SlideShare une entreprise Scribd logo
1  sur  18
Télécharger pour lire hors ligne
OPENROAMING AND CAPPORT
2023-01-30 Karri Huhtanen (Radiator Software Oy)
OPENROAMING
“eduroam for all”
What is OpenRoaming?
● OpenRoaming is a Wi-Fi roaming federation.
● Wi-Fi roaming is like mobile phone roaming, but becoming
an operator is less difficult.
● If you are already familiar with eduroam, OpenRoaming is
like eduroam for all of us.
● The idea is that end users can utilise their existing user
credentials (e.g. username-password, certificates, cellular
identities (SIMs)) to automatically connect to Wi-Fi
networks around the world.
With OpenRoaming™ WBA is acting as a centralized policy authority
enabling an ecosystem for identity providers and Wi-Fi network providers to
work together and deliver automatic and secure Wi-Fi experience to millions
of users
Source: https://wballiance.com/openroaming/how-it-works/
OpenRoaming video: https://www.youtube.com/watch?v=YvhZouk6MKM
Benefits for Guest Network Providers
● Easier, automatic admission/authentication of
guest network users (into WPAx-Enterprise
Wi-Fi networks)
● Multi-vendor supported network
authentication, configuration and provisioning
● Additional monetisation of guest/hospitability
Wi-Fi networks
● Called Access Network Providers (ANPs)
Benefits for Identity Providers
● Providing network access to identity
provider users via roaming
● Cost-savings from using roaming Wi-Fi
networks compared to cellular network
roaming
● Multi-vendor supported network
authentication, configuration and
provisioning
example.org
RADIUS server
example.com
RADIUS server
OpenRoaming Technical Functionality
Passpoint (Hotspot 2.0)
compatible Wi-Fi network
SSID: *any*
RCOI (Settled): BA-A2-D0-xx-xx
or RCOI (Settlement-Free):
5A-03-BA-xx-xx
RADIUS capable
Wi-Fi controller or
example.net’s own
RADIUS server
OpenRoaming Settled or
Settlement-Free Access
Service Provider
Static Radius over
TLS (RadSec, RFC
6614) connection
Passpoint (Hotspot 2.0)
compatible Wi-Fi network
SSID: *any*
RCOI (Settled): BA-A2-D0-xx-xx
or RCOI (Settlement-Free):
5A-03-BA-xx-xx
Global Public DNS
Passpoint (Hotspot 2.0)
compatible Wi-Fi network
SSID: *any*
RCOI (Settled): BA-A2-D0-xx-xx
or RCOI (Settlement-Free):
5A-03-BA-xx-xx
DNS discovery:
NAPTR aaa+auth:radius.tls.tcp <realm>
SRV <NAPTR result>
Name lookup <SRV result>
Dynamic RadSec
connection to
example.net’s IdP
service provider
Dynamic RadSec
connections to
example.com IdP
Dynamic RadSec
connection to
example.org IdP
user@example.com user@example.net user2@example.com user@example.org
OpenRoaming requirements for Access Network
Provider (ANP)
● For organisations who only want to let OpenRoaming
users roam in their network
● Minimum requirements:
○ Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment
○ OpenRoaming Settled or Settlement-Free Access service from
some WBA member service provider
○ No WBA membership needed
● Connecting directly to other OpenRoaming members
requires WBA client certificate (via service provider or
WBA membership), and an own RADIUS server
OpenRoaming requirements for Identity Provider
(IdP)
● For organisations who want their members or subscribers
roam in OpenRoaming member networks
● Minimum requirements:
○ (Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment) *
○ Ability to configure OpenRoaming DNS records for IdP realm
○ OpenRoaming Settled or Settlement-Free Access service and IdP
service from some WBA member service provider
○ No WBA membership needed
● Connecting directly to other OpenRoaming members
requires WBA client+server certificate (via service provider or
WBA membership) and an own RADIUS server.
*) only if providing also Wi-Fi access network services (ANP)
OpenRoaming with eduroam (community)
● Do-it-yourself trial service for IdP (roaming with eduroam credentials in
OpenRoaming networks) available from eduroam:
https://wiki.geant.org/pages/viewpage.action?pageId=133763844
