To provide secure roaming services for mobile users in global mobility networks, many anonymous authentication protocols have been proposed in recent years. But most of them focus only on authentication and fail to satisfy many practical security requirements. In order to achieve anonymity, the traditional anonymous roaming protocols depend on a temporary identity instead of real identity. However, these schemes have storage, communication and computing overheads due to the update operations. To overcome the shortcomings mentioned above, this paper proposes a fuzzy direct anonymous roaming mechanism for global mobility networks, in which the roaming users can fulfill the legitimacy authentication of their identity through one round message exchange with FA. This mechanism not only achieves the legitimate authentication of anonymous identity through fuzzy identity, but also avoids the update operations to get the property of "one at a time" of temporary identity in the process of roaming. Additionally, a security proof shows that this mechanism is provably secure in the CK security model. Moreover, comparative analysis shows that the presented proposal has stronger security, achieves stronger anonymity, and has lower storage, communication and computing overheads. Compared with the traditional anonymous roaming mechanism, the mechanism proposed in this paper is more suitable for the global mobility networks.