SlideShare a Scribd company logo

openroaming-and-capport-2023-01-30.pdf

Radiator Software
Radiator Software

This document discusses OpenRoaming and the Captive Portal API (CapPort). OpenRoaming allows users to automatically connect to Wi-Fi networks around the world using their existing credentials. It benefits both access network providers and identity providers. The minimum requirements to participate as each type are outlined. Implementing OpenRoaming with Radiator Software is also discussed. The CapPort API allows notifying Wi-Fi users via mobile notifications and could be useful for promoting preferred networks like eduroam. A demonstration of implementing CapPort with only a DHCP server and web server is provided.

Technology
1 of 18
Download to read offline
OPENROAMING AND CAPPORT 2023-01-30 Karri Huhtanen (Radiator Software Oy)
OPENROAMING “eduroam for all”
What is OpenRoaming? ● OpenRoaming is a Wi-Fi roaming federation. ● Wi-Fi roaming is like mobile phone roaming, but becoming an operator is less difficult. ● If you are already familiar with eduroam, OpenRoaming is like eduroam for all of us. ● The idea is that end users can utilise their existing user credentials (e.g. username-password, certificates, cellular identities (SIMs)) to automatically connect to Wi-Fi networks around the world.
With OpenRoaming™ WBA is acting as a centralized policy authority enabling an ecosystem for identity providers and Wi-Fi network providers to work together and deliver automatic and secure Wi-Fi experience to millions of users Source: https://wballiance.com/openroaming/how-it-works/ OpenRoaming video: https://www.youtube.com/watch?v=YvhZouk6MKM
Benefits for Guest Network Providers ● Easier, automatic admission/authentication of guest network users (into WPAx-Enterprise Wi-Fi networks) ● Multi-vendor supported network authentication, configuration and provisioning ● Additional monetisation of guest/hospitability Wi-Fi networks ● Called Access Network Providers (ANPs)
Benefits for Identity Providers ● Providing network access to identity provider users via roaming ● Cost-savings from using roaming Wi-Fi networks compared to cellular network roaming ● Multi-vendor supported network authentication, configuration and provisioning
example.org RADIUS server example.com RADIUS server OpenRoaming Technical Functionality Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx RADIUS capable Wi-Fi controller or example.net’s own RADIUS server OpenRoaming Settled or Settlement-Free Access Service Provider Static Radius over TLS (RadSec, RFC 6614) connection Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx Global Public DNS Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx DNS discovery: NAPTR aaa+auth:radius.tls.tcp <realm> SRV <NAPTR result> Name lookup <SRV result> Dynamic RadSec connection to example.net’s IdP service provider Dynamic RadSec connections to example.com IdP Dynamic RadSec connection to example.org IdP user@example.com user@example.net user2@example.com user@example.org
OpenRoaming requirements for Access Network Provider (ANP) ● For organisations who only want to let OpenRoaming users roam in their network ● Minimum requirements: ○ Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment ○ OpenRoaming Settled or Settlement-Free Access service from some WBA member service provider ○ No WBA membership needed ● Connecting directly to other OpenRoaming members requires WBA client certificate (via service provider or WBA membership), and an own RADIUS server
OpenRoaming requirements for Identity Provider (IdP) ● For organisations who want their members or subscribers roam in OpenRoaming member networks ● Minimum requirements: ○ (Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment) * ○ Ability to configure OpenRoaming DNS records for IdP realm ○ OpenRoaming Settled or Settlement-Free Access service and IdP service from some WBA member service provider ○ No WBA membership needed ● Connecting directly to other OpenRoaming members requires WBA client+server certificate (via service provider or WBA membership) and an own RADIUS server. *) only if providing also Wi-Fi access network services (ANP)