● Access Network Provider/Service Provider (ANP/SP) (allowing
OpenRoaming users roam in guest networks) is not available from
eduroam.
● Summary information about OpenRoaming and eduroam:
https://eduroam.org/openroaming-and-eduroam-useful-information-for-e
duroam-identity-providers-and-service-providers/
● Wi-Fi configuration profile provisioning via https://cat.eduroam.org/
● Support from eduroam community
OpenRoaming with Radiator Software
● Allowing OpenRoaming visitors in guest networks as well as roaming in
OpenRoaming networks with eduroam credentials both supported as a service
● RadSec connections (with Radiator or radsecproxy) supported for securing
roaming connections => connections behind dynamic IPs supported as well
● No need for Wireless Broadband Alliance membership (otherwise required by
organisation or its service provider)
● With https://roam.fi/ membership an open roaming and OpenRoaming Wi-Fi
network authentication service
● Wi-Fi configuration provisioning via eduroam-cat
● Minimum tuning with RADIUS/RadSec service and support from Radiator
Software
● If interested, please contact Radiator Software (sales@radiatorsoftware.com,
info@radiatorsoftware.com) for limited free trial
Other OpenRoaming implementations, services and
instructions
● Cisco Spaces OpenRoaming Configuration Guide:
https://www.cisco.com/c/en/us/td/docs/wireless/spaces/openroaming/b-
spaces-or-cg.html
● Wi-Fi authentication/roaming service providers:
○ e.g Single Digits, GlobalTechnology
OpenRoaming with Radiator
webinar on the 14th and 16th of February 2023
LEARN
● What is required for OpenRoaming?
● What is the quickest way to start testing?
● What are the recommended architecture and practices for
adding OpenRoaming both for a Service/Access Network
Provider and for an Identity Provider?
● Where can one find help to configure Radiator for
OpenRoaming?
Register at https://radiatorsoftware.com/webinars/
CAPPORT API
Contacting your users via mobile notifications
CapPort API resources
● CapPort API demonstration site: https://capport.net/
● CapPort API demonstration privacy policy:
https://capport.net/privacy.html
● RFC8908 Captive Portal API: https://datatracker.ietf.org/doc/html/rfc8908
● RFC8910 Captive-Portal Identification in DHCP and Router
Advertisements (RAs): https://datatracker.ietf.org/doc/html/rfc8910
● Google CapPort information:
https://developer.android.com/about/versions/11/features/captive-portal
● Apple CapPort information:
https://developer.apple.com/news/?id=q78sq5rv
Do it yourself CapPort … You only need a …
# ISC DHCP server example
subnet 192.168.144.0 netmask 255.255.255.0 {
range 192.168.144.130 255.255.255.0;
option domain-name-servers 192.168.144.1;
option subnet-mask 255.255.255.0;
option routers 192.168.144.1;
option broadcast-address 192.168.144.255;
option default-url "https://example.com/capporttest/";
default-lease-time 28800;
max-lease-time 86400;
}
// this can be an index.html file as well
{
// captive portal is not used
// venue-info-url is where you want to send the
// user
"captive": false,
"venue-info-url": "https://example.com/"
}
Wi-Fi network DHCP server WWW server for JSON file
CapPort API summary
● Android (and Apple) supported technology to provide mobile
notifications to Wi-Fi users
● Works, deployable already, even from organisation own
servers
● Can be used to notify and provide information to Wi-Fi
network users (usage policy, organisation contact
information, organisation advertisement etc.)
● Could be especially useful in promoting a preferred Wi-Fi
network (like eduroam/roam.fi) and a provisioning tool like
https://cat.eduroam.org/ for guest Wi-Fi users
Thank you. Questions, Comments?
Follow Radiator Software for more information…
Radiator Software blog:
https://blog.radiatorsoftware.com/
Twitter:
https://twitter.com/RadiatorAAA
Slideshare:
https://slideshare.net/radiatorsoftware/
Webinar registration and materials:
https://radiatorsoftware.com/webinars/

