WN Podcast 053 – OpenRoaming with Jerome Henry and Bart Brinckman


Manage episode 275293567 series 2543486
By WiFi Ninjas. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Hi everyone!

How would you feel telling your grandkids that back in your time you had to select a WiFi network you wanted to connect to from the list, use unencrypted connection in public spaces or povide your personal info on the splashpage? See how @Cisco @WBA OpenRoaming fixes it all!

Here is what we have discussed:

Why do we need OR?

· User on cellular = business can’t engage

· Painful or broken WiFi Onboarding

· Lack of security

· Indoor coverage/capacity (Cellular offload)

What is Open Roaming?

· Open Roaming leverages all the features of pass point

· Federation of Access Providers (places like public venues, retail, hospitality, enterprises) and Identity Providers (carriers, device OEM, providers) that runs in the cloud – fully distributed solution

· Access Provider (place)

o Apply policy

· Identity Provider (user auth)

o Used for user authentication

o Can be a google ID, Apple ID or sim, eSim, MSO – certificate.

o How can I sign up on my iPhone or on my Android

· Used to have to visit a specific website to get the profile on the phone – how to make it transparent for users?

· OR was quite complicated to configure – plans to simplify? Integrate DNAS Connector functionality into WLC?

· Embedded functionality: Samsung, Android 11

· App SDK

o Examples:

· Service Provider using SIM

· Enterprise using cert

· OEM – Samsung good example

· Cloud ID – sign with Google, Apple, etc.

§ Application soon available for iOS and Android?

How does it work?

· Secure auto onboarding for any access network really in a nutshell .

· Automatic, secure transparent onboarding wherever you go – handoff from 4/5G to WiFi

· Your phone doesn’t need to come out of your pocket.

· Roaming agreements when travelling – business relationship with different access networks with different credentials.

· How does it work technically with information in the beacon.

· Flow:

o Access Provider:

o Device gets into coverage range

o Device <- EAP -> AP/WLC

o AP/WLC <- RADIUS -> DNAS Connector

o Identity Provider:

o DNAS Connector <- IDP Discovery -> IDP DNS

o DNAS Connector <- TLS up -> IDP AAA

What level of encryption does Open Roaming provide us with

· WPA2 Enterprise level / 802.1X EAP-TLS.

· What about with WPA3 coming and 6GHz: yes!

What are the benefits?

· Why would we implement OR on my network?

· Why would I setup OR on my mobile device?

· Benefits for the infrastructure provider

· Benefits for the client

o Sign up once, get connected automatically

o No portals, SSID name guessing

o More meaningful experience

Who created it & who has ownership of it now?

· WBA have taken over ownership of Open Roaming. The industry is picking up a lot of momentum now.

· How are other vendors integrating Open Roaming – since it was originally Cisco how are companies like Aruba/ Mist/ Ruckus etc implementing OR.

· Bart – can we mention Canary Wharf Group?

Can we still have a splash page?

· Is splash page dead with option to always use MAC randomisation?

· You can still have a splash page if you want to – once authenticated, identified by the network you can have a personal welcome splash page specific to you. -> We would like to leverage things like venue information to make it more contextual (HS2.0 v3)

What about my privacy?

· Privacy concerns – it does allow for anonymous connectivity – but you may lose some loyalty benefits – but the user may want to provide that info to get the loyalty bonus etc. -> Anonymous by default, privacy built-in

OR Architectures with Cisco

· Currently 3 scenarios

o AireOS 8.3+, DNAS (with connector)

o C9800 16.12+, DNAS (with connector)

o Meraki, DNAS (with connector)

· DNAS Connector

o What does it do?

o Why do we need both DNAS and DNAS Connector?

Tons of love,

WiFi Ninjas xxx

The post WN Podcast 053 – OpenRoaming with Jerome Henry and Bart Brinckman appeared first on WiFi Ninjas - Podcasts & Blogs.

45 episodes