Wi-Fi networks are everywhere. The number of global Wi-Fi hotspots is expected to reach over 600 million by 2023 [1]. Most of these Wi-Fi networks are standalone systems, isolated from the networks around them, and any one person is only allowed to connect to a small number of these networks.

Table of Contents

Introduction . . . . . . . . . . . . . . . . . . . . 1

What’s Behind the Wi-Fi Connectivity Problems? . . . . . . . . . . 2

Wi-Fi Roaming Federation - OpenRoaming . . . . . . . . . . . . . . . . . . . 3

OpenRoaming - One Global Network of Wi-Fi Networks . . . . . . 3

Benefits of OpenRoaming . . . . . . . . 4

How OpenRoaming Works . . . . . . . 4

Intel's Role in OpenRoaming . . . . . 6

OpenRoaming is Open for Business . . . . . . . . . . . . . . . . . . . . . . . . 6

Scalable world-wide Wi-Fi connectivity that's simple, seamless and secure .

AuthorDr . Necati Canpolat

OpenRoaming: One Global Network of Wi-Fi Networks

Wireless SystemsGlobal Connectivity

Connecting to public Wi-Fi networks is one of the top challenges that the Wi-Fi industry has been facing for many years. As many of us have experienced, connecting to a public Wi-Fi network requires going through a confusing manual process. We often have to figure out which Wi-Fi networks are available to choose from, select a network, launch a browser, enter credentials, accept terms and conditions, before we can get online.

Users often think twice before connecting to public Wi-Fi networks because it’s a tedious and inconvenient experience. This process repeats each time users access a different Wi-Fi network, and in many cases when they re-access the network.

Figure 1 . Global Wi-Fi Hotspots (Source: Cisco Annual Internet Report 2020)

How do I know which network to choose?

Is my connection secure?

I have to log off at this site?

My session expired without warning.

I’ve signed up here before. Why didn’t the

network remember me?

Where did that browser window go?

Figure 2 . Public Wi-Fi Connectivity Experience Today

2018

Millions of Wi-Fi Hotspots

700

600

500

400

300

200

100

0

169

2019 2020 2021 2022 2023

628

White Paper

What’s Behind the Wi-Fi Connectivity Problems? Public Wi-Fi connectivity problems stem from two fundamental issues:

1 . Difficulty connecting mobile devices to Wi-Fi networks: There are multiple Wi-Fi network deployments implementing different options to get users to connect to their networks. These include, but are not limited to:

• Captive portals

• Different sign up mechanisms

• Inconsistent credentials using information such as email, phone number, room number, airport coupon, or passwords

• Open Wi-Fi networks

• Venue provided shared key for everyone

• Passpoint networks

All of these different connection options confuse and frustrate users. Since each Wi-Fi provider sets up how customers access their network, the experience changes as customers move from one provider area to another. Compare that to a cellular connection, where their devices connect to the networks automatically without user interaction.

2 . Challenges with enabling global Wi-Fi roaming: It’s not easy to establish a global Wi-Fi roaming network due to fragmentation of Wi-Fi networks and complex roaming relationships they would need to put in place. There are millions of Wi-Fi hotspots available globally by different providers - operators, venues, public spaces, enterprises, cities and others - creating fragmentation and making it impossible to build a Wi-Fi roaming service at any scale. Bilateral roaming agreements are long and tedious processes involving technical, business, financial, and legal steps. This is a much different situation compared to cellular connections, where a small number of providers cover most of the globe. When a customer moves to an area where their service provider does not have coverage, there is likely already roaming agreements between their service provider and the provider in the area, enabling the customer to continue service without interruption.

White Paper | One Global Network of Wi-Fi Networks

2

To address the technical part of the issue, the Wi-Fi Alliance (WFA) introduced Passpoint®, which helps with network discovery and auto connection. However, Passpoint has been slow to gain broad adoption, due to the complexity of setting up online sign up solutions for device provisioning, as well as getting large scale roaming agreements in place.

Figure 3 . Wi-Fi Roaming

Visited Network Provider

AP/Router/Controller

AAAProxy Server

Internet cloud

AAAProxy Server

HLRAuthentication

Server

HomeNetwork Provider

White Paper | One Global Network of Wi-Fi Networks

Figure 4 . WBA OpenRoaming Federation

3

Wi-Fi Roaming Federation - OpenRoamingAfter over a decade of hard work on enabling global Wi-Fi roaming, in May 2020 the Wireless Broadband Alliance (WBA) launched OpenRoaming™. OpenRoaming is an effort to address the fundamental Wi-Fi connectivity issues highlighted above and is led by many key industry players, including Intel®.