Contenu connexe

Tendances

OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllRadiator Software
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfDimitrisLogothetis10
 
Siemens win cc manual pcs 7 wincc basic process control
Siemens win cc manual pcs 7 wincc basic process controlSiemens win cc manual pcs 7 wincc basic process control
Siemens win cc manual pcs 7 wincc basic process controlDien Ha The
 
Non woven technology
Non woven  technology Non woven  technology
Non woven technology MohdParvez43
 
Canteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapanaCanteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapanaNawaraj Ghimire
 
EducationHub- Remote Education Website. Final defense presentation slide for ...
EducationHub- Remote Education Website. Final defense presentation slide for ...EducationHub- Remote Education Website. Final defense presentation slide for ...
EducationHub- Remote Education Website. Final defense presentation slide for ...REZAUL KARIM REFATH
 
WAN (wide area network)
WAN (wide area network)WAN (wide area network)
WAN (wide area network)Netwax Lab
 
Defects their-causes-and-remedial-measures-in-terry-fabric-ms
Defects their-causes-and-remedial-measures-in-terry-fabric-msDefects their-causes-and-remedial-measures-in-terry-fabric-ms
Defects their-causes-and-remedial-measures-in-terry-fabric-msAnjaliSingal
 
Study on Straight Knife Cutting Machine | Straight Knife Cutting Machine
Study on Straight Knife Cutting Machine | Straight Knife Cutting MachineStudy on Straight Knife Cutting Machine | Straight Knife Cutting Machine
Study on Straight Knife Cutting Machine | Straight Knife Cutting MachineMd Rakibul Hassan
 
Problem statement
Problem statementProblem statement
Problem statementKanika Jain
 
Shrinkage finishing for cellulosic fabrics
Shrinkage finishing for cellulosic fabricsShrinkage finishing for cellulosic fabrics
Shrinkage finishing for cellulosic fabricsRajeev Sharan
 
Application area of Computer Technology in Apparel Manufacturing
Application area of Computer Technology in Apparel Manufacturing Application area of Computer Technology in Apparel Manufacturing
Application area of Computer Technology in Apparel Manufacturing Aiasha Siddiqua
 
FABRIC FLAMMABILITY
FABRIC FLAMMABILITYFABRIC FLAMMABILITY
FABRIC FLAMMABILITYMazbah Uddin
 

Tendances (20)

OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for All
 
Woven pile fabric by Shilpi Akhter.asssistant professor(BUTex)
Woven pile fabric by Shilpi Akhter.asssistant professor(BUTex)Woven pile fabric by Shilpi Akhter.asssistant professor(BUTex)
Woven pile fabric by Shilpi Akhter.asssistant professor(BUTex)
 
Terry-a pile fabric
Terry-a pile fabricTerry-a pile fabric
Terry-a pile fabric
 
Camara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdfCamara Application Programming Interface (API) Overview.pdf
Camara Application Programming Interface (API) Overview.pdf
 
Siemens win cc manual pcs 7 wincc basic process control
Siemens win cc manual pcs 7 wincc basic process controlSiemens win cc manual pcs 7 wincc basic process control
Siemens win cc manual pcs 7 wincc basic process control
 
Non woven technology
Non woven  technology Non woven  technology
Non woven technology
 
Canteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapanaCanteen management system of “himalayan academy” sapana
Canteen management system of “himalayan academy” sapana
 
EducationHub- Remote Education Website. Final defense presentation slide for ...
EducationHub- Remote Education Website. Final defense presentation slide for ...EducationHub- Remote Education Website. Final defense presentation slide for ...
EducationHub- Remote Education Website. Final defense presentation slide for ...
 
