Specifications & guidelines

OpenRoaming for IoT – FIDO Device Onboarding Framework

The Wireless Broadband Alliance (WBA) and the FIDO Alliance have joined forces to integrate FIDO Device Onboard (FDO) and WBA OpenRoaming^TM technologies. This collaboration aims to create a seamless and secure onboarding process for Internet of Things (IoT) Wi-Fi devices, paralleling the simplicity and security of traditional Wi-Fi device onboarding using OpenRoaming. The OpenRoaming for IoT – FIDO Device Onboarding Framework report details how these technologies work together to simplify and secure the onboarding process for IoT devices.

The integration between OpenRoaming and FDO is a significant milestone in the realm of Wi-Fi device onboarding, and addresses critical challenges of large-scale IoT deployments by providing a secure, scalable, and automated solution. By automating the onboarding process, this allows headless and other pre-configured FDO IoT devices to be onboarded straight out of the box using OpenRoaming, it can then receive new OpenRoaming credentials, allowing it to connect via OpenRoaming permanently, or receive credentials to connect to a private Wi-Fi network for a permanent connection.

By combining OpenRoaming and FDO, the framework facilitates efficient, zero-touch device onboarding, ensuring a streamlined and secure experience for both users and network providers. This integration is a landmark achievement in Wi-Fi device onboarding, addressing key challenges in the industry and establishing a new standard for device deployment.

Key Benefits:

• Zero-touch, secure onboarding: Automates device onboarding, enhancing operational efficiency and ensuring secure authentication.
• OpenRoaming and FDO integration: Describes how pre-configured OpenRoaming and FDO credentials enable seamless device connectivity across networks.
• Alternative network environments: Covers complex deployments and provisioning challenges.
• Supply chain security: Ensures device security through ownership vouchers and cryptographic mechanisms.

The OpenRoaming for IoT – FIDO Device Onboarding Framework sets a new standard for secure and efficient IoT device deployments by automating onboarding and enhancing security. This framework paves the way for widespread industry adoption, promoting cross-industry collaboration and enabling a broad range of industries to benefit from improved operational efficiency and strengthened security across their IoT networks.

RADIUS Accounting Assurance Industry Framework

Discover the transformative potential of accurate RADIUS accounting with our latest report, “RADIUS Accounting Assurance Industry Framework.” Developed by the WBA members, this comprehensive framework addresses critical challenges in RADIUS accounting practices, vital for network management and Wi-Fi roaming.

Why RADIUS Accounting Matters

Since its inception in 1997, RADIUS (Remote Authentication Dial In User Service) accounting remains crucial for monitoring data usage across network access servers. As network technologies advance and demand for seamless connectivity grows, the accuracy of RADIUS accounting data is pivotal for operational excellence and customer satisfaction.

With a particular focus on Wi-Fi networks and roaming scenarios, the report highlights the need for accurate data usage tracking to ensure effective billing, analytics, and settlement processes.

Highlights and Benefits:

• Enhanced Data Accuracy: Implement standardized methodologies for detecting and correcting errors to ensure precise data reporting and billing.
• Reduced Financial Discrepancies: Address billing errors and financial disputes, especially critical in Wi-Fi roaming scenarios.
• Improved Interoperability: Promote seamless integration across diverse network equipment, enhancing system compatibility and functionality.
• Industry Best Practices: Access expert insights on standardized methods to detect, report, and handle inaccuracies for reliable data handling.
• Collaborative Efforts: Learn about initiatives led by the WBA’s Roaming Work Group and the integration into the Wireless Roaming Intermediary eXchange (WRIX) framework to unify and enhance RADIUS data management.
• Informed Decision Making: Use accurate data to make informed choices about network management, strategic planning, and capacity management.

The framework is an ongoing project, open to participation from industry stakeholders aiming to refine and enhance the reliability of RADIUS accounting. We invite industry players to join this collaborative effort to implement the proposed improvements and benefit from shared expertise, thus enhancing its effectiveness and industry acceptance.

For more information or to participate in upcoming projects, contact the WBA Program Management Office at pmo@wballiance.com.