OpenRoaming is a simple but powerful concept. It brings together Wi-Fi Access Network Providers (ANPs) and Identity Providers (IDPs) under a Public Key Infrastructure (PKI) based trust model through the WBA Roaming Federation. Any Wi-Fi ANP, big or small, can be part of the federation and securely connect with the IDPs based on the PKI model.

OpenRoaming - One Global Network of Wi-Fi NetworksOpenRoaming connects ANPs with IDPs and creates a global network of Wi-Fi networks in a seamless and secure fashion. With OpenRoaming, users no longer need to go through cumbersome and confusing public Wi-Fi network connectivity experiences. Instead, OpenRoaming provides a simple auto connection and seamless Wi-Fi access for users, and makes connecting to Wi-Fi on mobile devices act more like cellular access.

OpenRoaming™=“One Global Network

of Wi-Fi Networks”

Figure 5 . OpenRoaming = "One Global Network of Wi-Fi Networks"

White Paper | One Global Network of Wi-Fi Networks

4

For users - OpenRoaming significantly improves the users’ Wi-Fi connectivity experience. They no longer have to figure out how to connect - or even if they can connect - to a Wi-Fi network. Users only have to set their mobile device up once with OpenRoaming. They can then connect to all OpenRoaming participating networks automatically and securely anywhere in the world. This creates a cellular like connectivity experience to users’ Wi-Fi connections.

For mobile device vendors - Vendors can get their devices ready for OpenRoaming right out of the box. Device vendors can pre-install and configure their devices for the global OpenRoaming network. When a user gets a new device, all they have to do is activate the OpenRoaming access and accept the OpenRoaming federation’s legal terms and conditions. Device vendors can also choose to be an OpenRoaming IDP. Participating this way allows them to provide secure global Wi-Fi connectivity service to their users as well as establishing direct relationships with them, enabling additional value added services over their platforms.

For ANPs - OpenRoaming makes it easy to offer secure simple Wi-Fi connectivity to customers and plug into the world-wide roaming network. ANPs can leverage this scale without spending effort establishing roaming agreements, which are a significant undertaking. When users connect to an ANP’s network, the ANP not only provides Wi-Fi access, they can also interact with the users directly and can get valuable analytics from the users. ANPs can also choose to be an IDP for OpenRoaming and provide additional services to their customers.

For IDPs - Any organization that has customer relations and the ability to authenticate users can become an OpenRoaming IDP. They would enable world-wide Wi-Fi access for their users and customers without requiring direct roaming relationships with ANPs. Any organization can easily plug into the OpenRoaming federation and leverage its scale when offering services.

How OpenRoaming WorksOpenRoaming creates a simple, secure plug and play architecture through a cloud-based roaming federation framework, using PKI and common legal frameworks. This significantly eliminates the barriers to adoption of roaming services by Wi-Fi networks and devices.

Benefits of OpenRoamingOpenRoaming addresses the most challenging public Wi-Fi connectivity issues by providing a simple but powerful scalable solution where device users, vendors, ANPs, IDPs, and service enablers can benefit in multiple ways.

Figure 6 . OpenRoaming Framework

Figure 6 shows the steps involved in creating the OpenRoaming architecture. Steps 1 through 5 detail how IDPs, ANPs, and devices get prepared to be part of OpenRoaming, and steps 6 through 8 are what happens when connecting and authenticating a device. Each step is further explained on the following page.

White Paper | One Global Network of Wi-Fi Networks

5

1 . IDP Onboarding: Any organization that can provide and authenticate user identities can be an OpenRoaming IDP by applying to the WBA and accepting the OpenRoaming legal contract. They are then issued a WBA ID and OpenRoaming federation certificate. These certificates ensure the trust of the ANP on IDPs during the authentication processing in step 8.

2 . DNS registration: After obtaining their certificate, the IDP registers with the OpenRoaming Domain Name System (DNS) for auto discovery by ANPs. Without this DNS based discovery, the ANPs and IDPs would have to hardwire their Authentication, Authorization, and Accounting (AAA)/proxy servers so authentication can be routed correctly. However, using proxy servers would require roaming agreements and configuration of the end-points so that both parties would be aware of each other.Using OpenRoaming DNS removes the roaming complexity and makes it easy for any IDP to access the OpenRoaming framework. The OpenRoaming IDPs can be easily discovered by the ANPs during the authentication, creating a simple, trustable global scale OpenRoaming network.

3 . ANP Onboarding: Any organization with a Wi-Fi network can be an OpenRoaming ANP. Organizations apply with WBA and accept the OpenRoaming legal contract. They are then issued a WBA ID and OpenRoaming federation certificate.