Fusing
FusingFusing
Fusing
 
Fabric study
Fabric studyFabric study
Fabric study
 
WAN (wide area network)
WAN (wide area network)WAN (wide area network)
WAN (wide area network)
 
Enabling AirPrint & AirPlay on Your Network
Enabling AirPrint & AirPlay on Your NetworkEnabling AirPrint & AirPlay on Your Network
Enabling AirPrint & AirPlay on Your Network
 
Types of Knitted Fabric
Types of Knitted FabricTypes of Knitted Fabric
Types of Knitted Fabric
 
Defects their-causes-and-remedial-measures-in-terry-fabric-ms
Defects their-causes-and-remedial-measures-in-terry-fabric-msDefects their-causes-and-remedial-measures-in-terry-fabric-ms
Defects their-causes-and-remedial-measures-in-terry-fabric-ms
 
Study on Straight Knife Cutting Machine | Straight Knife Cutting Machine
Study on Straight Knife Cutting Machine | Straight Knife Cutting MachineStudy on Straight Knife Cutting Machine | Straight Knife Cutting Machine
Study on Straight Knife Cutting Machine | Straight Knife Cutting Machine
 
Problem statement
Problem statementProblem statement
Problem statement
 
Shrinkage finishing for cellulosic fabrics
Shrinkage finishing for cellulosic fabricsShrinkage finishing for cellulosic fabrics
Shrinkage finishing for cellulosic fabrics
 
Application area of Computer Technology in Apparel Manufacturing
Application area of Computer Technology in Apparel Manufacturing Application area of Computer Technology in Apparel Manufacturing
Application area of Computer Technology in Apparel Manufacturing
 
Wp passpoint wi-fi
Wp passpoint wi-fiWp passpoint wi-fi
Wp passpoint wi-fi
 
FABRIC FLAMMABILITY
FABRIC FLAMMABILITYFABRIC FLAMMABILITY
FABRIC FLAMMABILITY
 

Similaire à OpenRoaming and CapPort

OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllKarri Huhtanen
 
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoamingBeyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoamingKarri Huhtanen
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Software
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceRadiator Software
 
Adding OpenRoaming to existing IdP and roaming federation service
Adding OpenRoaming to existing IdP and roaming federation serviceAdding OpenRoaming to existing IdP and roaming federation service
Adding OpenRoaming to existing IdP and roaming federation serviceKarri Huhtanen
 
Modern messaging with RabbitMQ, Spring Cloud and Reactor
Modern messaging with RabbitMQ, Spring Cloud and ReactorModern messaging with RabbitMQ, Spring Cloud and Reactor
Modern messaging with RabbitMQ, Spring Cloud and Reactoracogoluegnes
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fimArchiver
 
093049ov5.pptx
093049ov5.pptx093049ov5.pptx
093049ov5.pptxNguyenNM
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyesThousandEyes
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
 
Carrier WiFi Architectures
Carrier WiFi ArchitecturesCarrier WiFi Architectures
Carrier WiFi ArchitecturesMarc Nader
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service MeshRam Vennam
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-inKai Jokiniemi
 
Workshop web rtc customers and use cases
Workshop web rtc customers and use casesWorkshop web rtc customers and use cases
Workshop web rtc customers and use casesDouglas Tait
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...WSO2
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-inSakari Hoisko
 
The Path to a Programmable Network
The Path to a Programmable NetworkThe Path to a Programmable Network
The Path to a Programmable NetworkMyNOG
 

Similaire à OpenRoaming and CapPort (20)

OpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for AllOpenRoaming -- Wi-Fi Roaming for All
OpenRoaming -- Wi-Fi Roaming for All
 
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoamingBeyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
 
Adding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation serviceAdding OpenRoaming to existing IDP and roaming federation service
Adding OpenRoaming to existing IDP and roaming federation service
 
