WBA OpenRoaming provides users with roaming access to Wi-Fi
hotspots without having to register with different operators or enter login credentials
each time. The Wi-Fi roaming standard combines a federation of network providers
and identity providers, enabling users to join any compliant network through a
federation member. Authentication is achieved through the user‘s identity provider when
the provider is a federation member. All federation members support the WBA PKI.
WBA
OpenRoaming
The WBA OpenRoaming is based on the following elements:
Hotspot
2.0
DNS
Discovery
WBA
OpenRoaming PKI
RADSEC
The OpenRoaming policy offers the following:
Accepts
users from any ID provider
Free
roaming. The service provider does not charge the roaming subscriber for Wi-Fi access
QoS on a
best effort basis.
The user
identity can remain anonymous. The ID provider does not share the user's
identity with the service provider.
Note
RadSec proxy AP election relies on APs sharing
compatible software support and SSID profile configuration. Mixing APs that do not all
support OpenRoaming, or assigning different RadSec‑enabled SSID sets to APs that share
the same profile in the same management subnet, can result in a proxy AP that cannot
serve all OpenRoaming SSIDs correctly. To avoid issues, keep APs with different
RadSec/OpenRoaming requirements in separate network policies and profiles.
