The basic idea behind eduroam is to provide free, unrestricted access to the Internet. eduroam only handles authentication and authorization of the users. The actual Internet access is provided by the local network equipment (Access Point/Controller, Ethernet Switch).
The eduroam initiative started in 2003. Today, eduroam is a federation of federations (confederation): Single federations are run at national level and they are all connected to their regional confederation. Thus eduroam is avaliable at almost all universities worldwide.
eduroam technology is based on 802.1X standard (typically used with a 802.11 wireless network with WPA2 Enterprise authentication) and a hierarchy of RADIUS proxy servers. The wireless eduroam networks use the SSID 'eduroam'.
The role of the RADIUS hierarchy is to forward the users' credentials to the users' home institution, where they can be verified and validated.
When a user requests authentication, the user's realm determines where the request is routed to. The realm is the suffix of the user-name, delimited with '@', and is derived from the organisation's DNS domain name.
Every university that wants to participate in eduroam connects its institutional RADIUS-server to the national RADIUS (FLR) proxy of the country where the institution is located. The FLRs are in turn connected to the regional top-level RADIUS server (European top-level RADIUS, ETLR, in case of Europe), which themselves form the root of the hierarchy in a full-mesh topology.
Further information can be found on the eduroam.org wiki.