Wi-Fi Roaming Standard – WRIX Umbrella Document

WBA defines roaming set-up best practices for service providers and outlines the reasons for providing roaming services as well as suitable strategies to adopt. Standards are provided for the type of information needed from the Wi-Fi network, together with guidelines on how to exchange relevant information between involved parties. Moreover, WBA maintains a database of Operators roaming related data, including the WBAID that is solely provided and maintained by the WBA.

This WRIX Umbrella document is an integral part of the whole Wireless Roaming Intermediary eXchange (WRIX) Framework, developed by the WBA Roaming Work Group. This document defines the means by which operators may interconnect with each other, either directly or through their respective WRIX-is, for the purposes of providing wireless broadband roaming services to their end-users. It also provided a guidance for best practices of Wi-Fi Roaming and overview of WRIX interfaces and entities.

Operator Managed Wi-Fi Reference Architecture and Requirements

With the increasing prevalence of Wi-Fi as the primary method of internet connectivity, the term “Wi-Fi” has become synonymous with the internet itself. Consequently, users perceive their internet quality of experience (QoE) as synonymous with Wi-Fi QoE. Users no longer differentiate between Wi-Fi service and internet service, expecting their Wi-Fi issues to be resolved by their internet service provider (ISP). This shift has turned Wi-Fi into a managed service, specifically managed by the operator, hence the term “operator-managed.”

This is WBA’s first document on operator-managed Wi-Fi, and it is anticipated that later phases of work will expand the scope of the requirements hereby defined.

The technical paper, “Operator Managed Wi-Fi: Reference Architecture and Requirements” outlines a new operator-managed Wi-Fi (OMWi) reference architecture. The proposed framework will combine multiple available standards to streamline Wi-Fi data collection, Wi-Fi management, configuration, and optimization of home networks, simplifying the analysis and decision-making process for carriers.

This paper represents the first phase of that journey, presenting an operator-managed Wi-Fi reference architecture that combines the benefits of all available standards, including Wi-Fi Alliance (WFA) Wi-Fi EasyMesh™, Wi-Fi CERTIFIED Data Elements™, and Broadband Forum (BBF) User Services Platform (USP) Data Models TR-369 and TR-181. Wi-Fi Alliance EasyMesh™, for instance, can be utilized as the standard interface for Wi-Fi data collection, Wi-Fi management, configuration, and optimization on home networks with a standalone gateway.

Register now for the upcoming webinar on 6^th June, 2023   “Optimizing Wi-Fi Experience with Operator-Managed Networks.”

Wi-Fi Roaming Standard – WRIX Umbrella Document

WBA defines roaming set-up best practices for service providers and outlines the reasons for providing roaming services as well as suitable strategies to adopt. Standards are provided for the type of information needed from the Wi-Fi network, together with guidelines on how to exchange relevant information between involved parties. Moreover, WBA maintains a database of Operators roaming related data, including the WBAID that is solely provided and maintained by the WBA.

This WRIX Umbrella document is an integral part of the whole Wireless Roaming Intermediary eXchange (WRIX) Framework, developed by the WBA Roaming Work Group. This document defines the means by which operators may interconnect with each other, either directly or through their respective WRIX-is, for the purposes of providing wireless broadband roaming services to their end-users. It also provided a guidance for best practices of Wi-Fi Roaming and overview of WRIX interfaces and entities.

WBA PPS MO Extensions

The Wi-Fi Alliance Hotspot 2.0 Specification allows for additional vendor-defined data fields to be included in the PerProviderSubscription Management Object (PPS MO). This section defines a WBA vendor subtree, in order to allow for additional PPS MO elements that may be used for roaming. Figure 1 shows a graphical representation of the WBA PPS MO Extensions.

IMSI Privacy Protection for Wi-Fi

EAP methods are primarily used by wireless carriers and operators who want to take advantage of Wi-Fi capabilities for their SIM subscribers for use cases including licensed mobile radio service; in service-environments such as sports or shopping venues; underground locations; and the overall experience for end-users when Wi-Fi and mobile services are combined for the SIM subscriber’s benefit. Passpoint enables the cellular carrier to offload data by providing a means to have an automated connection to available Wi-Fi providers.

To fill the industry gap, it is important to provide solutions that enable mobile devices to keep their permanent subscriber identity (IMSI) private when using SIM authentication methods.

