The WBA WRIX architecture, pivotal in supporting Wi-Fi roaming, leverages RadSec/TLS to enhance the security of RADIUS exchanges traditionally secured by IPSec VPN. This new method replaces outdated IP address identification and shared MD5 secrets with a more robust trust model using X.509 certificates. Benefits of transitioning to RadSec/TLS include automated security, improved reliability, and better management of timeouts and fragmentation due to the use of TCP over UDP.
This PKI Certificate Policy document outlines the overarching framework of WBA WRIX PKI, addressing the business, legal, and technical guidelines. It details the use and assurance levels of PKI certificates, obligations of Certification Authorities (CAs), compliance requirements, and identity verification processes. The policy also covers certificate lifecycle management, operational security, audit logging, disaster recovery, and security protocols for physical and logical infrastructure. Additional provisions include content guidelines for Certificate profiles and Certificate Revocation Lists (CRL), as well as related agreements like the Digital Certificate Authorization Agreement (DCAA) and Root CA Hosting Agreement, ensuring a uniform level of trust across the WBA WRIX system.
For more information regarding the WBA PKI Certificate Policy document, please contact pki@wballiance.com or pmo@wballiance.com
