The wireless industry is seeing a transition in deployments where new and existing spectrum allocations are permitting private enterprises to deploy their own wireless systems. Wi-Fi has been the traditional technology of choice for such private networks, delivering global economic value of over $4,800 billion by 2025, as estimated by Telecom Advisory Services. Whereas these private networks have conventionally only served users associated with the private enterprise, the introduction of OpenRoaming is enabling these networks to transform into neutral host systems, that are now able to serve the end-users of those identity providers that have joined the OpenRoaming federation.
Operation of the OpenRoaming federation is based on a set of individual responsibilities of OpenRoaming access providers, OpenRoaming brokers and OpenRoaming identity providers. Access providers and identity providers engage with OpenRoaming brokers to join the federation. OpenRoaming defines terms to be included in the agreement between brokers and providers to ensure the correct operation of the federation. For identity providers, these terms cover aspects related to prohibited activities that all end-users need to agree to before being provisioned with an OpenRoaming credential. For access providers, these terms include configuration aspects related to the WLAN system as well as minimum service level requirements for end-users that are successfully authenticated on the access providers’ network. These requirements ensure that all authenticated end-users are able to make voice over Wi-Fi calls when on any OpenRoaming access network.
OpenRoaming brokers are responsible for assigning unique identities to each OpenRoaming provider that joins the federation and assigning certificates to the providers from the OpenRoaming public key infrastructure. The brokers register each assigned identity and issued certificate in the federation database. The providers can then use the database to record information regarding their OpenRoaming deployments.
Both access provider and identity provider configure the issued certificates in their equipment. OpenRoaming defines the use of DNS to enable an access provider to dynamically discover the signalling systems of the identity provider responsible for authenticating a particular user and the certificates are used to mutually authenticate all signalling exchanged between access and identity providers. In other deployments, signalling can be proxied via the OpenRoaming broker. However, OpenRoaming requirements in terms of broker-to-broker connectivity always ensure that any OpenRoaming identity provider can be signalled from any OpenRoaming access provider.
Hence, OpenRoaming can be viewed as “neutral host by design” enabling the access provider to authenticate all OpenRoaming users onto their network, irrespective of the end-user’s identity provider.
OpenRoaming service will typically enable authenticated end-user to be directly connected to the Internet from the access networks’ WLAN with the OpenRoaming service level requirements covering the connection between end user and the Internet. Identity providers may use monitoring techniques to ensure their end-users are receiving the necessary quality of experience when roaming onto the access provider WLAN systems and can escalate any concern to the Wireless Broadband Alliance who will work with the parties to resolve any identified issues.
Growing requirements for neutral host support are enabling private networks to transition and support new value propositions. Importantly, OpenRoaming has been architected to scale to support over half a billion deployments of Wi-Fi hotspots and its “neutral host by design” capability is now increasingly being used by private networks to authenticate end-users from the myriad of identity providers that have already joined the federation.
As the co-chairs leading WBA’s OpenRoaming Task Group, we encourage all venues, vendors, service providers and identity providers that want to deliver neutral hosts deployments to join WBA OpenRoaming and revolutionize Wi-Fi usage around the world.