OpenRoaming with eduroam (community) ● Do-it-yourself trial service for IdP (roaming with eduroam credentials in OpenRoaming networks) available from eduroam: https://wiki.geant.org/pages/viewpage.action?pageId=133763844 ● Access Network Provider/Service Provider (ANP/SP) (allowing OpenRoaming users roam in guest networks) is not available from eduroam. ● Summary information about OpenRoaming and eduroam: https://eduroam.org/openroaming-and-eduroam-useful-information-for-e duroam-identity-providers-and-service-providers/ ● Wi-Fi configuration profile provisioning via https://cat.eduroam.org/ ● Support from eduroam community
OpenRoaming with Radiator Software ● Allowing OpenRoaming visitors in guest networks as well as roaming in OpenRoaming networks with eduroam credentials both supported as a service ● RadSec connections (with Radiator or radsecproxy) supported for securing roaming connections => connections behind dynamic IPs supported as well ● No need for Wireless Broadband Alliance membership (otherwise required by organisation or its service provider) ● With https://roam.fi/ membership an open roaming and OpenRoaming Wi-Fi network authentication service ● Wi-Fi configuration provisioning via eduroam-cat ● Minimum tuning with RADIUS/RadSec service and support from Radiator Software ● If interested, please contact Radiator Software (sales@radiatorsoftware.com, info@radiatorsoftware.com) for limited free trial
Other OpenRoaming implementations, services and instructions ● Cisco Spaces OpenRoaming Configuration Guide: https://www.cisco.com/c/en/us/td/docs/wireless/spaces/openroaming/b- spaces-or-cg.html ● Wi-Fi authentication/roaming service providers: ○ e.g Single Digits, GlobalTechnology
OpenRoaming with Radiator webinar on the 14th and 16th of February 2023 LEARN ● What is required for OpenRoaming? ● What is the quickest way to start testing? ● What are the recommended architecture and practices for adding OpenRoaming both for a Service/Access Network Provider and for an Identity Provider? ● Where can one find help to configure Radiator for OpenRoaming? Register at https://radiatorsoftware.com/webinars/
CAPPORT API Contacting your users via mobile notifications
CapPort API resources ● CapPort API demonstration site: https://capport.net/ ● CapPort API demonstration privacy policy: https://capport.net/privacy.html ● RFC8908 Captive Portal API: https://datatracker.ietf.org/doc/html/rfc8908 ● RFC8910 Captive-Portal Identification in DHCP and Router Advertisements (RAs): https://datatracker.ietf.org/doc/html/rfc8910 ● Google CapPort information: https://developer.android.com/about/versions/11/features/captive-portal ● Apple CapPort information: https://developer.apple.com/news/?id=q78sq5rv
Do it yourself CapPort … You only need a … # ISC DHCP server example subnet 192.168.144.0 netmask 255.255.255.0 { range 192.168.144.130 255.255.255.0; option domain-name-servers 192.168.144.1; option subnet-mask 255.255.255.0; option routers 192.168.144.1; option broadcast-address 192.168.144.255; option default-url "https://example.com/capporttest/"; default-lease-time 28800; max-lease-time 86400; } // this can be an index.html file as well { // captive portal is not used // venue-info-url is where you want to send the // user "captive": false, "venue-info-url": "https://example.com/" } Wi-Fi network DHCP server WWW server for JSON file
CapPort API summary ● Android (and Apple) supported technology to provide mobile notifications to Wi-Fi users ● Works, deployable already, even from organisation own servers ● Can be used to notify and provide information to Wi-Fi network users (usage policy, organisation contact information, organisation advertisement etc.) ● Could be especially useful in promoting a preferred Wi-Fi network (like eduroam/roam.fi) and a provisioning tool like https://cat.eduroam.org/ for guest Wi-Fi users
Thank you. Questions, Comments? Follow Radiator Software for more information… Radiator Software blog: https://blog.radiatorsoftware.com/ Twitter: https://twitter.com/RadiatorAAA Slideshare: https://slideshare.net/radiatorsoftware/ Webinar registration and materials: https://radiatorsoftware.com/webinars/