WBA’s IMSI Privacy Protection for Wi-Fi – Technical Specification document serves as the standardization for seamless, private and secure access for SIM-based devices onto to Wi-Fi. The document provides clear guidelines to ensure that service providers can deploy secure and interoperable Wi-Fi services with confidence.

With the joint collaboration between operators and vendors, the WBA’s Wi-Fi IMSI Privacy Protection project team formulated the best practice on security policy and privacy protection on SIM-based devices as well as developed guidelines and a compliance program to guarantee broad industry deployments and alignment

PKI RadSec – Operator Deployment Guidelines

The growth in devices is being accompanied by continued growth in the number of Wi-Fi hotspots. Earlier work by the WBA has identified the use of RadSec, a protocol defined by the IETF in RFC 6614 for transporting RADIUS datagrams over TLS, coupled with a Public Key Infrastructure (PKI), for automating the security of these TLS sessions, as an alternative to the conventional WRIX approach.

With the growth of Wi-Fi interoperability and Wi-Fi roaming services, more service, network and identity providers are looking to build roaming businesses for which an easy and fast method to scale up interconnections is key.

RadSec certificate-based interconnection, through the WBA Public Key Infrastructure (PKI), provides a secure, simpler and less manual method to establish peer interconnection.

The  document, “PKI RadSec – Operator Deployment Guidelines” provide guidelines for implementing RADIUS interconnections using RadSec coupled with WBA’s PKI. These guidelines will act as a roadmap that will help planners and systems engineers ensure that RadSec installations go smoothly and efficiently. Adherence to the practices defined will also allow for a more standardized configuration approach and allow for consistent interconnections. This work complements the already released “End-Entity Deployment Guidelines” document, which provides guidance for organizations with Wi-Fi footprint and/or subscribers who intend to deploy WBA’s interoperable Public Keying Infrastructure (PKI) RadSec security service.

The PKI-RadSec Documentation are fully accessible for WBA members only. If you are a WBA Member, please access the WBA Extranet to download PKI-RadSec Documentation, including the WBA PKI Certificate Policy, End-Entity Deployment Guidelines and PKI RadSec – Operator Deployment Guidelines.

The PKI RadSec – Operator Deployment Guidelines is brought to you by WBA Roaming Evolution group.

Please contact us to find out more about the full document available to WBA members.

PKI & RadSec End-Entity Deployment Guidelines

With the growth of Wi-Fi interoperability and Wi-Fi roaming services, more service, network and identity providers are looking to build roaming businesses for which an easy and fast method to scale up interconnections is key.

RadSec certificate-based interconnection, through the WBA Public Key Infrastructure (PKI), provides a secure, simpler and less manual method to establish peer interconnection.

This document, “PKI RadSec – End Entity Deployment Guidelines”,  provides information and guidelines for organizations with Wi-Fi coverage and/or subscribers on how RadSec can help their interworking business. It also offers recommendations and guidelines on how to set up PKI RadSec. This work complements the already released “PKI RadSec – Operator Deployment Guidelines” document, which provide guidelines for implementing RADIUS interconnections using RadSec coupled with WBA’s PKI.

The PKI-RadSec Documentation are fully accessible for WBA members only. If you are a WBA Member, please access the WBA Extranet to download PKI-RadSec Documentation, including the WBA PKI Certificate Policy, End-Entity Deployment Guidelines and PKI RadSec – Operator Deployment Guidelines.

The PKI RadSec – End Entity Deployment Guidelines is brought to you by WBA Roaming Evolution group.

Please contact us to find out more about the full document available to WBA members.

Next Generation Hotspot (NGH) Wi-Fi Roaming Guidelines

Next Generation Hotspot (NGH) is WBA’s accomplishment of an end-to-end Wi-Fi Roaming experience, achieving the seamless, secure and interoperable experience set as a benchmark by the Wi-Fi industry. This white paper examines the business case for NGH and Wi-Fi Roaming, and also provides a detailed breakdown of the building blocks needed for setting up quality roaming services. It outlines a number of successful trials and demos, and explores the ways in which WBA and its members are working to ensure that the technology continues to evolve.