the benefits are demonstrably distributed nationally, there’s an understandable reluctance. That’s where some of our former attempts to foster the launch of such a service have foundered, attempting a ‘top down’ funding model with central government. There’s also a question of scope: govroam is a roaming service for staff, in the main, but most public sites are also facing increasing pressure to provide connectivity for visiting members of the general public. Experience from eduroam suggests that trying to solve both problems (staff roaming and public connectivity), with their incompatible requirements, via a single network design is biting off too much. It may be that Jisc can also help address the public visitor problem, but probably not as part of the govroam deployment.

Govroam 2017

So in this current initiative, Jisc is trying to promote a govroam solution based on the proven eduroam design and compatible with similar initiatives internationally. It will be funded from the grass roots by the participants that receive the benefits, in a transparent way tailored to suit the purchasing processes of the sectors it serves. It will support basic network activities such as email, web and VPN, and form a foundation on which future designs that bring home organisation services directly to the roaming context could be built. As an early adopter pilot service it already exists and is supporting roaming across the UK.

It’s certainly timely. Three of our European neighbours have deployed a govroam network, albeit on a smaller scale, and within the UK, individual Trusts, Councils and PSNs are starting to create regional roaming capabilities. We are on the cusp now of either fragmenting into incompatible islands of proprietary roaming technologies, or agreeing to standardise on something with national or international scope.

I hope you will look into what is developing here and consider taking part; if you already an early adopter, I hope you will tell your colleagues about your experiences. I hope to remain part of this project as it matures, and ultimately to be able to grumble that it is so much part of life in government and health circles that people are starting to take it for granted. It is, after all, a no-brainer…

Brief technical description

Govroam = Public Services Roaming

Govroam  provides easy Internet access for visiting users from other public sector organisations, without the need to individually register or reconfigure your device when you arrive at the visited site.

Following on from eduroam’s worldwide success in delivering savings and efficiencies in education collaboration, govroam replicates this proven design pattern. The new service is available to all Public Sector organisations.

Participation means that an employee with either a laptop, mobile and/or tablet when visiting another affiliated organisation, will be able to connect to the internet seamlessly, by authenticating using their own home organisation credentials.  This single login will allow you to connect wherever there is a govroam network available, and once the profile is installed on your device, this connection will happen automatically.

All you need is a RADIUS server, a repository fo idnetities and a network to share.

Fig. 1: The building blocks required for govroam

Govroam uses robust end-to-end encryption (AES as part of 802.1X tunneling) so that your private user credentials are only available to your home organisation for authentication, and never exposed over the air or accessible by the visited site’s infrastructure – even fake networks set up with the aim of stealing your credentials can’t gain access to them through govroam.

If you already have the basics required (see fig. 1), all you need to do is create the govroam SSID on your WLAN and configure your RADIUS server to proxy any non-local authentication requests received against that SSID up the hierarchy of RADIUS servers that make up the govroam fabric. One of those servers will recognise the domain that the request is coming from and ensure the proxied request is forwarded to its home site for authentication. Fig. 2 sketches the service in action.

Hierarchical RADIUS servers in a trust relationship that allows proxying permit users to roam and their authentication requests to be routed back to their home organisation.

Fig. 2: the govroam infrastructure