Adding OpenRoaming to existing IdP and roaming federation service
Adding OpenRoaming to existing IdP and roaming federation serviceAdding OpenRoaming to existing IdP and roaming federation service
Adding OpenRoaming to existing IdP and roaming federation service
 
Modern messaging with RabbitMQ, Spring Cloud and Reactor
Modern messaging with RabbitMQ, Spring Cloud and ReactorModern messaging with RabbitMQ, Spring Cloud and Reactor
Modern messaging with RabbitMQ, Spring Cloud and Reactor
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
 
093049ov5.pptx
093049ov5.pptx093049ov5.pptx
093049ov5.pptx
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
Carrier WiFi Architectures
Carrier WiFi ArchitecturesCarrier WiFi Architectures
Carrier WiFi Architectures
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
Web of things
Web of thingsWeb of things
Web of things
 
platform without vendor lock-in
platform without vendor lock-inplatform without vendor lock-in
platform without vendor lock-in
 
Workshop web rtc customers and use cases
Workshop web rtc customers and use casesWorkshop web rtc customers and use cases
Workshop web rtc customers and use cases
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...
 
Platform without vendor lock-in
Platform without vendor lock-inPlatform without vendor lock-in
Platform without vendor lock-in
 
The Path to a Programmable Network
The Path to a Programmable NetworkThe Path to a Programmable Network
The Path to a Programmable Network
 

Plus de Karri Huhtanen

Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
Suomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetSuomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetKarri Huhtanen
 
Routing host certificates in eduroam/govroam
Routing host certificates in eduroam/govroamRouting host certificates in eduroam/govroam
Routing host certificates in eduroam/govroamKarri Huhtanen
 
Cooperative labs, testbeds and networks
Cooperative labs, testbeds and networksCooperative labs, testbeds and networks
Cooperative labs, testbeds and networksKarri Huhtanen
 
Privacy and traceability in Wi-Fi networks
Privacy and traceability in Wi-Fi networksPrivacy and traceability in Wi-Fi networks
Privacy and traceability in Wi-Fi networksKarri Huhtanen
 
EAP-TLS (extended version)
EAP-TLS (extended version)EAP-TLS (extended version)
EAP-TLS (extended version)Karri Huhtanen
 
Security issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAASecurity issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAAKarri Huhtanen
 
What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?Karri Huhtanen
 
What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?Karri Huhtanen
 
Building secure, privacy aware, quality Wi-Fi coverage via cooperation
Building secure, privacy aware, quality Wi-Fi coverage via cooperationBuilding secure, privacy aware, quality Wi-Fi coverage via cooperation
Building secure, privacy aware, quality Wi-Fi coverage via cooperationKarri Huhtanen
 
Connecting the Dots: Integrating RADIUS to Network Measurement and Monitoring
Connecting the Dots: Integrating RADIUS to Network Measurement and MonitoringConnecting the Dots: Integrating RADIUS to Network Measurement and Monitoring
Connecting the Dots: Integrating RADIUS to Network Measurement and MonitoringKarri Huhtanen
 
Building city and nationwide Wi-Fi coverage via cooperation
Building city and nationwide Wi-Fi coverage via cooperationBuilding city and nationwide Wi-Fi coverage via cooperation
Building city and nationwide Wi-Fi coverage via cooperationKarri Huhtanen
 
eduroam diagnostics in NTLR, IdPs and SPs
eduroam diagnostics in NTLR, IdPs and SPseduroam diagnostics in NTLR, IdPs and SPs
eduroam diagnostics in NTLR, IdPs and SPsKarri Huhtanen
 
Using NoSQL databases to store RADIUS and Syslog data
Using NoSQL databases to store RADIUS and Syslog dataUsing NoSQL databases to store RADIUS and Syslog data
Using NoSQL databases to store RADIUS and Syslog dataKarri Huhtanen
 
Open WiFi or Broken WiFi?
Open WiFi or Broken WiFi?Open WiFi or Broken WiFi?
Open WiFi or Broken WiFi?Karri Huhtanen
 