Recommended

OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for All
Karri Huhtanen
 
OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for All
Radiator Software
 
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoamingBeyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Karri Huhtanen
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Software
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation service
Radiator Software
 
Adding OpenRoaming to existing IdP and roaming federation service
Adding OpenRoaming to existing IdP and roaming federation serviceAdding OpenRoaming to existing IdP and roaming federation service
Adding OpenRoaming to existing IdP and roaming federation service
Karri Huhtanen
 
Modern messaging with RabbitMQ, Spring Cloud and Reactor
Modern messaging with RabbitMQ, Spring Cloud and ReactorModern messaging with RabbitMQ, Spring Cloud and Reactor
Modern messaging with RabbitMQ, Spring Cloud and Reactor
acogoluegnes
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdf
DimitrisLogothetis10
 

Recommended

OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for All
Karri Huhtanen
 
OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for All
Radiator Software
 
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoamingBeyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Karri Huhtanen
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Software
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation service
Radiator Software
 
Adding OpenRoaming to existing IdP and roaming federation service
Adding OpenRoaming to existing IdP and roaming federation serviceAdding OpenRoaming to existing IdP and roaming federation service
Adding OpenRoaming to existing IdP and roaming federation service
Karri Huhtanen
 
Modern messaging with RabbitMQ, Spring Cloud and Reactor
Modern messaging with RabbitMQ, Spring Cloud and ReactorModern messaging with RabbitMQ, Spring Cloud and Reactor
Modern messaging with RabbitMQ, Spring Cloud and Reactor
acogoluegnes
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdf
DimitrisLogothetis10
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
Archiver
 
093049ov5.pptx
093049ov5.pptx093049ov5.pptx
093049ov5.pptx
NguyenNM
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
ThousandEyes
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
 
Carrier WiFi Architectures
Carrier WiFi ArchitecturesCarrier WiFi Architectures
Carrier WiFi Architectures
Marc Nader
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
Web of things
Web of thingsWeb of things
Web of things
Seo-Young Hwang
 
GCCP Session 3
GCCP Session 3GCCP Session 3
GCCP Session 3
DSCIITPatna
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-in
Kai Jokiniemi
 
Workshop web rtc customers and use cases
Workshop web rtc customers and use casesWorkshop web rtc customers and use cases
Workshop web rtc customers and use cases
Douglas Tait
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...
WSO2
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-in
Sakari Hoisko
 
The Path to a Programmable Network
The Path to a Programmable NetworkThe Path to a Programmable Network
The Path to a Programmable Network
MyNOG
 
IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTT
HiveMQ
 
Databook 2018 ver2
Databook 2018 ver2Databook 2018 ver2
Databook 2018 ver2
DrayTek
 
OSGi IoT Demo - OSGi Community Event 2014
OSGi IoT Demo - OSGi Community Event 2014OSGi IoT Demo - OSGi Community Event 2014
OSGi IoT Demo - OSGi Community Event 2014
mfrancis
 
Building the Network - The Things Conference 2018
Building the Network - The Things Conference 2018Building the Network - The Things Conference 2018
Building the Network - The Things Conference 2018
Johan Stokking
 
Architecting an ibm sametime 9.0 audio visual deployment
Architecting an ibm sametime 9.0 audio visual deploymentArchitecting an ibm sametime 9.0 audio visual deployment
Architecting an ibm sametime 9.0 audio visual deployment
a8us
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 

More Related Content

Similar to openroaming-and-capport-2023-01-30.pdf

20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
Archiver
 
093049ov5.pptx
093049ov5.pptx093049ov5.pptx
093049ov5.pptx
NguyenNM
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
ThousandEyes
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
BAKOTECH
 
Carrier WiFi Architectures
Carrier WiFi ArchitecturesCarrier WiFi Architectures
Carrier WiFi Architectures
Marc Nader
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
Web of things
Web of thingsWeb of things
Web of things
Seo-Young Hwang
 
GCCP Session 3
GCCP Session 3GCCP Session 3
GCCP Session 3
DSCIITPatna
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-in
Kai Jokiniemi
 
Workshop web rtc customers and use cases
Workshop web rtc customers and use casesWorkshop web rtc customers and use cases
Workshop web rtc customers and use cases
Douglas Tait
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...
WSO2
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-in
Sakari Hoisko
 
The Path to a Programmable Network
The Path to a Programmable NetworkThe Path to a Programmable Network
The Path to a Programmable Network
MyNOG
 
IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTT
HiveMQ
 
Databook 2018 ver2
Databook 2018 ver2Databook 2018 ver2
Databook 2018 ver2
DrayTek
 
OSGi IoT Demo - OSGi Community Event 2014
OSGi IoT Demo - OSGi Community Event 2014OSGi IoT Demo - OSGi Community Event 2014
OSGi IoT Demo - OSGi Community Event 2014
mfrancis
 
Building the Network - The Things Conference 2018
Building the Network - The Things Conference 2018Building the Network - The Things Conference 2018
Building the Network - The Things Conference 2018
Johan Stokking
 
Architecting an ibm sametime 9.0 audio visual deployment
Architecting an ibm sametime 9.0 audio visual deploymentArchitecting an ibm sametime 9.0 audio visual deployment
Architecting an ibm sametime 9.0 audio visual deployment
a8us
 

Similar to openroaming-and-capport-2023-01-30.pdf (20)

