Download Here

The WBA WRIX architecture, pivotal in supporting Wi-Fi roaming, leverages RadSec/TLS to enhance the security of RADIUS exchanges traditionally secured by IPSec VPN. This new method replaces outdated IP address identification and shared MD5 secrets with a more robust trust model using X.509 certificates. Benefits of transitioning to RadSec/TLS include automated security, improved reliability, and better management of timeouts and fragmentation due to the use of TCP over UDP.

This PKI Certificate Policy document outlines the overarching framework of WBA WRIX PKI, addressing the business, legal, and technical guidelines. It details the use and assurance levels of PKI certificates, obligations of Certification Authorities (CAs), compliance requirements, and identity verification processes. The policy also covers certificate lifecycle management, operational security, audit logging, disaster recovery, and security protocols for physical and logical infrastructure. Additional provisions include content guidelines for Certificate profiles and Certificate Revocation Lists (CRL), as well as related agreements like the Digital Certificate Authorization Agreement (DCAA) and Root CA Hosting Agreement, ensuring a uniform level of trust across the WBA WRIX system.

For more information regarding the WBA PKI Certificate Policy document, please contact pki@wballiance.com or pmo@wballiance.com.

Join us in shaping the future of Wi-Fi.

This project is bought to you by: WBA Roaming Work Group

To participate and learn more about WBA coming projects, contact WBA PMO.

Reference Projects:

Wi-Fi Roaming Standard WRIX Umbrella

READ MORE

OpenRoaming™ Flyer

READ MORE

Signaling AP Location for Wi-Fi Roaming

READ MORE

BECOME

A MEMBER

FIND OUT MORE >

VIEW

ALL MEMBERS

FIND OUT MORE >

SIGN UP

FOR OUR NEWSLETTER

FIND OUT MORE >