Cloud Based Identity Management
Cloud Based Identity ManagementCloud Based Identity Management
Cloud Based Identity ManagementKarri Huhtanen
 
eduroam ennen, nyt ja tulevaisuudessa
eduroam ennen, nyt ja tulevaisuudessaeduroam ennen, nyt ja tulevaisuudessa
eduroam ennen, nyt ja tulevaisuudessaKarri Huhtanen
 
Joukkoliikennedatan ongelmat ja ratkaisuja
Joukkoliikennedatan ongelmat ja ratkaisujaJoukkoliikennedatan ongelmat ja ratkaisuja
Joukkoliikennedatan ongelmat ja ratkaisujaKarri Huhtanen
 

Plus de Karri Huhtanen (20)

Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
 
Suomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistuksetSuomen eduroam-juuripalvelun uudistukset
Suomen eduroam-juuripalvelun uudistukset
 
Routing host certificates in eduroam/govroam
Routing host certificates in eduroam/govroamRouting host certificates in eduroam/govroam
Routing host certificates in eduroam/govroam
 
Cooperative labs, testbeds and networks
Cooperative labs, testbeds and networksCooperative labs, testbeds and networks
Cooperative labs, testbeds and networks
 
Privacy and traceability in Wi-Fi networks
Privacy and traceability in Wi-Fi networksPrivacy and traceability in Wi-Fi networks
Privacy and traceability in Wi-Fi networks
 
EAP-TLS (extended version)
EAP-TLS (extended version)EAP-TLS (extended version)
EAP-TLS (extended version)
 
EAP-TLS
EAP-TLSEAP-TLS
EAP-TLS
 
Security issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAASecurity issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAA
 
TLS and Certificates
TLS and CertificatesTLS and Certificates
TLS and Certificates
 
What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?
 
What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?What is Network Function Virtualisation (NFV)?
What is Network Function Virtualisation (NFV)?
 
Building secure, privacy aware, quality Wi-Fi coverage via cooperation
Building secure, privacy aware, quality Wi-Fi coverage via cooperationBuilding secure, privacy aware, quality Wi-Fi coverage via cooperation
Building secure, privacy aware, quality Wi-Fi coverage via cooperation
 
Connecting the Dots: Integrating RADIUS to Network Measurement and Monitoring
Connecting the Dots: Integrating RADIUS to Network Measurement and MonitoringConnecting the Dots: Integrating RADIUS to Network Measurement and Monitoring
Connecting the Dots: Integrating RADIUS to Network Measurement and Monitoring
 
Building city and nationwide Wi-Fi coverage via cooperation
Building city and nationwide Wi-Fi coverage via cooperationBuilding city and nationwide Wi-Fi coverage via cooperation
Building city and nationwide Wi-Fi coverage via cooperation
 
eduroam diagnostics in NTLR, IdPs and SPs
eduroam diagnostics in NTLR, IdPs and SPseduroam diagnostics in NTLR, IdPs and SPs
eduroam diagnostics in NTLR, IdPs and SPs
 
Using NoSQL databases to store RADIUS and Syslog data
Using NoSQL databases to store RADIUS and Syslog dataUsing NoSQL databases to store RADIUS and Syslog data
Using NoSQL databases to store RADIUS and Syslog data
 
Open WiFi or Broken WiFi?
Open WiFi or Broken WiFi?Open WiFi or Broken WiFi?
Open WiFi or Broken WiFi?
 