4 . Roaming Consortium OI (RCOI) Configuration: After obtaining their certificate, an ANP configures its Access Points (APs) with the OpenRoaming Roaming Consortium Identifier (RCOI). RCOI is a global identifier for OpenRoaming networks and is advertised in beacons transmitted by Wi-Fi APs. The RCOI allows ANPs to indicate that they are part of OpenRoaming, enabling mobile devices to easily discover and connect to the network. Under the OpenRoaming RCOI, ANPs could have any Wi-Fi network Service Set Identifier (SSID) they wish. This system allows devices to easily discover and connect to the OpenRoaming one global Wi-Fi roaming network.

5 . Mobile Device Onboarding: Mobile devices use Wi-Fi profiles to connect to Wi-Fi networks. Before a device can connect to a network, it needs to go through an onboarding process. Passpoint provides an online sign-up mechanism to onboard devices, but it requires ANP’s deployment and introduces cost and complexity for them. Larger ANPs can potentially use this system, but it’s not feasible for smaller ANPs. Because of this cost and complexity, there has not been much market adoption of Passpoint online-sign-up, and getting the devices on Wi-Fi networks has been a challenge for the ecosystem.OpenRoaming allows device vendors to get their devices out-of-the-box ready for the one global OpenRoaming Wi-Fi network, without depending on an ANPs online sign up system. Additionally, OpenRoaming provides a global legal framework for acceptance of terms and conditions applicable for its usage. These terms and conditions are delivered during the onboarding of the devices, removing the need to prompt the user for acceptance for each Wi-Fi network users try to access.With OpenRoaming, a mobile device only needs to complete this onboarding process once, and it can be completed by either the device manufacturer or the user. The onboarding process requires manufacturers or users enter in and ID from an OpenRoaming IDP and to accept the terms and conditions for OpenRoaming usage.

6 . Mobile Device OpenRoaming Network Discovery and Authentication: After a mobile device has an ID from an OpenRoaming IDP, it’s ready for OpenRoaming networks connection. When the device discovers there is an available OpenRoaming Wi-Fi network nearby through the RCOIs, it initiates a secure authentication with the access network using the information in the OpenRoaming profile. The device then sends the Network Access Identifier (NAI) realm of the IDP to the ANP.

7 . IDP Discovery by ANP: After the mobile device sends the NAI realm of the IDP to the ANP, the ANP queries the OpenRoaming DNS to verify the information. Since the OpenRoaming IDPs are already registered with the DNS, ANPs can get the trusted IDP AAA server path for authentication dynamically. OpenRoaming provides a secure framework for ANP to trust the IDPs that are part of OpenRoaming, eliminating the need for prior roaming relationships. OpenRoaming brings the ability for ANPs to plug and play with any of the OpenRoaming IDPs at a global scale without dealing with the complexities of limited roaming enablement mechanism.

8 . RadSec based Authentication: After an ANP discovers the IDP through OpenRoaming DNS, it reaches out to the IDP’s AAA. Since they both have the OpenRoaming issued certificates, they can verify each other and establish a secure RadSec tunnel to process the authentication. The dynamic DNS look up of OpenRoaming framework removes the complexity of conventional systems. Without RadSec, the two end-points would need to be configured to create an IPSec tunnel based on the prior information exchanged between the roaming partners.

Once the IDP verifies the information provided by the device to the ANP, the device can establish a secure connection to the ANP’s Wi-Fi network. Each of these processes are secure and seamless to the user, enabling simple and quick access without any confusion.

As described above, OpenRoaming framework provides key capabilities in support of globally interconnected Wi-Fi networks where ANPs, IDPs and device vendors can easily participate to deliver a global Wi-Fi connectivity experience.

White Paper | One Global Network of Wi-Fi Networks

Intel's Role in OpenRoamingWith the introduction of Passpoint about a decade ago, Intel has been spearheading the vision of enabling seamless and secure Wi-Fi connectivity experience on Intel platforms. Intel has leadership roles in standards development and are working with industry players and the WBA to bring OpenRoaming to the world. We are working towards delivering a ubiquitous Wi-Fi connectivity experience on Intel devices all around the world where our users can connect to OpenRoaming Wi-Fi networks without any of the issues currently faced.

OpenRoaming is Open for BusinessAny ANP, IDP or device vendor interested in participating in OpenRoaming can do so because it’s open for everyone. We encourage interested parties to join “One-Global-Wi-Fi Network”, leverage its scale and benefit from it.

References[1] Cisco Annual Internet Report 2020, https://www.cisco.com/c/en/us/solutions/executive-perspectives/annual-internet-report/index.html

6

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex. Intel technologies may require enabled hardware, software or service activation.No product or component can be absolutely secure. Your costs and results may vary. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.