By: Jonas Lagerquist

The days when public Wi-Fi connectivity was scattered into separate, potentially insecure islands with cumbersome access through portals may soon be over, at least at locations that have joined the Wireless Broadband Alliance’s fast-growing OpenRoaming federation. OpenRoaming has over three million Wi-Fi hotspots globally and counting and has the potential to change how we connect to Wi-Fi networks forever.

As Seamless and Secure as Cellular

The OpenRoaming federation is a collaborative effort among vendors, service providers, identity providers, and venue owners to create a seamless and secure Wi-Fi roaming experience globally for users, irrespective of their location or identity provider.

The vision is to make public Wi-Fi as seamless, globally ubiquitous, and secure as when roaming between cellular networks.

There are two different roles in the OpenRoaming federation. An Access Network Provider (ANP) provides the Wi-Fi network, and an Identity Provider (IDP) authenticates and authorizes users to access the OpenRoaming service offered by the ANP. A member, such as a communications service provider (CSP), can act both as an access network provider, making their Wi-Fi footprint accessible, and as an identity provider for its subscribers.

The word ‘provider’ in the IDP and ANP terms is not limited to the traditional meaning of ‘service provider.’ An ANP can be any organization with a Wi-Fi network, such as a hotel or a shopping mall. An IDP can be any organization with a registered user base, such as a mobile handset manufacturer, a loyalty program, or a social network.

The beauty of the OpenRoaming federation is that any IDP and ANP can roam with each other without even being aware that the other party exists. In this article, we will dwell on how this magic is possible and why OpenRoaming does not necessarily have to be as ‘Open’ as the name suggests.

Traditional Hotspots Versus OpenRoaming

We have all used traditional Hotspots many times and will continue to do so until every hotspot is part of the OpenRoaming federation.

So, what are the main differences between a traditional hotspot with a captive portal and an OpenRoaming hotspot? The short answer is that OpenRoaming provides a seamless and secure experience for the users and the Wi-Fi service providers.

In the case of a traditional hotspot, the user must actively look for a hotspot to connect to, select it, and then manually log in to the service. Typically, the user is onboarded to a so-called open Wi-Fi (SSID), meaning the traffic will have weak or non-existent encryption over the radio link. It is also possible for hackers to appear as legitimate Wi-Fi access points (AP) as there is no verification of the AP.

Figure 1.
Source: Enea Whitepaper: All You Need To Know About OpenRoaming Seamless and Secure Wi-Fi Everywhere 

In contrast, OpenRoaming uses the Wi-Fi Alliance Passpoint standard (previously known as Hotspot 2.0) to automatically select the Wi-Fi service and log in to it. The user can only access trusted Wi-Fi access points, and the traffic is encrypted over the radio link, thanks to the secure Extensible Authentication Protocol (EAP) authentication method that is also used to create the encryption keys.

The seamless user experience, with automatic login to the OpenRoaming Wi-Fi network, is achieved through Passpoint’s ability to let the device and Wi-Fi access point interact in the background, without any user interaction, to select the Passpoint-enabled Wi-Fi service and agree on what EAP authentication method to use.