Cloud Based Identity Management
Cloud Based Identity ManagementCloud Based Identity Management
Cloud Based Identity Management
 
eduroam ennen, nyt ja tulevaisuudessa
eduroam ennen, nyt ja tulevaisuudessaeduroam ennen, nyt ja tulevaisuudessa
eduroam ennen, nyt ja tulevaisuudessa
 
Joukkoliikennedatan ongelmat ja ratkaisuja
Joukkoliikennedatan ongelmat ja ratkaisujaJoukkoliikennedatan ongelmat ja ratkaisuja
Joukkoliikennedatan ongelmat ja ratkaisuja
 

Dernier

SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptxHansamali Gamage
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 

Dernier (20)

SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 

OpenRoaming and CapPort

  • 1. OPENROAMING AND CAPPORT 2023-01-30 Karri Huhtanen (Radiator Software Oy)
  • 3. What is OpenRoaming? ● OpenRoaming is a Wi-Fi roaming federation. ● Wi-Fi roaming is like mobile phone roaming, but becoming an operator is less difficult. ● If you are already familiar with eduroam, OpenRoaming is like eduroam for all of us. ● The idea is that end users can utilise their existing user credentials (e.g. username-password, certificates, cellular identities (SIMs)) to automatically connect to Wi-Fi networks around the world.
  • 4. With OpenRoaming™ WBA is acting as a centralized policy authority enabling an ecosystem for identity providers and Wi-Fi network providers to work together and deliver automatic and secure Wi-Fi experience to millions of users Source: https://wballiance.com/openroaming/how-it-works/ OpenRoaming video: https://www.youtube.com/watch?v=YvhZouk6MKM
  • 5. Benefits for Guest Network Providers ● Easier, automatic admission/authentication of guest network users (into WPAx-Enterprise Wi-Fi networks) ● Multi-vendor supported network authentication, configuration and provisioning ● Additional monetisation of guest/hospitability Wi-Fi networks ● Called Access Network Providers (ANPs)
  • 6. Benefits for Identity Providers ● Providing network access to identity provider users via roaming ● Cost-savings from using roaming Wi-Fi networks compared to cellular network roaming ● Multi-vendor supported network authentication, configuration and provisioning
  • 7. example.org RADIUS server example.com RADIUS server OpenRoaming Technical Functionality Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx RADIUS capable Wi-Fi controller or example.net’s own RADIUS server OpenRoaming Settled or Settlement-Free Access Service Provider Static Radius over TLS (RadSec, RFC 6614) connection Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx Global Public DNS Passpoint (Hotspot 2.0) compatible Wi-Fi network SSID: *any* RCOI (Settled): BA-A2-D0-xx-xx or RCOI (Settlement-Free): 5A-03-BA-xx-xx DNS discovery: NAPTR aaa+auth:radius.tls.tcp <realm> SRV <NAPTR result> Name lookup <SRV result> Dynamic RadSec connection to example.net’s IdP service provider Dynamic RadSec connections to example.com IdP Dynamic RadSec connection to example.org IdP user@example.com user@example.net user2@example.com user@example.org
  • 8. OpenRoaming requirements for Access Network Provider (ANP) ● For organisations who only want to let OpenRoaming users roam in their network ● Minimum requirements: ○ Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment ○ OpenRoaming Settled or Settlement-Free Access service from some WBA member service provider ○ No WBA membership needed ● Connecting directly to other OpenRoaming members requires WBA client certificate (via service provider or WBA membership), and an own RADIUS server
  • 9. OpenRoaming requirements for Identity Provider (IdP) ● For organisations who want their members or subscribers roam in OpenRoaming member networks ● Minimum requirements: ○ (Passpoint (Hotspot 2.0) compatible Wi-Fi network equipment) * ○ Ability to configure OpenRoaming DNS records for IdP realm ○ OpenRoaming Settled or Settlement-Free Access service and IdP service from some WBA member service provider ○ No WBA membership needed ● Connecting directly to other OpenRoaming members requires WBA client+server certificate (via service provider or WBA membership) and an own RADIUS server. *) only if providing also Wi-Fi access network services (ANP)