20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
 
093049ov5.pptx
093049ov5.pptx093049ov5.pptx
093049ov5.pptx
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
Carrier WiFi Architectures
Carrier WiFi ArchitecturesCarrier WiFi Architectures
Carrier WiFi Architectures
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
Web of things
Web of thingsWeb of things
Web of things
 
GCCP Session 3
GCCP Session 3GCCP Session 3
GCCP Session 3
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-in
 
Workshop web rtc customers and use cases
Workshop web rtc customers and use casesWorkshop web rtc customers and use cases
Workshop web rtc customers and use cases
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-in
 
The Path to a Programmable Network
The Path to a Programmable NetworkThe Path to a Programmable Network
The Path to a Programmable Network
 
IoT Security Issues and MQTT
IoT Security Issues and MQTTIoT Security Issues and MQTT
IoT Security Issues and MQTT
 
Databook 2018 ver2
Databook 2018 ver2Databook 2018 ver2
Databook 2018 ver2
 
OSGi IoT Demo - OSGi Community Event 2014
OSGi IoT Demo - OSGi Community Event 2014OSGi IoT Demo - OSGi Community Event 2014
OSGi IoT Demo - OSGi Community Event 2014
 
Building the Network - The Things Conference 2018
Building the Network - The Things Conference 2018Building the Network - The Things Conference 2018
Building the Network - The Things Conference 2018
 
Architecting an ibm sametime 9.0 audio visual deployment
Architecting an ibm sametime 9.0 audio visual deploymentArchitecting an ibm sametime 9.0 audio visual deployment
Architecting an ibm sametime 9.0 audio visual deployment
 

Recently uploaded

Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 

Recently uploaded (20)

Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 

openroaming-and-capport-2023-01-30.pdf

  • 1. OPENROAMING AND CAPPORT 2023-01-30 Karri Huhtanen (Radiator Software Oy)
  • 3. What is OpenRoaming? ● OpenRoaming is a Wi-Fi roaming federation. ● Wi-Fi roaming is like mobile phone roaming, but becoming an operator is less difficult. ● If you are already familiar with eduroam, OpenRoaming is like eduroam for all of us. ● The idea is that end users can utilise their existing user credentials (e.g. username-password, certificates, cellular identities (SIMs)) to automatically connect to Wi-Fi networks around the world.
  • 4. With OpenRoaming™ WBA is acting as a centralized policy authority enabling an ecosystem for identity providers and Wi-Fi network providers to work together and deliver automatic and secure Wi-Fi experience to millions of users Source: https://wballiance.com/openroaming/how-it-works/ OpenRoaming video: https://www.youtube.com/watch?v=YvhZouk6MKM
  • 5. Benefits for Guest Network Providers ● Easier, automatic admission/authentication of guest network users (into WPAx-Enterprise Wi-Fi networks) ● Multi-vendor supported network authentication, configuration and provisioning ● Additional monetisation of guest/hospitability Wi-Fi networks ● Called Access Network Providers (ANPs)
  • 6. Benefits for Identity Providers ● Providing network access to identity provider users via roaming ● Cost-savings from using roaming Wi-Fi networks compared to cellular network roaming ● Multi-vendor supported network authentication, configuration and provisioning
  • 7. example.org RADIUS server example.com RADIUS server OpenRoaming Technical Functionality Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx RADIUS capable Wi-Fi controller or example.net’s own RADIUS server OpenRoaming Settled or Settlement-Free Access Service Provider Static Radius over TLS (RadSec, RFC 6614) connection Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx Global Public DNS Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx DNS discovery: NAPTR aaa+auth:radius.tls.tcp <realm> SRV <NAPTR result> Name lookup <SRV result> Dynamic RadSec connection to example.net’s IdP service provider Dynamic RadSec connections to example.com IdP Dynamic RadSec connection to example.org IdP user@example.com user@example.net user2@example.com user@example.org
  • 8. OpenRoaming requirements for Access Network Provider (ANP) ● For organisations who only want to let OpenRoaming users roam in their network ● Minimum requirements: ○ Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment ○ OpenRoaming Settled or Settlement-Free Access service from some WBA member service provider ○ No WBA membership needed ● Connecting directly to other OpenRoaming members requires WBA client certificate (via service provider or WBA membership), and an own RADIUS server
  • 9. OpenRoaming requirements for Identity Provider (IdP) ● For organisations who want their members or subscribers roam in OpenRoaming member networks ● Minimum requirements: ○ (Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment) * ○ Ability to configure OpenRoaming DNS records for IdP realm ○ OpenRoaming Settled or Settlement-Free Access service and IdP service from some WBA member service provider ○ No WBA membership needed ● Connecting directly to other OpenRoaming members requires WBA client+server certificate (via service provider or WBA membership) and an own RADIUS server. *) only if providing also Wi-Fi access network services (ANP)
  • 10. OpenRoaming with eduroam (community) ● Do-it-yourself trial service for IdP (roaming with eduroam credentials in OpenRoaming networks) available from eduroam: https://wiki.geant.org/pages/viewpage.action?pageId=133763844 ● Access Network Provider/Service Provider (ANP/SP) (allowing OpenRoaming users roam in guest networks) is not available from eduroam. ● Summary information about OpenRoaming and eduroam: https://eduroam.org/openroaming-and-eduroam-useful-information-for-e duroam-identity-providers-and-service-providers/ ● Wi-Fi configuration profile provisioning via https://cat.eduroam.org/ ● Support from eduroam community
  • 11. OpenRoaming with Radiator Software ● Allowing OpenRoaming visitors in guest networks as well as roaming in OpenRoaming networks with eduroam credentials both supported as a service ● RadSec connections (with Radiator or radsecproxy) supported for securing roaming connections => connections behind dynamic IPs supported as well ● No need for Wireless Broadband Alliance membership (otherwise required by organisation or its service provider) ● With https://roam.fi/ membership an open roaming and OpenRoaming Wi-Fi network authentication service ● Wi-Fi configuration provisioning via eduroam-cat ● Minimum tuning with RADIUS/RadSec service and support from Radiator Software ● If interested, please contact Radiator Software (sales@radiatorsoftware.com, info@radiatorsoftware.com) for limited free trial
  • 12. Other OpenRoaming implementations, services and instructions ● Cisco Spaces OpenRoaming Configuration Guide: https://www.cisco.com/c/en/us/td/docs/wireless/spaces/openroaming/b- spaces-or-cg.html ● Wi-Fi authentication/roaming service providers: ○ e.g Single Digits, GlobalTechnology
  • 13. OpenRoaming with Radiator webinar on the 14th and 16th of February 2023 LEARN ● What is required for OpenRoaming? ● What is the quickest way to start testing? ● What are the recommended architecture and practices for adding OpenRoaming both for a Service/Access Network Provider and for an Identity Provider? ● Where can one find help to configure Radiator for OpenRoaming? Register at https://radiatorsoftware.com/webinars/
  • 14. CAPPORT API Contacting your users via mobile notifications
  • 15. CapPort API resources ● CapPort API demonstration site: https://capport.net/ ● CapPort API demonstration privacy policy: https://capport.net/privacy.html ● RFC8908 Captive Portal API: https://datatracker.ietf.org/doc/html/rfc8908 ● RFC8910 Captive-Portal Identification in DHCP and Router Advertisements (RAs): https://datatracker.ietf.org/doc/html/rfc8910 ● Google CapPort information: https://developer.android.com/about/versions/11/features/captive-portal ● Apple CapPort information: https://developer.apple.com/news/?id=q78sq5rv
  • 16. Do it yourself CapPort … You only need a … # ISC DHCP server example subnet 192.168.144.0 netmask 255.255.255.0 { range 192.168.144.130 255.255.255.0; option domain-name-servers 192.168.144.1; option subnet-mask 255.255.255.0; option routers 192.168.144.1; option broadcast-address 192.168.144.255; option default-url "https://example.com/capporttest/"; default-lease-time 28800; max-lease-time 86400; } // this can be an index.html file as well { // captive portal is not used // venue-info-url is where you want to send the // user "captive": false, "venue-info-url": "https://example.com/" } Wi-Fi network DHCP server WWW server for JSON file
  • 17. CapPort API summary ● Android (and Apple) supported technology to provide mobile notifications to Wi-Fi users ● Works, deployable already, even from organisation own servers ● Can be used to notify and provide information to Wi-Fi network users (usage policy, organisation contact information, organisation advertisement etc.) ● Could be especially useful in promoting a preferred Wi-Fi network (like eduroam/roam.fi) and a provisioning tool like https://cat.eduroam.org/ for guest Wi-Fi users
  • 18. Thank you. Questions, Comments? Follow Radiator Software for more information… Radiator Software blog: https://blog.radiatorsoftware.com/ Twitter: https://twitter.com/RadiatorAAA Slideshare: https://slideshare.net/radiatorsoftware/ Webinar registration and materials: https://radiatorsoftware.com/webinars/