  • 10. OpenRoaming with eduroam (community) ● Do-it-yourself trial service for IdP (roaming with eduroam credentials in OpenRoaming networks) available from eduroam: https://wiki.geant.org/pages/viewpage.action?pageId=133763844 ● Access Network Provider/Service Provider (ANP/SP) (allowing OpenRoaming users roam in guest networks) is not available from eduroam. ● Summary information about OpenRoaming and eduroam: https://eduroam.org/openroaming-and-eduroam-useful-information-for-e duroam-identity-providers-and-service-providers/ ● Wi-Fi configuration profile provisioning via https://cat.eduroam.org/ ● Support from eduroam community
  • 11. OpenRoaming with Radiator Software ● Allowing OpenRoaming visitors in guest networks as well as roaming in OpenRoaming networks with eduroam credentials both supported as a service ● RadSec connections (with Radiator or radsecproxy) supported for securing roaming connections => connections behind dynamic IPs supported as well ● No need for Wireless Broadband Alliance membership (otherwise required by organisation or its service provider) ● With https://roam.fi/ membership an open roaming and OpenRoaming Wi-Fi network authentication service ● Wi-Fi configuration provisioning via eduroam-cat ● Minimum tuning with RADIUS/RadSec service and support from Radiator Software ● If interested, please contact Radiator Software (sales@radiatorsoftware.com, info@radiatorsoftware.com) for limited free trial
  • 12. Other OpenRoaming implementations, services and instructions ● Cisco Spaces OpenRoaming Configuration Guide: https://www.cisco.com/c/en/us/td/docs/wireless/spaces/openroaming/b- spaces-or-cg.html ● Wi-Fi authentication/roaming service providers: ○ e.g Single Digits, GlobalTechnology
  • 13. OpenRoaming with Radiator webinar on the 14th and 16th of February 2023 LEARN ● What is required for OpenRoaming? ● What is the quickest way to start testing? ● What are the recommended architecture and practices for adding OpenRoaming both for a Service/Access Network Provider and for an Identity Provider? ● Where can one find help to configure Radiator for OpenRoaming? Register at https://radiatorsoftware.com/webinars/
  • 14. CAPPORT API Contacting your users via mobile notifications
  • 15. CapPort API resources ● CapPort API demonstration site: https://capport.net/ ● CapPort API demonstration privacy policy: https://capport.net/privacy.html ● RFC8908 Captive Portal API: https://datatracker.ietf.org/doc/html/rfc8908 ● RFC8910 Captive-Portal Identification in DHCP and Router Advertisements (RAs): https://datatracker.ietf.org/doc/html/rfc8910 ● Google CapPort information: https://developer.android.com/about/versions/11/features/captive-portal ● Apple CapPort information: https://developer.apple.com/news/?id=q78sq5rv
  • 16. Do it yourself CapPort … You only need a … # ISC DHCP server example subnet 192.168.144.0 netmask 255.255.255.0 { range 192.168.144.130 255.255.255.0; option domain-name-servers 192.168.144.1; option subnet-mask 255.255.255.0; option routers 192.168.144.1; option broadcast-address 192.168.144.255; option default-url "https://example.com/capporttest/"; default-lease-time 28800; max-lease-time 86400; } // this can be an index.html file as well { // captive portal is not used // venue-info-url is where you want to send the // user "captive": false, "venue-info-url": "https://example.com/" } Wi-Fi network DHCP server WWW server for JSON file
  • 17. CapPort API summary ● Android (and Apple) supported technology to provide mobile notifications to Wi-Fi users ● Works, deployable already, even from organisation own servers ● Can be used to notify and provide information to Wi-Fi network users (usage policy, organisation contact information, organisation advertisement etc.) ● Could be especially useful in promoting a preferred Wi-Fi network (like eduroam/roam.fi) and a provisioning tool like https://cat.eduroam.org/ for guest Wi-Fi users
  • 18. Thank you. Questions, Comments? Follow Radiator Software for more information… Radiator Software blog: https://blog.radiatorsoftware.com/ Twitter: https://twitter.com/RadiatorAAA Slideshare: https://slideshare.net/radiatorsoftware/ Webinar registration and materials: https://radiatorsoftware.com/webinars/